2 Unix SMB/Netbios implementation.
4 handle NTLMSSP, server side
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Andrew Bartlett 2001-2010
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "auth/ntlmssp/ntlmssp.h"
25 #include "auth/ntlmssp/ntlmssp_private.h"
26 #include "../librpc/gen_ndr/ndr_ntlmssp.h"
27 #include "auth/ntlmssp/ntlmssp_ndr.h"
28 #include "../libcli/auth/libcli_auth.h"
29 #include "../lib/crypto/crypto.h"
30 #include "auth/gensec/gensec.h"
31 #include "auth/common_auth.h"
34 * Determine correct target name flags for reply, given server role
35 * and negotiated flags
37 * @param ntlmssp_state NTLMSSP State
38 * @param neg_flags The flags from the packet
39 * @param chal_flags The flags to be set in the reply packet
40 * @return The 'target name' string.
43 const char *ntlmssp_target_name(struct ntlmssp_state
*ntlmssp_state
,
44 uint32_t neg_flags
, uint32_t *chal_flags
)
46 if (neg_flags
& NTLMSSP_REQUEST_TARGET
) {
47 *chal_flags
|= NTLMSSP_NEGOTIATE_TARGET_INFO
;
48 *chal_flags
|= NTLMSSP_REQUEST_TARGET
;
49 if (ntlmssp_state
->server
.is_standalone
) {
50 *chal_flags
|= NTLMSSP_TARGET_TYPE_SERVER
;
51 return ntlmssp_state
->server
.netbios_name
;
53 *chal_flags
|= NTLMSSP_TARGET_TYPE_DOMAIN
;
54 return ntlmssp_state
->server
.netbios_domain
;
62 * Next state function for the NTLMSSP Negotiate packet
64 * @param gensec_security GENSEC state
65 * @param out_mem_ctx Memory context for *out
66 * @param in The request, as a DATA_BLOB. reply.data must be NULL
67 * @param out The reply, as an allocated DATA_BLOB, caller to free.
68 * @return Errors or MORE_PROCESSING_REQUIRED if (normal) a reply is required.
71 NTSTATUS
gensec_ntlmssp_server_negotiate(struct gensec_security
*gensec_security
,
72 TALLOC_CTX
*out_mem_ctx
,
73 const DATA_BLOB request
, DATA_BLOB
*reply
)
75 struct gensec_ntlmssp_context
*gensec_ntlmssp
=
76 talloc_get_type_abort(gensec_security
->private_data
,
77 struct gensec_ntlmssp_context
);
78 struct ntlmssp_state
*ntlmssp_state
= gensec_ntlmssp
->ntlmssp_state
;
79 struct auth4_context
*auth_context
= gensec_security
->auth_context
;
80 DATA_BLOB struct_blob
;
81 uint32_t neg_flags
= 0;
82 uint32_t ntlmssp_command
, chal_flags
;
84 const char *target_name
;
87 /* parse the NTLMSSP packet */
89 file_save("ntlmssp_negotiate.dat", request
.data
, request
.length
);
93 if ((request
.length
< 16) || !msrpc_parse(ntlmssp_state
, &request
, "Cdd",
97 DEBUG(1, ("ntlmssp_server_negotiate: failed to parse NTLMSSP Negotiate of length %u\n",
98 (unsigned int)request
.length
));
99 dump_data(2, request
.data
, request
.length
);
100 return NT_STATUS_INVALID_PARAMETER
;
102 debug_ntlmssp_flags(neg_flags
);
104 if (DEBUGLEVEL
>= 10) {
105 struct NEGOTIATE_MESSAGE
*negotiate
= talloc(
106 ntlmssp_state
, struct NEGOTIATE_MESSAGE
);
107 if (negotiate
!= NULL
) {
108 status
= ntlmssp_pull_NEGOTIATE_MESSAGE(
109 &request
, negotiate
, negotiate
);
110 if (NT_STATUS_IS_OK(status
)) {
