summaryrefslogtreecommitdiff
path: root/source4/librpc/rpc/dcerpc_ntlm.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/librpc/rpc/dcerpc_ntlm.c')
-rw-r--r--source4/librpc/rpc/dcerpc_ntlm.c178
1 files changed, 71 insertions, 107 deletions
diff --git a/source4/librpc/rpc/dcerpc_ntlm.c b/source4/librpc/rpc/dcerpc_ntlm.c
index db707be1b5..2cfecd939f 100644
--- a/source4/librpc/rpc/dcerpc_ntlm.c
+++ b/source4/librpc/rpc/dcerpc_ntlm.c
@@ -25,174 +25,138 @@
/*
wrappers for the ntlmssp_*() functions
*/
-static NTSTATUS ntlm_unseal_packet(struct dcerpc_security *dcerpc_security,
+static NTSTATUS dcerpc_ntlmssp_unseal(struct dcerpc_security *dcerpc_security,
TALLOC_CTX *mem_ctx,
uint8_t *data, size_t length, DATA_BLOB *sig)
{
- struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
+ struct ntlmssp_state *ntlmssp_state = dcerpc_security->private_data;
+
return ntlmssp_unseal_packet(ntlmssp_state, mem_ctx, data, length, sig);
}
-static NTSTATUS ntlm_check_packet(struct dcerpc_security *dcerpc_security,
+static NTSTATUS dcerpc_ntlmssp_check_sig(struct dcerpc_security *dcerpc_security,
TALLOC_CTX *mem_ctx,
const uint8_t *data, size_t length,
const DATA_BLOB *sig)
{
- struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
+ struct ntlmssp_state *ntlmssp_state = dcerpc_security->private_data;
+
return ntlmssp_check_packet(ntlmssp_state, mem_ctx, data, length, sig);
}
-static NTSTATUS ntlm_seal_packet(struct dcerpc_security *dcerpc_security,
+static NTSTATUS dcerpc_ntlmssp_seal(struct dcerpc_security *dcerpc_security,
TALLOC_CTX *mem_ctx,
uint8_t *data, size_t length,
DATA_BLOB *sig)
{
- struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
+ struct ntlmssp_state *ntlmssp_state = dcerpc_security->private_data;
+
return ntlmssp_seal_packet(ntlmssp_state, mem_ctx, data, length, sig);
}
-static NTSTATUS ntlm_sign_packet(struct dcerpc_security *dcerpc_security,
+static NTSTATUS dcerpc_ntlmssp_sign(struct dcerpc_security *dcerpc_security,
TALLOC_CTX *mem_ctx,
const uint8_t *data, size_t length,
DATA_BLOB *sig)
{
- struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
+ struct ntlmssp_state *ntlmssp_state = dcerpc_security->private_data;
+
return ntlmssp_sign_packet(ntlmssp_state, mem_ctx, data, length, sig);
}
-static NTSTATUS ntlm_session_key(struct dcerpc_security *dcerpc_security,
+static NTSTATUS dcerpc_ntlmssp_session_key(struct dcerpc_security *dcerpc_security,
DATA_BLOB *session_key)
{
- struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
+ struct ntlmssp_state *ntlmssp_state = dcerpc_security->private_data;
+
if (!ntlmssp_state->session_key.data) {
return NT_STATUS_NO_USER_SESSION_KEY;
}
*session_key = ntlmssp_state->session_key;
- return NT_STATUS_OK;
-}
-static void ntlm_security_end(struct dcerpc_security *dcerpc_security)
-{
- struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
- ntlmssp_end(&ntlmssp_state);
+ return NT_STATUS_OK;
}
-
-
-/*
- do ntlm style authentication on a dcerpc pipe
-*/
-NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
- const char *uuid, uint_t version,
- const char *domain,
- const char *username,
- const char *password)
+static NTSTATUS dcerpc_ntlmssp_start(struct dcerpc_pipe *dce_pipe, struct dcerpc_security *dcerpc_security)
{
+ struct ntlmssp_state *ntlmssp_state = NULL;
NTSTATUS status;
- struct ntlmssp_state *state;
- TALLOC_CTX *mem_ctx;
- DATA_BLOB credentials;
-
- mem_ctx = talloc_init("dcerpc_bind_auth_ntlm");
- if (!mem_ctx) {
- return NT_STATUS_NO_MEMORY;
- }
- status = ntlmssp_client_start(&state);
+ status = ntlmssp_client_start(&ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- status = ntlmssp_set_domain(state, domain);
+ status = ntlmssp_set_domain(ntlmssp_state, dcerpc_security->user.domain);
if (!NT_STATUS_IS_OK(status)) {
- goto done;
+ return status;
}
- status = ntlmssp_set_username(state, username);
