From f5a8054f266a241d43a4c5d3ca908f8edfcc01f4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 25 Apr 2005 09:23:56 +0000 Subject: r6463: Move NTLM2 and NTLM (v1) specific variables into a union for DCE/RPC. Andrew Bartlett (This used to be commit 227f2578da140067734f55b559760871ee4d0d12) --- source4/auth/ntlmssp/ntlmssp.h | 39 ++++++++------- source4/auth/ntlmssp/ntlmssp_server.c | 10 ++-- source4/auth/ntlmssp/ntlmssp_sign.c | 94 ++++++++++++++++++----------------- 3 files changed, 74 insertions(+), 69 deletions(-) diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h index 2aa9aea810..65292b438b 100644 --- a/source4/auth/ntlmssp/ntlmssp.h +++ b/source4/auth/ntlmssp/ntlmssp.h @@ -106,10 +106,6 @@ struct ntlmssp_state uint32_t neg_flags; /* the current state of negotiation with the NTLMSSP partner */ - /* internal variables used by NTLM2 */ - BOOL doing_ntlm2; - uint8_t session_nonce[16]; - /* internal variables used by KEY_EXCH (client-supplied user session key */ DATA_BLOB encrypted_session_key; @@ -162,21 +158,28 @@ struct ntlmssp_state const char *server_name; const char *(*get_domain)(void); - /* SMB Signing */ - uint32_t ntlm_seq_num; - uint32_t ntlm2_send_seq_num; - uint32_t ntlm2_recv_seq_num; - - /* ntlmv2 */ - DATA_BLOB send_sign_key; - DATA_BLOB recv_sign_key; - - struct arcfour_state *send_seal_hash; - struct arcfour_state *recv_seal_hash; - - /* ntlmv1 */ - struct arcfour_state *ntlmssp_hash; + BOOL doing_ntlm2; + union { + /* NTLM */ + struct { + uint32_t seq_num; + struct arcfour_state *arcfour_state; + } ntlm; + + /* NTLM2 */ + struct { + uint32_t send_seq_num; + uint32_t recv_seq_num; + DATA_BLOB send_sign_key; + DATA_BLOB recv_sign_key; + struct arcfour_state *send_seal_arcfour_state; + struct arcfour_state *recv_seal_arcfour_state; + + /* internal variables used by NTLM2 */ + uint8_t session_nonce[16]; + } ntlm2; + }; }; struct gensec_ntlmssp_state { diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index 374fafc0e5..74d3c722d7 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -386,11 +386,11 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state, ntlmssp_state->doing_ntlm2 = True; - memcpy(ntlmssp_state->session_nonce, ntlmssp_state->internal_chal.data, 8); - memcpy(&ntlmssp_state->session_nonce[8], ntlmssp_state->lm_resp.data, 8); + memcpy(ntlmssp_state->ntlm2.session_nonce, ntlmssp_state->internal_chal.data, 8); + memcpy(&ntlmssp_state->ntlm2.session_nonce[8], ntlmssp_state->lm_resp.data, 8); MD5Init(&md5_session_nonce_ctx); - MD5Update(&md5_session_nonce_ctx, ntlmssp_state->session_nonce, 16); + MD5Update(&md5_session_nonce_ctx, ntlmssp_state->ntlm2.session_nonce, 16); MD5Final(session_nonce_hash, &md5_session_nonce_ctx); ntlmssp_state->chal = data_blob_talloc(ntlmssp_state, @@ -440,8 +440,8 @@ static NTSTATUS ntlmssp_server_postauth(struct ntlmssp_state *ntlmssp_state, if (ntlmssp_state->doing_ntlm2) { if (user_session_key && user_session_key->data && user_session_key->length == 16) { session_key = data_blob_talloc(ntlmssp_state, NULL, 16); - hmac_md5(user_session_key->data, ntlmssp_state->session_nonce, - sizeof(ntlmssp_state->session_nonce), session_key.data); + hmac_md5(user_session_key->data, ntlmssp_state->ntlm2.session_nonce, + sizeof(ntlmssp_state->ntlm2.session_nonce), session_key.data); DEBUG(10,("ntlmssp_server_auth: Created NTLM2 session key.\n")); dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length); diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c index a47a0f334a..29204b3460 100644 --- a/source4/auth/ntlmssp/ntlmssp_sign.c +++ b/source4/auth/ntlmssp/ntlmssp_sign.c @@ -78,16 +78,16 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat switch (direction) { case NTLMSSP_SEND: - SIVAL(seq_num, 0, ntlmssp_state->ntlm2_send_seq_num); - ntlmssp_state->ntlm2_send_seq_num++; - hmac_md5_init_limK_to_64(ntlmssp_state->send_sign_key.data, - ntlmssp_state->send_sign_key.length, &ctx); + SIVAL(seq_num, 