From 5b0ab386cb0fb74d78e6c68abe1b047ab515b7b3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 25 May 2004 14:06:28 +0000 Subject: r874: This patch is a pile of work on NTLMSSP: Samba's NTLMSSP code is now fully talloc based, which should go a long way to cleaning up the memory leaks in this code. This also avoids a lot of extra copies of data, as we now allocate the 'return' blobs on a caller-supplied context. I have also been doing a lot of work towards NTLM2 signing and sealing. I have this working for sealing, but not for the verifier (MD5 integrity check on the stream) which is still incorrect. (I can aim a rpcecho sinkdata from a Win2k3 box to my server, and the data arrives intact, but the signature check fails. It does however match the test values I have...). The new torture test is cludged in - when we get a unit test suite back, I'll happliy put it in the 'right' place.... Andrew Bartlett (This used to be commit 399e2e2b1149b8d1c070aa7f0d5131c0b577d2b9) --- source4/libcli/auth/ntlmssp.h | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) (limited to 'source4/libcli/auth/ntlmssp.h') diff --git a/source4/libcli/auth/ntlmssp.h b/source4/libcli/auth/ntlmssp.h index a5e0951fa8..d3d39e8465 100644 --- a/source4/libcli/auth/ntlmssp.h +++ b/source4/libcli/auth/ntlmssp.h @@ -34,7 +34,8 @@ enum NTLM_MESSAGE_TYPE NTLMSSP_NEGOTIATE = 1, NTLMSSP_CHALLENGE = 2, NTLMSSP_AUTH = 3, - NTLMSSP_UNKNOWN = 4 + NTLMSSP_UNKNOWN = 4, + NTLMSSP_DONE = 5 /* samba final state */ }; /* NTLMSSP negotiation flags */ @@ -80,9 +81,15 @@ typedef struct ntlmssp_state BOOL unicode; BOOL use_ntlmv2; - BOOL use_nt_response; /* Set to 'NO' to debug what happens when the NT response is omited */ + BOOL use_nt_response; /* Set to 'False' to debug what happens when the NT response is omited */ BOOL allow_lm_key; /* The LM_KEY code is not functional at this point, and it's not very secure anyway */ + + BOOL server_use_session_keys; /* Set to 'False' for authentication only, + that will never return a session key */ + BOOL server_multiple_authentications; /* Set to 'True' to allow squid 2.5 + style 'challenge caching' */ + char *user; char *domain; char *workstation; @@ -159,10 +166,10 @@ typedef struct ntlmssp_state uint32 ntlmssp_seq_num; /* ntlmv2 */ - char send_sign_const[16]; - char send_seal_const[16]; - char recv_sign_const[16]; - char recv_seal_const[16]; + char send_sign_key[16]; + char send_seal_key[16]; + char recv_sign_key[16]; + char recv_seal_key[16]; unsigned char send_sign_hash[258]; unsigned char send_seal_hash[258]; -- cgit