111 NDR_PRINT_DEBUG(NEGOTIATE_MESSAGE
,
114 TALLOC_FREE(negotiate
);
119 ntlmssp_handle_neg_flags(ntlmssp_state
, neg_flags
, ntlmssp_state
->allow_lm_key
);
121 /* Ask our caller what challenge they would like in the packet */
122 if (auth_context
->get_ntlm_challenge
) {
123 status
= auth_context
->get_ntlm_challenge(auth_context
, cryptkey
);
124 if (!NT_STATUS_IS_OK(status
)) {
125 DEBUG(1, ("gensec_ntlmssp_server_negotiate: failed to get challenge: %s\n",
130 DEBUG(1, ("gensec_ntlmssp_server_negotiate: backend doesn't give a challenge\n"));
131 return NT_STATUS_NOT_IMPLEMENTED
;
134 /* Check if we may set the challenge */
135 if (auth_context
->challenge_may_be_modified
) {
136 if (!auth_context
->challenge_may_be_modified(auth_context
)) {
137 ntlmssp_state
->neg_flags
&= ~NTLMSSP_NEGOTIATE_NTLM2
;
141 /* The flags we send back are not just the negotiated flags,
142 * they are also 'what is in this packet'. Therfore, we
143 * operate on 'chal_flags' from here on
146 chal_flags
= ntlmssp_state
->neg_flags
;
148 /* get the right name to fill in as 'target' */
149 target_name
= ntlmssp_target_name(ntlmssp_state
,
150 neg_flags
, &chal_flags
);
151 if (target_name
== NULL
)
152 return NT_STATUS_INVALID_PARAMETER
;
154 ntlmssp_state
->chal
= data_blob_talloc(ntlmssp_state
, cryptkey
, 8);
155 ntlmssp_state
->internal_chal
= data_blob_talloc(ntlmssp_state
,
158 /* This creates the 'blob' of names that appears at the end of the packet */
159 if (chal_flags
& NTLMSSP_NEGOTIATE_TARGET_INFO
)
161 status
= msrpc_gen(ntlmssp_state
, &struct_blob
, "aaaaa",
162 MsvAvNbDomainName
, target_name
,
163 MsvAvNbComputerName
, ntlmssp_state
->server
.netbios_name
,
164 MsvAvDnsDomainName
, ntlmssp_state
->server
.dns_domain
,
165 MsvAvDnsComputerName
, ntlmssp_state
->server
.dns_name
,
167 if (!NT_STATUS_IS_OK(status
)) {
171 struct_blob
= data_blob_null
;
175 /* Marshal the packet in the right format, be it unicode or ASCII */
176 const char *gen_string
;
177 DATA_BLOB version_blob
= data_blob_null
;
179 if (chal_flags
& NTLMSSP_NEGOTIATE_VERSION
) {
180 enum ndr_err_code err
;
181 struct ntlmssp_VERSION vers
;
183 /* "What Windows returns" as a version number. */
185 vers
.ProductMajorVersion
= NTLMSSP_WINDOWS_MAJOR_VERSION_6
;
186 vers
.ProductMinorVersion
= NTLMSSP_WINDOWS_MINOR_VERSION_1
;
187 vers
.ProductBuild
= 0;
188 vers
.NTLMRevisionCurrent
= NTLMSSP_REVISION_W2K3
;
190 err
= ndr_push_struct_blob(&version_blob
,
193 (ndr_push_flags_fn_t
)ndr_push_ntlmssp_VERSION
);
195 if (!NDR_ERR_CODE_IS_SUCCESS(err
)) {
196 data_blob_free(&struct_blob
);
197 return NT_STATUS_NO_MEMORY
;
201 if (ntlmssp_state
->unicode
) {
202 gen_string
= "CdUdbddBb";
204 gen_string
= "CdAdbddBb";
207 status
= msrpc_gen(out_mem_ctx
, reply
, gen_string
,
214 struct_blob
.data
, struct_blob
.length
,
215 version_blob
.data
, version_blob
.length
);
217 if (!NT_STATUS_IS_OK(status
)) {
218 data_blob_free(&version_blob
);
219 data_blob_free(&struct_blob
);