0, ntlmssp_state->ntlm2.send_seq_num); + ntlmssp_state->ntlm2.send_seq_num++; + hmac_md5_init_limK_to_64(ntlmssp_state->ntlm2.send_sign_key.data, + ntlmssp_state->ntlm2.send_sign_key.length, &ctx); break; case NTLMSSP_RECEIVE: - SIVAL(seq_num, 0, ntlmssp_state->ntlm2_recv_seq_num); - ntlmssp_state->ntlm2_recv_seq_num++; - hmac_md5_init_limK_to_64(ntlmssp_state->recv_sign_key.data, - ntlmssp_state->recv_sign_key.length, &ctx); + SIVAL(seq_num, 0, ntlmssp_state->ntlm2.recv_seq_num); + ntlmssp_state->ntlm2.recv_seq_num++; + hmac_md5_init_limK_to_64(ntlmssp_state->ntlm2.recv_sign_key.data, + ntlmssp_state->ntlm2.recv_sign_key.length, &ctx); break; } hmac_md5_update(seq_num, sizeof(seq_num), &ctx); @@ -97,10 +97,10 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat if (encrypt_sig && ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) { switch (direction) { case NTLMSSP_SEND: - arcfour_crypt_sbox(ntlmssp_state->send_seal_hash, digest, 8); + arcfour_crypt_sbox(ntlmssp_state->ntlm2.send_seal_arcfour_state, digest, 8); break; case NTLMSSP_RECEIVE: - arcfour_crypt_sbox(ntlmssp_state->recv_seal_hash, digest, 8); + arcfour_crypt_sbox(ntlmssp_state->ntlm2.recv_seal_arcfour_state, digest, 8); break; } } @@ -112,12 +112,12 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat } else { uint32_t crc; crc = crc32_calc_buffer(data, length); - if (!msrpc_gen(sig_mem_ctx, sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlm_seq_num)) { + if (!msrpc_gen(sig_mem_ctx, sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlm.seq_num)) { return NT_STATUS_NO_MEMORY; } - ntlmssp_state->ntlm_seq_num++; + ntlmssp_state->ntlm.seq_num++; - arcfour_crypt_sbox(ntlmssp_state->ntlmssp_hash, sig->data+4, sig->length-4); + arcfour_crypt_sbox(ntlmssp_state->ntlm.arcfour_state, sig->data+4, sig->length-4); } dump_data_pw("calculated ntlmssp signature\n", sig->data, sig->length); return NT_STATUS_OK; @@ -252,14 +252,14 @@ NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security, data, length, whole_pdu, pdu_length, NTLMSSP_SEND, sig, False); - arcfour_crypt_sbox(ntlmssp_state->send_seal_hash, data, length); + arcfour_crypt_sbox(ntlmssp_state->ntlm2.send_seal_arcfour_state, data, length); if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) { - arcfour_crypt_sbox(ntlmssp_state->send_seal_hash, sig->data+4, 8); + arcfour_crypt_sbox(ntlmssp_state->ntlm2.send_seal_arcfour_state, sig->data+4, 8); } } else { uint32_t crc; crc = crc32_calc_buffer(data, length); - if (!msrpc_gen(sig_mem_ctx, sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlm_seq_num)) { + if (!msrpc_gen(sig_mem_ctx, sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlm.seq_num)) { return NT_STATUS_NO_MEMORY; } @@ -269,10 +269,10 @@ NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security, constant, but is is rather updated with each iteration */ - arcfour_crypt_sbox(ntlmssp_state->ntlmssp_hash, data, length); - arcfour_crypt_sbox(ntlmssp_state->ntlmssp_hash, sig->data+4, sig->length-4); + arcfour_crypt_sbox(ntlmssp_state->ntlm.arcfour_state, data, length); + arcfour_crypt_sbox(ntlmssp_state->ntlm.arcfour_state, sig->data+4, sig->length-4); /* increment counter on send */ - ntlmssp_state->ntlm_seq_num++; + ntlmssp_state->ntlm.seq_num++; nt_status = NT_STATUS_OK; } dump_data_pw("ntlmssp signature\n", sig->data, sig->length); @@ -307,7 +307,7 @@ NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security, dump_data_pw("ntlmssp sealed data\n", data, length); if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { - arcfour_crypt_sbox(ntlmssp_state->recv_seal_hash, data, length); + arcfour_crypt_sbox(ntlmssp_state->ntlm2.recv_seal_arcfour_state, data, length); nt_status = ntlmssp_make_packet_signature(ntlmssp_state, sig_mem_ctx, data, length, @@ -333,7 +333,7 @@ NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security, dump_data_pw("ntlmssp clear data\n", data, length); return NT_STATUS_OK; } else { - arcfour_crypt_sbox(ntlmssp_state->ntlmssp_hash, data, length); + arcfour_crypt_sbox(ntlmssp_state->ntlm.arcfour_state, data, length); dump_data_pw("ntlmssp