4 Copyright (C) Andrew Tridgell 2001
5 Copyright (C) Andrew Bartlett 2001-2003,2011
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "auth/ntlmssp/ntlmssp.h"
23 #include "auth/ntlmssp/ntlmssp_private.h"
24 #include "auth_generic.h"
25 #include "auth/gensec/gensec.h"
26 #include "auth/credentials/credentials.h"
27 #include "librpc/rpc/dcerpc.h"
28 #include "lib/param/param.h"
30 static NTSTATUS
gensec_ntlmssp3_client_update(struct gensec_security
*gensec_security
,
31 TALLOC_CTX
*out_mem_ctx
,
32 struct tevent_context
*ev
,
33 const DATA_BLOB request
,
37 struct gensec_ntlmssp_context
*gensec_ntlmssp
=
38 talloc_get_type_abort(gensec_security
->private_data
,
39 struct gensec_ntlmssp_context
);
41 status
= ntlmssp_update(gensec_ntlmssp
->ntlmssp_state
, request
, reply
);
42 if (NT_STATUS_IS_OK(status
) ||
43 NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
44 talloc_steal(out_mem_ctx
, reply
->data
);
50 static NTSTATUS
gensec_ntlmssp3_client_start(struct gensec_security
*gensec_security
)
53 struct gensec_ntlmssp_context
*gensec_ntlmssp
;
54 const char *user
, *domain
;
57 nt_status
= gensec_ntlmssp_start(gensec_security
);
58 NT_STATUS_NOT_OK_RETURN(nt_status
);
61 talloc_get_type_abort(gensec_security
->private_data
,
62 struct gensec_ntlmssp_context
);
64 nt_status
= ntlmssp_client_start(gensec_ntlmssp
,
65 lp_netbios_name(), lp_workgroup(),
66 lp_client_ntlmv2_auth(), &gensec_ntlmssp
->ntlmssp_state
);
67 if (!NT_STATUS_IS_OK(nt_status
)) {
71 cli_credentials_get_ntlm_username_domain(gensec_security
->credentials
, gensec_ntlmssp
, &user
, &domain
);
72 if (!user
|| !domain
) {
73 return NT_STATUS_NO_MEMORY
;
76 nt_status
= ntlmssp_set_username(gensec_ntlmssp
->ntlmssp_state
, user
);
77 if (!NT_STATUS_IS_OK(nt_status
)) {
81 nt_status
= ntlmssp_set_domain(gensec_ntlmssp
->ntlmssp_state
, domain
);
82 if (!NT_STATUS_IS_OK(nt_status
)) {
86 password
= cli_credentials_get_password(gensec_security
->credentials
);
88 return NT_STATUS_NO_MEMORY
;
91 nt_status
= ntlmssp_set_password(gensec_ntlmssp
->ntlmssp_state
, password
);
92 if (!NT_STATUS_IS_OK(nt_status
)) {
96 if (gensec_security
->want_features
& GENSEC_FEATURE_SESSION_KEY
) {
97 gensec_ntlmssp
->ntlmssp_state
->neg_flags
|= NTLMSSP_NEGOTIATE_SIGN
;
99 if (gensec_security
->want_features
& GENSEC_FEATURE_SIGN
) {
100 gensec_ntlmssp
->ntlmssp_state
->neg_flags
|= NTLMSSP_NEGOTIATE_SIGN
;
102 if (gensec_security
->want_features
& GENSEC_FEATURE_SEAL
) {
103 gensec_ntlmssp
->ntlmssp_state
->neg_flags
|= NTLMSSP_NEGOTIATE_SIGN
;
104 gensec_ntlmssp
->ntlmssp_state
->neg_flags
|= NTLMSSP_NEGOTIATE_SEAL
;
110 static const char *gensec_ntlmssp3_client_oids
[] = {
115 const struct gensec_security_ops gensec_ntlmssp3_client_ops
= {
116 .name
= "ntlmssp3_client",
117 .sasl_name
= GENSEC_SASL_NAME_NTLMSSP
, /* "NTLM" */
118 .auth_type
= DCERPC_AUTH_TYPE_NTLMSSP
,
119 .oid
= gensec_ntlmssp3_client_oids
,
120 .client_start
= gensec_ntlmssp3_client_start
,
121 .magic
= gensec_ntlmssp_magic
,
122 .update
= gensec_ntlmssp3_client_update
,
123 .sig_size
= gensec_ntlmssp_sig_size
,
124 .sign_packet
= gensec_ntlmssp_sign_packet
,
125 .check_packet
= gensec_ntlmssp_check_packet
,
126 .seal_packet
= gensec_ntlmssp_seal_packet
,
127 .unseal_packet
= gensec_ntlmssp_unseal_packet
,
128 .wrap
= gensec_ntlmssp_wrap
,
129 .unwrap
= gensec_ntlmssp_unwrap
,
130 .session_key
= gensec_ntlmssp_session_key
,
131 .have_feature
= gensec_ntlmssp_have_feature
,
133 .priority
= GENSEC_NTLMSSP