source3/libsmb/ntlmssp_wrap.c

   1 /*
   2    NLTMSSP wrappers
   3
   4    Copyright (C) Andrew Tridgell      2001
   5    Copyright (C) Andrew Bartlett 2001-2003
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20
  21 #include "includes.h"
  22 #include "libcli/auth/ntlmssp.h"
  23 #include "ntlmssp_wrap.h"
  24 #include "auth/gensec/gensec.h"
  25
  26 NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans,
  27                                   TALLOC_CTX *sig_mem_ctx,
  28                                   const uint8_t *data,
  29                                   size_t length,
  30                                   const uint8_t *whole_pdu,
  31                                   size_t pdu_length,
  32                                   DATA_BLOB *sig)
  33 {
  34         if (ans->gensec_security) {
  35                 return gensec_sign_packet(ans->gensec_security,
  36                                           sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
  37         }
  38         return ntlmssp_sign_packet(ans->ntlmssp_state,
  39                                    sig_mem_ctx,
  40                                    data, length,
  41                                    whole_pdu, pdu_length,
  42                                    sig);
  43 }
  44
  45 NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *ans,
  46                                    const uint8_t *data,
  47                                    size_t length,
  48                                    const uint8_t *whole_pdu,
  49                                    size_t pdu_length,
  50                                    const DATA_BLOB *sig)
  51 {
  52         if (ans->gensec_security) {
  53                 return gensec_check_packet(ans->gensec_security,
  54                                            data, length, whole_pdu, pdu_length, sig);
  55         }
  56         return ntlmssp_check_packet(ans->ntlmssp_state,
  57                                     data, length,
  58                                     whole_pdu, pdu_length,
  59                                     sig);
  60 }
  61
  62 NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *ans,
  63                                   TALLOC_CTX *sig_mem_ctx,
  64                                   uint8_t *data,
  65                                   size_t length,
  66                                   const uint8_t *whole_pdu,
  67                                   size_t pdu_length,
  68                                   DATA_BLOB *sig)
  69 {
  70         if (ans->gensec_security) {
  71                 return gensec_seal_packet(ans->gensec_security,
  72                                           sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
  73         }
  74         return ntlmssp_seal_packet(ans->ntlmssp_state,
  75                                    sig_mem_ctx,
  76                                    data, length,
  77                                    whole_pdu, pdu_length,
  78                                    sig);
  79 }
  80
  81 NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans,
  82                                     uint8_t *data,
  83                                     size_t length,
  84                                     const uint8_t *whole_pdu,
  85                                     size_t pdu_length,
  86                                     const DATA_BLOB *sig)
  87 {
  88         if (ans->gensec_security) {
  89                 return gensec_unseal_packet(ans->gensec_security,
  90                                             data, length, whole_pdu, pdu_length, sig);
  91         }
  92         return ntlmssp_unseal_packet(ans->ntlmssp_state,
  93                                      data, length,
  94                                      whole_pdu, pdu_length,
  95                                      sig);
  96 }
  97
  98 bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *ans)
  99 {
 100         if (ans->gensec_security) {
 101                 return gensec_have_feature(ans->gensec_security, GENSEC_FEATURE_SIGN);
 102         }
 103         return ans->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN;
 104 }
 105
 106 bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *ans)
 107 {
 108         if (ans->gensec_security) {
 109                 return gensec_have_feature(ans->gensec_security, GENSEC_FEATURE_SEAL);
 110         }
 111         return ans->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL;
 112 }
 113
 114 NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans,
 115                                    const char *user)
 116 {
 117         return ntlmssp_set_username(ans->ntlmssp_state, user);
 118 }
 119
 120 NTSTATUS auth_ntlmssp_set_domain(struct auth_ntlmssp_state *ans,
 121                                  const char *domain)
 122 {
 123         return ntlmssp_set_domain(ans->ntlmssp_state, domain);
 124 }
 125
 126 NTSTATUS auth_ntlmssp_set_password(struct auth_ntlmssp_state *ans,
 127                                    const char *password)
 128 {
 129         return ntlmssp_set_password(ans->ntlmssp_state, password);
 130 }
 131
 132 void auth_ntlmssp_want_feature(struct auth_ntlmssp_state *ans, uint32_t feature)
 133 {
 134         if (ans->gensec_security) {
 135                 if (feature & NTLMSSP_FEATURE_SESSION_KEY) {
 136                         gensec_want_feature(ans->gensec_security, GENSEC_FEATURE_SESSION_KEY);
 137                 }
 138                 if (feature & NTLMSSP_FEATURE_SIGN) {
 139                         gensec_want_feature(ans->gensec_security, GENSEC_FEATURE_SIGN);
 140                 }
 141                 if (feature & NTLMSSP_FEATURE_SEAL) {
 142                         gensec_want_feature(ans->gensec_security, GENSEC_FEATURE_SEAL);
 143                 }
 144         } else {
 145                 ntlmssp_want_feature(ans->ntlmssp_state, feature);
 146         }
 147 }
 148
 149 DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans, TALLOC_CTX *mem_ctx)
 150 {
 151         if (ans->gensec_security) {
 152                 DATA_BLOB session_key;
 153                 NTSTATUS status = gensec_session_key(ans->gensec_security, mem_ctx, &session_key);
 154                 if (NT_STATUS_IS_OK(status)) {
 155                         return session_key;
 156                 } else {
 157                         return data_blob_null;
 158                 }
 159         }
 160         return data_blob_talloc(mem_ctx, ans->ntlmssp_state->session_key.data, ans->ntlmssp_state->session_key.length);
 161 }
 162
 163 NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans,
 164                              TALLOC_CTX *mem_ctx,
 165                              const DATA_BLOB request, DATA_BLOB *reply)
 166 {
 167         NTSTATUS status;
 168         if (ans->gensec_security) {
 169                 return gensec_update(ans->gensec_security, mem_ctx, request, reply);
 170         }
 171         status = ntlmssp_update(ans->ntlmssp_state, request, reply);
 172         if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 173                 return status;
 174         }
 175         talloc_steal(mem_ctx, reply->data);
 176         return status;
 177 }
 178
 179 NTSTATUS auth_ntlmssp_client_start(TALLOC_CTX *mem_ctx,
 180                                    const char *netbios_name,
 181                                    const char *netbios_domain,
 182                                    bool use_ntlmv2,
 183                                    struct auth_ntlmssp_state **_ans)
 184 {
 185         struct auth_ntlmssp_state *ans;
 186         NTSTATUS status;
 187
 188         ans = talloc_zero(mem_ctx, struct auth_ntlmssp_state);
 189
 190         status = ntlmssp_client_start(ans,
 191                                         netbios_name, netbios_domain,
 192                                         use_ntlmv2, &ans->ntlmssp_state);
 193         if (!NT_STATUS_IS_OK(status)) {
 194                 return status;
 195         }
 196
 197         *_ans = ans;
 198         return NT_STATUS_OK;
 199 }