From 25bf685da5c037d1875f96e7e7127106dee2865d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 28 Jun 2004 06:46:27 +0000 Subject: r1274: revert -r 1239 as discussed with abartlet metze (This used to be commit 52e2d038252bd745d53c687d266ad3ad62efa6fc) --- source4/libcli/auth/ntlmssp.c | 213 +++++++++++++++++++----------------------- 1 file changed, 95 insertions(+), 118 deletions(-) (limited to 'source4/libcli/auth/ntlmssp.c') diff --git a/source4/libcli/auth/ntlmssp.c b/source4/libcli/auth/ntlmssp.c index f72f98d8a0..6830db3f90 100644 --- a/source4/libcli/auth/ntlmssp.c +++ b/source4/libcli/auth/ntlmssp.c @@ -1,7 +1,7 @@ /* Unix SMB/Netbios implementation. - - NLTMSSP code + Version 3.0 + handle NLTMSSP, server side Copyright (C) Andrew Tridgell 2001 Copyright (C) Andrew Bartlett 2001-2003 @@ -221,7 +221,6 @@ NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *out_mem_ctx, const DATA_BLOB in, DATA_BLOB *out) { - NTSTATUS nt_status; DATA_BLOB input; uint32_t ntlmssp_command; int i; @@ -258,15 +257,13 @@ NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state, break; } } else { - nt_status = ndr_pull_format_blob(&input, ntlmssp_state->mem_ctx, - "Cd", - "NTLMSSP", - &ntlmssp_command); - - if (!NT_STATUS_IS_OK(nt_status)) { + if (!msrpc_parse(ntlmssp_state->mem_ctx, + &input, "Cd", + "NTLMSSP", + &ntlmssp_command)) { DEBUG(1, ("Failed to parse NTLMSSP packet, could not extract NTLMSSP command\n")); dump_data(2, (const char *)input.data, input.length); - return nt_status; + return NT_STATUS_INVALID_PARAMETER; } } @@ -445,7 +442,6 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *out_mem_ctx, const DATA_BLOB in, DATA_BLOB *out) { - NTSTATUS nt_status; DATA_BLOB struct_blob; fstring dnsname, dnsdomname; uint32_t neg_flags = 0; @@ -460,18 +456,16 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state, #endif if (in.length) { - nt_status = ndr_pull_format_blob(&in, ntlmssp_state->mem_ctx, - "CddAA", - "NTLMSSP", - &ntlmssp_command, - &neg_flags, - &cliname, - &domname); - - if (!NT_STATUS_IS_OK(nt_status)) { + if (!msrpc_parse(ntlmssp_state->mem_ctx, + &in, "CddAA", + "NTLMSSP", + &ntlmssp_command, + &neg_flags, + &cliname, + &domname)) { DEBUG(1, ("ntlmssp_server_negotiate: failed to parse NTLMSSP:\n")); dump_data(2, (const char *)in.data, in.length); - return nt_status; + return NT_STATUS_INVALID_PARAMETER; } debug_ntlmssp_flags(neg_flags); @@ -521,14 +515,13 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state, target_name_dns = dnsname; } - /* TODO: do we need to check the result here? --metze */ - ndr_push_format_blob(&struct_blob, out_mem_ctx, - "aaaaa", - NTLMSSP_NAME_TYPE_DOMAIN, target_name, - NTLMSSP_NAME_TYPE_SERVER, ntlmssp_state->get_global_myname(), - NTLMSSP_NAME_TYPE_DOMAIN_DNS, dnsdomname, - NTLMSSP_NAME_TYPE_SERVER_DNS, dnsname, - 0, ""); + msrpc_gen(out_mem_ctx, + &struct_blob, "aaaaa", + NTLMSSP_NAME_TYPE_DOMAIN, target_name, + NTLMSSP_NAME_TYPE_SERVER, ntlmssp_state->get_global_myname(), + NTLMSSP_NAME_TYPE_DOMAIN_DNS, dnsdomname, + NTLMSSP_NAME_TYPE_SERVER_DNS, dnsname, + 0, ""); } else { struct_blob = data_blob(NULL, 0); } @@ -541,17 +534,16 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state, } else { gen_string = "CdAdbddB"; } - - /* TODO: do we need to check the result here? --metze */ - ndr_push_format_blob(out, out_mem_ctx, - gen_string, - "NTLMSSP", - NTLMSSP_CHALLENGE, - target_name, - chal_flags, - cryptkey, 8, - 0, 0, - struct_blob.data, struct_blob.length); + + msrpc_gen(out_mem_ctx, + out, gen_string, + "NTLMSSP", + NTLMSSP_CHALLENGE, + target_name, + chal_flags, + cryptkey, 8, + 0, 0, + struct_blob.data, struct_blob.length); } ntlmssp_state->expected_state = NTLMSSP_AUTH; @@ -599,20 +591,18 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state, ntlmssp_state->workstation = NULL; /* now the NTLMSSP encoded auth hashes */ - nt_status = ndr_pull_format_blob(&request, ntlmssp_state->mem_ctx, - parse_string, - "NTLMSSP", - &ntlmssp_command, - &ntlmssp_state->lm_resp, - &ntlmssp_state->nt_resp, - &domain, - &user, - &workstation, - &ntlmssp_state->encrypted_session_key, - &auth_flags); - - if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(10, ("ntlmssp_server_preauth: failed to parse NTLMSSP (nonfatal):\n")); + if (!msrpc_parse(ntlmssp_state->mem_ctx, + &request, parse_string, + "NTLMSSP", + &ntlmssp_command, + &ntlmssp_state->lm_resp, + &ntlmssp_state->nt_resp, + &domain, + &user, + &workstation, + &ntlmssp_state->encrypted_session_key, + &auth_flags)) { + DEBUG(10, ("ntlmssp_server_auth: failed to parse NTLMSSP (nonfatal):\n")); dump_data(10, (const