+ status = ntlmssp_set_username(ntlmssp_state, dcerpc_security->user.name);
if (!NT_STATUS_IS_OK(status)) {
- goto done;
+ return status;
}
- status = ntlmssp_set_password(state, password);
+ status = ntlmssp_set_password(ntlmssp_state, dcerpc_security->user.password);
if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- p->auth_info = talloc(p->mem_ctx, sizeof(*p->auth_info));
- if (!p->auth_info) {
- status = NT_STATUS_NO_MEMORY;
- goto done;
+ return status;
}
-
- p->auth_info->auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
- if (p->flags & DCERPC_SEAL) {
- p->auth_info->auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
- state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL;
- } else {
- /* ntlmssp does not work on dcerpc with
- AUTH_LEVEL_NONE */
- state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
- p->auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
- }
- p->auth_info->auth_pad_length = 0;
- p->auth_info->auth_reserved = 0;
- p->auth_info->auth_context_id = random();
- p->auth_info->credentials = data_blob(NULL, 0);
- p->security_state = NULL;
-
- status = ntlmssp_update(state, mem_ctx,
- p->auth_info->credentials,
- &credentials);
-
- if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- goto done;
- }
+ dcerpc_security->private_data = ntlmssp_state;
- p->auth_info->credentials = credentials;
-
- status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- status = ntlmssp_update(state, mem_ctx,
- p->auth_info->credentials,
- &credentials);
+ return status;
+}
- if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- goto done;
- }
+static NTSTATUS dcerpc_ntlmssp_update(struct dcerpc_security *dcerpc_security, TALLOC_CTX *out_mem_ctx,
+ const DATA_BLOB in, DATA_BLOB *out)
+{
+ struct ntlmssp_state *ntlmssp_state = dcerpc_security->private_data;
- p->auth_info->credentials = credentials;
+ return ntlmssp_update(ntlmssp_state, out_mem_ctx, in, out);
+}
- status = dcerpc_auth3(p, mem_ctx);
+static void dcerpc_ntlmssp_end(struct dcerpc_security *dcerpc_security)
+{
+ struct ntlmssp_state *ntlmssp_state = dcerpc_security->private_data;
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
+ ntlmssp_end(&ntlmssp_state);
- p->security_state = talloc_p(p->mem_ctx, struct dcerpc_security);
- if (!p->security_state) {
- status = NT_STATUS_NO_MEMORY;
- goto done;
- }
+ dcerpc_security->private_data = NULL;
+}
- p->security_state->private = state;
- p->security_state->unseal_packet = ntlm_unseal_packet;
- p->security_state->check_packet = ntlm_check_packet;
- p->security_state->seal_packet = ntlm_seal_packet;
- p->security_state->sign_packet = ntlm_sign_packet;
- p->security_state->session_key = ntlm_session_key;
- p->security_state->security_end = ntlm_security_end;
+static const struct dcesrv_security_ops dcerpc_ntlmssp_security_ops = {
+ .name = "ntlmssp",
+ .auth_type = DCERPC_AUTH_TYPE_NTLMSSP,
+ .start = dcerpc_ntlmssp_start,
+ .update = dcerpc_ntlmssp_update,
+ .seal = dcerpc_ntlmssp_seal,
+ .sign = dcerpc_ntlmssp_sign,
+ .check_sig = dcerpc_ntlmssp_check_sig,
+ .unseal = dcerpc_ntlmssp_unseal,
+ .session_key = dcerpc_ntlmssp_session_key,
+ .end = dcerpc_ntlmssp_end
+};
+
+const struct dcesrv_security_ops *dcerpc_ntlmssp_security_get_ops(void)
+{
+ return &dcerpc_ntlmssp_security_ops;
+}
-done:
- talloc_destroy(mem_ctx);
+/*
+ do ntlm style authentication on a dcerpc pipe
+*/
+NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
+ const char *uuid, uint_t version,
+ const char *domain,
+ const char *username,
+ const char *password)
+{
+ NTSTATUS status;
- if (!NT_STATUS_IS_OK(status)) {
- p->security_state = NULL;
- p->auth_info = NULL;
- }
+ status = dcerpc_bind_auth(p, DCERPC_AUTH_TYPE_NTLMSSP,
+ uuid, version,
+ domain, username,
+ password);
return status;
}
generated by cgit (git 2.34.1) at 2024-07-19 22:39:53 +0000