summaryrefslogtreecommitdiff
path: root/source4/libcli/smb_composite
diff options
context:
space:
mode:
Diffstat (limited to 'source4/libcli/smb_composite')
-rw-r--r--source4/libcli/smb_composite/sesssetup.c118
1 files changed, 47 insertions, 71 deletions
diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c
index 700e4ef744..0d0904b969 100644
--- a/source4/libcli/smb_composite/sesssetup.c
+++ b/source4/libcli/smb_composite/sesssetup.c
@@ -37,28 +37,6 @@ struct sesssetup_state {
/*
- form an encrypted lanman password from a plaintext password
- and the server supplied challenge
-*/
-static DATA_BLOB lanman_blob(TALLOC_CTX *mem_ctx, const char *pass, DATA_BLOB challenge)
-{
- DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, 24);
- SMBencrypt(pass, challenge.data, blob.data);
- return blob;
-}
-
-/*
- form an encrypted NT password from a plaintext password
- and the server supplied challenge
-*/
-static DATA_BLOB nt_blob(TALLOC_CTX *mem_ctx, const struct samr_Password *nt_hash, DATA_BLOB challenge)
-{
- DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, 24);
- SMBOWFencrypt(nt_hash->hash, challenge.data, blob.data);
- return blob;
-}
-
-/*
store the user session key for a transport
*/
static void set_user_session_key(struct smbcli_session *session,
@@ -163,9 +141,19 @@ static NTSTATUS session_setup_nt1(struct composite_context *c,
struct smb_composite_sesssetup *io,
struct smbcli_request **req)
{
+ NTSTATUS nt_status;
struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state);
- const struct samr_Password *nt_hash = cli_credentials_get_nt_hash(io->in.credentials, state);
const char *password = cli_credentials_get_password(io->in.credentials);
+ DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, lp_workgroup());
+ DATA_BLOB session_key;
+ int flags = CLI_CRED_NTLM_AUTH;
+ if (lp_client_lanman_auth()) {
+ flags |= CLI_CRED_LANMAN_AUTH;
+ }
+
+ if (lp_client_ntlmv2_auth()) {
+ flags |= CLI_CRED_NTLMv2_AUTH;
+ }
state->setup.nt1.level = RAW_SESSSETUP_NT1;
state->setup.nt1.in.bufsize = session->transport->options.max_xmit;
@@ -175,56 +163,26 @@ static NTSTATUS session_setup_nt1(struct composite_context *c,
state->setup.nt1.in.capabilities = io->in.capabilities;
state->setup.nt1.in.os = "Unix";
state->setup.nt1.in.lanman = talloc_asprintf(state, "Samba %s", SAMBA_VERSION_STRING);
+
cli_credentials_get_ntlm_username_domain(io->in.credentials, state,
&state->setup.nt1.in.user,
&state->setup.nt1.in.domain);
+
- if (!password) {
- state->setup.nt1.in.password1 = data_blob(NULL, 0);
- state->setup.nt1.in.password2 = data_blob(NULL, 0);
- } else if (session->transport->negotiate.sec_mode &
- NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) {
- DATA_BLOB session_key;
- if (lp_client_ntlmv2_auth()) {
- DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, lp_netbios_name(), lp_workgroup());
- DATA_BLOB lmv2_response, ntlmv2_response, lmv2_session_key;
-
- if (!SMBNTLMv2encrypt_hash(state,
- state->setup.nt1.in.user, state->setup.nt1.in.domain,
- nt_hash->hash, &session->transport->negotiate.secblob,
- &names_blob,
- &lmv2_response, &ntlmv2_response,
- &lmv2_session_key, &session_key)) {
- data_blob_free(&names_blob);
- return NT_STATUS_NO_MEMORY;
- }
- data_blob_free(&names_blob);
- data_blob_free(&lmv2_session_key);
- state->setup.nt1.in.password1 = lmv2_response;
- state->setup.nt1.in.password2 = ntlmv2_response;
-
- } else {
-
- state->setup.nt1.in.password2 = nt_blob(state, nt_hash,
- session->transport->negotiate.secblob);
- if (lp_client_lanman_auth()) {
- state->setup.nt1.in.password1 = lanman_blob(state, password,
- session->transport->negotiate.secblob);
- } else {
- /* if not sending the LM password, send the NT password twice */
- state->setup.nt1.in.password1 = state->setup.nt1.in.password2;
- }
-
- session_key = data_blob_talloc(session, NULL, 16);
- SMBsesskeygen_ntv1(nt_hash->hash, session_key.data);
- }
+ if (session->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) {
+ nt_status = cli_credentials_get_ntlm_response(io->in.credentials, state,
+ &flags,
+ session->transport->negotiate.secblob,
+ names_blob,
+ &state->setup.nt1.in.password1,
+ &state->setup.nt1.in.password2,
+ NULL, &session_key);
smbcli_transport_simple_set_signing(session->transport, session_key,
state->setup.nt1.in.password2);
set_user_session_key(session, &session_key);
data_blob_free(&session_key);
-
} else if (lp_client_plaintext_auth()) {
state->setup.nt1.in.password1 = data_blob_talloc(state, password, strlen(password));
state->setup.nt1.in.password2 = data_blob(NULL, 0);
@@ -249,8 +207,19 @@ static NTSTATUS session_setup_old(struct composite_context *c,
struct smb_composite_sesssetup *io,
struct smbcli_request **req)
{
+ NTSTATUS nt_status;
struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state);
const char *password = cli_credentials_get_password(io->in.credentials);
+ DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, lp_workgroup());
+ DATA_BLOB session_key;
+ int flags = 0;
+ if (lp_client_lanman_auth()) {
+ flags |= CLI_CRED_LANMAN_AUTH;
+ }
+
+ if (lp_client_ntlmv2_auth()) {
+ flags |= CLI_CRED_NTLMv2_AUTH;
+ }
state->setup.old.level = RAW_SESSSETUP_OLD;
state->setup.old.in.bufsize = session->transport->options.max_xmit;
@@ -263,15 +232,22 @@ static NTSTATUS session_setup_old(struct composite_context *c,
&state->setup.old.in.user,
&state->setup.old.in.domain);
- if (!password) {
- state->setup.old.in.password = data_blob(NULL, 0);
- } else if (session->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) {
- state->setup.old.in.password = lanman_blob(state, password,
- session->transport->negotiate.secblob);
+ if (session->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) {
+ nt_status = cli_credentials_get_ntlm_response(io->in.credentials, state,
+ &flags,
+ session->transport->negotiate.secblob,
+ names_blob,
+ &state->setup.old.in.password,
+ NULL,
+ NULL, &session_key);
+ set_user_session_key(session, &session_key);
+
+ data_blob_free(&session_key);
+ } else if (lp_client_plaintext_auth()) {
+ state->setup.old.in.password = data_blob_talloc(state, password, strlen(password));
} else {
- state->setup.old.in.password = data_blob_talloc(state,
- password,
- strlen(password));
+ /* could match windows client and return 'cannot logon from this workstation', but it just confuses everybody */
+ return NT_STATUS_INVALID_PARAMETER;
}
*req = smb_raw_sesssetup_send(session, &state->setup);