char *)request.data, request.length); /* zero this out */ @@ -627,20 +617,19 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state, } /* now the NTLMSSP encoded auth hashes */ - nt_status = ndr_pull_format_blob(&request, ntlmssp_state->mem_ctx, - parse_string, - "NTLMSSP", - &ntlmssp_command, - &ntlmssp_state->lm_resp, - &ntlmssp_state->nt_resp, - &domain, - &user, - &workstation); - - if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(1, ("ntlmssp_server_preauth: failed to parse NTLMSSP:\n")); + if (!msrpc_parse(ntlmssp_state->mem_ctx, + &request, parse_string, + "NTLMSSP", + &ntlmssp_command, + &ntlmssp_state->lm_resp, + &ntlmssp_state->nt_resp, + &domain, + &user, + &workstation)) { + DEBUG(1, ("ntlmssp_server_auth: failed to parse NTLMSSP:\n")); dump_data(2, (const char *)request.data, request.length); - return nt_status; + + return NT_STATUS_INVALID_PARAMETER; } } @@ -969,8 +958,6 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *out_mem_ctx, DATA_BLOB in, DATA_BLOB *out) { - NTSTATUS nt_status; - if (ntlmssp_state->unicode) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE; } else { @@ -982,17 +969,13 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, } /* generate the ntlmssp negotiate packet */ - nt_status = ndr_push_format_blob(out, out_mem_ctx, - "CddAA", - "NTLMSSP", - NTLMSSP_NEGOTIATE, - ntlmssp_state->neg_flags, - ntlmssp_state->get_domain(), - ntlmssp_state->get_global_myname()); - - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } + msrpc_gen(out_mem_ctx, + out, "CddAA", + "NTLMSSP", + NTLMSSP_NEGOTIATE, + ntlmssp_state->neg_flags, + ntlmssp_state->get_domain(), + ntlmssp_state->get_global_myname()); ntlmssp_state->expected_state = NTLMSSP_CHALLENGE; @@ -1027,17 +1010,16 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB encrypted_session_key = data_blob(NULL, 0); NTSTATUS nt_status; - nt_status = ndr_pull_format_blob(&in, ntlmssp_state->mem_ctx, - "CdBd", - "NTLMSSP", - &ntlmssp_command, - &server_domain_blob, - &chal_flags); - - if (!NT_STATUS_IS_OK(nt_status)) { + if (!msrpc_parse(ntlmssp_state->mem_ctx, + &in, "CdBd", + "NTLMSSP", + &ntlmssp_command, + &server_domain_blob, + &chal_flags)) { DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n")); dump_data(2, (const char *)in.data, in.length); - return nt_status; + + return NT_STATUS_INVALID_PARAMETER; } data_blob_free(&server_domain_blob); @@ -1067,20 +1049,18 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, DEBUG(3, ("NTLMSSP: Set final flags:\n")); debug_ntlmssp_flags(ntlmssp_state->neg_flags); - nt_status = ndr_pull_format_blob(&in, ntlmssp_state->mem_ctx, - chal_parse_string, - "NTLMSSP", - &ntlmssp_command, - &server_domain, - &chal_flags, - &challenge_blob, 8, - &unkn1, &unkn2, - &struct_blob); - - if (!NT_STATUS_IS_OK(nt_status)) { + if (!msrpc_parse(ntlmssp_state->mem_ctx, + &in, chal_parse_string, + "NTLMSSP", + &ntlmssp_command, + &server_domain, + &chal_flags, + &challenge_blob, 8, + &unkn1, &unkn2, + &struct_blob)) { DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#2)\n")); dump_data(2, (const char *)in.data, in.length); - return nt_status; + return NT_STATUS_INVALID_PARAMETER; } ntlmssp_state->server_domain = server_domain; @@ -1236,20 +1216,19 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, } /* this generates the actual auth packet */ - nt_status = ndr_push_format_blob(out, out_mem_ctx, - auth_gen_string, - "NTLMSSP", - NTLMSSP_AUTH, - lm_response.data, lm_response.length, - nt_response.data, nt_response.length, - ntlmssp_state->domain, - ntlmssp_state->user, - ntlmssp_state->get_global_myname(), - encrypted_session_key.data, encrypted_session_key.length, - ntlmssp_state->neg_flags); - - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; + if (!msrpc_gen(out_mem_ctx, + out, auth_gen_string, + "NTLMSSP", + NTLMSSP_AUTH, + lm_response.data, lm_response.length, + nt_response.data, nt_response.length, + ntlmssp_state->domain, + ntlmssp_state->user, + ntlmssp_state->get_global_myname(), + encrypted_session_key.data, encrypted_session_key.length, + ntlmssp_state->neg_flags)) { + + return NT_STATUS_NO_MEMORY; } ntlmssp_state->session_key = session_key; @@ -1263,9 +1242,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, ntlmssp_state->expected_state = NTLMSSP_DONE; - nt_status = ntlmssp_sign_init(ntlmssp_state); - - if (!NT_STATUS_IS_OK(nt_status)) { + if (!NT_STATUS_IS_OK(nt_status = ntlmssp_sign_init(ntlmssp_state))) { DEBUG(1, ("Could not setup NTLMSSP signing/sealing system (error was: %s)\n", nt_errstr(nt_status))); return nt_status; -- cgit