From f7ff0540d2b2490b2ef502d02b422e74a298b43d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Oct 2005 03:57:35 +0000 Subject: r10981: Pull code to decide between and implement NTLMv2, NTLM and LM authentication out of the various callers and into the kitchen sink.. err, credentials subsystem. This should ensure consistant logic, as well as get us one step closer to security=server operation in future. Andrew Bartlett (This used to be commit 09c95763301c0f7770d56462e8af4169b8c171fb) --- source4/libcli/smb_composite/sesssetup.c | 118 ++++++++++++------------------- 1 file changed, 47 insertions(+), 71 deletions(-) (limited to 'source4/libcli/smb_composite') diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 700e4ef744..0d0904b969 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -36,28 +36,6 @@ struct sesssetup_state { }; -/* - form an encrypted lanman password from a plaintext password - and the server supplied challenge -*/ -static DATA_BLOB lanman_blob(TALLOC_CTX *mem_ctx, const char *pass, DATA_BLOB challenge) -{ - DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, 24); - SMBencrypt(pass, challenge.data, blob.data); - return blob; -} - -/* - form an encrypted NT password from a plaintext password - and the server supplied challenge -*/ -static DATA_BLOB nt_blob(TALLOC_CTX *mem_ctx, const struct samr_Password *nt_hash, DATA_BLOB challenge) -{ - DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, 24); - SMBOWFencrypt(nt_hash->hash, challenge.data, blob.data); - return blob; -} - /* store the user session key for a transport */ @@ -163,9 +141,19 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, struct smb_composite_sesssetup *io, struct smbcli_request **req) { + NTSTATUS nt_status; struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); - const struct samr_Password *nt_hash = cli_credentials_get_nt_hash(io->in.credentials, state); const char *password = cli_credentials_get_password(io->in.credentials); + DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, lp_workgroup()); + DATA_BLOB session_key; + int flags = CLI_CRED_NTLM_AUTH; + if (lp_client_lanman_auth()) { + flags |= CLI_CRED_LANMAN_AUTH; + } + + if (lp_client_ntlmv2_auth()) { + flags |= CLI_CRED_NTLMv2_AUTH; + } state->setup.nt1.level = RAW_SESSSETUP_NT1; state->setup.nt1.in.bufsize = session->transport->options.max_xmit; @@ -175,56 +163,26 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, state->setup.nt1.in.capabilities = io->in.capabilities; state->setup.nt1.in.os = "Unix"; state->setup.nt1.in.lanman = talloc_asprintf(state, "Samba %s", SAMBA_VERSION_STRING); + cli_credentials_get_ntlm_username_domain(io->in.credentials, state, &state->setup.nt1.in.user, &state->setup.nt1.in.domain); + - if (!password) { - state->setup.nt1.in.password1 = data_blob(NULL, 0); - state->setup.nt1.in.password2 = data_blob(NULL, 0); - } else if (session->transport->negotiate.sec_mode & - NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) { - DATA_BLOB session_key; - if (lp_client_ntlmv2_auth()) { - DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, lp_netbios_name(), lp_workgroup()); - DATA_BLOB lmv2_response, ntlmv2_response, lmv2_session_key; - - if (!SMBNTLMv2encrypt_hash(state, - state->setup.nt1.in.user, state->setup.nt1.in.domain, - nt_hash->hash, &session->transport->negotiate.secblob, - &names_blob, - &lmv2_response, &ntlmv2_response, - &lmv2_session_key, &session_key)) { - data_blob_free(&names_blob); - return NT_STATUS_NO_MEMORY; - } - data_blob_free(&names_blob); - data_blob_free(&lmv2_session_key); - state->setup.nt1.in.password1 = lmv2_response; - state->setup.nt1.in.password2 = ntlmv2_response; - - } else { - - state->setup.nt1.in.password2 = nt_blob(state, nt_hash, - session->transport->negotiate.secblob); - if (lp_client_lanman_auth()) { - state->setup.nt1.in.password1 = lanman_blob(state, password, - session->transport->negotiate.secblob); - } else { - /* if not sending the LM password, send the NT password twice */ - state->setup.nt1.in.password1 = state->setup.nt1.in.password2; - } - - session_key = data_blob_talloc(session, NULL, 16); - SMBsesskeygen_ntv1(nt_hash->hash, session_key.data); - } + if (session->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) { + nt_status = cli_credentials_get_ntlm_response(io->in.credentials, state, + &flags, + session->transport->negotiate.secblob, + names_blob, + &state->setup.nt1.in.password1, + &state->setup.nt1.in.password2, + NULL, &session_key); smbcli_transport_simple_set_signing(session->transport, session_key, state->setup.nt1.in.password2); set_user_session_key(session, &session_key); data_blob_free(&session_key); - } else if (lp_client_plaintext_auth()) { state->setup.nt1.in.password1 = data_blob_talloc(state, password, strlen(password)); state->setup.nt1.in.password2 = data_blob(NULL, 0); @@ -249,8 +207,19 @@ static NTSTATUS session_setup_old(struct composite_context *c, struct smb_composite_sesssetup *io, struct smbcli_request **req) { + NTSTATUS nt_status; struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); const char *password = cli_credentials_get_password(io->in.credentials); + DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, lp_workgroup()); + DATA_BLOB session_key; + int flags = 0; + if (lp_client_lanman_auth()) { + flags |= CLI_CRED_LANMAN_AUTH; + } + + if (lp_client_ntlmv2_auth()) { + flags |= CLI_CRED_NTLMv2_AUTH; + } state->setup.old.level = RAW_SESSSETUP_OLD; state->setup.old.in.bufsize = session->transport->options.max_xmit; @@ -263,15 +232,22 @@ static NTSTATUS session_setup_old(struct composite_context *c, &state->setup.old.in.user, &state->setup.old.in.domain); - if (!password) { - state->setup.old.in.password = data_blob(NULL, 0); - } else if (session->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) { - state->setup.old.in.password = lanman_blob(state, password, - session->transport->negotiate.secblob); + if (session->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) { + nt_status = cli_credentials_get_ntlm_response(io->in.credentials, state, + &flags, + session->transport->negotiate.secblob, + names_blob, + &state->setup.old.in.password, + NULL, + NULL, &session_key); + set_user_session_key(session, &session_key); + + data_blob_free(&session_key); + } else if (lp_client_plaintext_auth()) { + state->setup.old.in.password = data_blob_talloc(state, password, strlen(password)); } else { - state->setup.old.in.password = data_blob_talloc(state, - password, - strlen(password)); + /* could match windows client and return 'cannot logon from this workstation', but it just confuses everybody */ + return NT_STATUS_INVALID_PARAMETER; } *req = smb_raw_sesssetup_send(session, &state->setup); -- cgit