clear data\n", data, length); return gensec_ntlmssp_check_packet(gensec_security, sig_mem_ctx, data, length, whole_pdu, pdu_length, sig); } @@ -383,10 +383,10 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) return NT_STATUS_INTERNAL_ERROR; } - ntlmssp_state->send_seal_hash = talloc(ntlmssp_state, struct arcfour_state); - NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->send_seal_hash); - ntlmssp_state->recv_seal_hash = talloc(ntlmssp_state, struct arcfour_state); - NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->recv_seal_hash); + ntlmssp_state->ntlm2.send_seal_arcfour_state = talloc(ntlmssp_state, struct arcfour_state); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->ntlm2.send_seal_arcfour_state); + ntlmssp_state->ntlm2.recv_seal_arcfour_state = talloc(ntlmssp_state, struct arcfour_state); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->ntlm2.send_seal_arcfour_state); /** Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions. @@ -408,11 +408,11 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) /* SEND */ calc_ntlmv2_key(ntlmssp_state, - &ntlmssp_state->send_sign_key, + &ntlmssp_state->ntlm2.send_sign_key, ntlmssp_state->session_key, send_sign_const); dump_data_pw("NTLMSSP send sign key:\n", - ntlmssp_state->send_sign_key.data, - ntlmssp_state->send_sign_key.length); + ntlmssp_state->ntlm2.send_sign_key.data, + ntlmssp_state->ntlm2.send_sign_key.length); calc_ntlmv2_key(ntlmssp_state, &send_seal_key, @@ -421,20 +421,20 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) send_seal_key.data, send_seal_key.length); - arcfour_init(ntlmssp_state->send_seal_hash, + arcfour_init(ntlmssp_state->ntlm2.send_seal_arcfour_state, &send_seal_key); dump_data_pw("NTLMSSP send sesl hash:\n", - ntlmssp_state->send_seal_hash->sbox, - sizeof(ntlmssp_state->send_seal_hash->sbox)); + ntlmssp_state->ntlm2.send_seal_arcfour_state->sbox, + sizeof(ntlmssp_state->ntlm2.send_seal_arcfour_state->sbox)); /* RECV */ calc_ntlmv2_key(ntlmssp_state, - &ntlmssp_state->recv_sign_key, + &ntlmssp_state->ntlm2.recv_sign_key, ntlmssp_state->session_key, recv_sign_const); dump_data_pw("NTLMSSP recv sign key:\n", - ntlmssp_state->recv_sign_key.data, - ntlmssp_state->recv_sign_key.length); + ntlmssp_state->ntlm2.recv_sign_key.data, + ntlmssp_state->ntlm2.recv_sign_key.length); calc_ntlmv2_key(ntlmssp_state, &recv_seal_key, @@ -442,27 +442,29 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) dump_data_pw("NTLMSSP recv seal key:\n", recv_seal_key.data, recv_seal_key.length); - arcfour_init(ntlmssp_state->recv_seal_hash, + arcfour_init(ntlmssp_state->ntlm2.recv_seal_arcfour_state, &recv_seal_key); dump_data_pw("NTLMSSP receive seal hash:\n", - ntlmssp_state->recv_seal_hash->sbox, - sizeof(ntlmssp_state->recv_seal_hash->sbox)); + ntlmssp_state->ntlm2.recv_seal_arcfour_state->sbox, + sizeof(ntlmssp_state->ntlm2.recv_seal_arcfour_state->sbox)); + + ntlmssp_state->ntlm2.send_seq_num = 0; + ntlmssp_state->ntlm2.recv_seq_num = 0; + } else { DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n")); - ntlmssp_state->ntlmssp_hash = talloc(ntlmssp_state, struct arcfour_state); - NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->ntlmssp_hash); + ntlmssp_state->ntlm.arcfour_state = talloc(ntlmssp_state, struct arcfour_state); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->ntlm.arcfour_state); - arcfour_init(ntlmssp_state->ntlmssp_hash, + arcfour_init(ntlmssp_state->ntlm.arcfour_state, &ntlmssp_state->session_key); - dump_data_pw("NTLMSSP hash:\n", ntlmssp_state->ntlmssp_hash->sbox, - sizeof(ntlmssp_state->ntlmssp_hash->sbox)); - } + dump_data_pw("NTLMSSP hash:\n", ntlmssp_state->ntlm.arcfour_state->sbox, + sizeof(ntlmssp_state->ntlm.arcfour_state->sbox)); - ntlmssp_state->ntlm_seq_num = 0; - ntlmssp_state->ntlm2_send_seq_num = 0; - ntlmssp_state->ntlm2_recv_seq_num = 0; + ntlmssp_state->ntlm.seq_num = 0; + } return NT_STATUS_OK; } -- cgit