223 data_blob_free(&version_blob
);
225 if (DEBUGLEVEL
>= 10) {
226 struct CHALLENGE_MESSAGE
*challenge
= talloc(
227 ntlmssp_state
, struct CHALLENGE_MESSAGE
);
228 if (challenge
!= NULL
) {
229 challenge
->NegotiateFlags
= chal_flags
;
230 status
= ntlmssp_pull_CHALLENGE_MESSAGE(
231 reply
, challenge
, challenge
);
232 if (NT_STATUS_IS_OK(status
)) {
233 NDR_PRINT_DEBUG(CHALLENGE_MESSAGE
,
236 TALLOC_FREE(challenge
);
241 data_blob_free(&struct_blob
);
243 ntlmssp_state
->expected_state
= NTLMSSP_AUTH
;
245 return NT_STATUS_MORE_PROCESSING_REQUIRED
;
248 struct ntlmssp_server_auth_state
{
249 DATA_BLOB user_session_key
;
250 DATA_BLOB lm_session_key
;
251 /* internal variables used by KEY_EXCH (client-supplied user session key */
252 DATA_BLOB encrypted_session_key
;
254 /* internal variables used by NTLM2 */
255 uint8_t session_nonce
[16];
259 * Next state function for the Authenticate packet
261 * @param ntlmssp_state NTLMSSP State
262 * @param request The request, as a DATA_BLOB
263 * @return Errors or NT_STATUS_OK.
266 static NTSTATUS
ntlmssp_server_preauth(struct gensec_security
*gensec_security
,
267 struct gensec_ntlmssp_context
*gensec_ntlmssp
,
268 struct ntlmssp_server_auth_state
*state
,
269 const DATA_BLOB request
)
271 struct ntlmssp_state
*ntlmssp_state
= gensec_ntlmssp
->ntlmssp_state
;
272 struct auth4_context
*auth_context
= gensec_security
->auth_context
;
273 uint32_t ntlmssp_command
, auth_flags
;
276 uint8_t session_nonce_hash
[16];
278 const char *parse_string
;
281 file_save("ntlmssp_auth.dat", request
.data
, request
.length
);
284 if (ntlmssp_state
->unicode
) {
285 parse_string
= "CdBBUUUBd";
287 parse_string
= "CdBBAAABd";
291 data_blob_free(&ntlmssp_state
->session_key
);
292 data_blob_free(&ntlmssp_state
->lm_resp
);
293 data_blob_free(&ntlmssp_state
->nt_resp
);
295 ntlmssp_state
->user
= NULL
;
296 ntlmssp_state
->domain
= NULL
;
297 ntlmssp_state
->client
.netbios_name
= NULL
;
299 /* now the NTLMSSP encoded auth hashes */
300 if (!msrpc_parse(ntlmssp_state
, &request
, parse_string
,
303 &ntlmssp_state
->lm_resp
,
304 &ntlmssp_state
->nt_resp
,
305 &ntlmssp_state
->domain
,
306 &ntlmssp_state
->user
,
307 &ntlmssp_state
->client
.netbios_name
,
308 &state
->encrypted_session_key
,
310 DEBUG(10, ("ntlmssp_server_auth: failed to parse NTLMSSP (nonfatal):\n"));
311 dump_data(10, request
.data
, request
.length
);
314 data_blob_free(&state
->encrypted_session_key
);
317 /* Try again with a shorter string (Win9X truncates this packet) */
318 if (ntlmssp_state
->unicode
) {
319 parse_string
= "CdBBUUU";
321 parse_string
= "CdBBAAA";
324 /* now the NTLMSSP encoded auth hashes */
325 if (!msrpc_parse(ntlmssp_state
, &request
, parse_string
,
328 &ntlmssp_state
->lm_resp
,
329 &ntlmssp_state
->nt_resp
,
330 &ntlmssp_state
->domain
,
331 &ntlmssp_state
->user
,
332 &ntlmssp_state
->client
.netbios_name
)) {
333 DEBUG(1, ("ntlmssp_server_auth: failed to parse NTLMSSP (tried both formats):\n"));
334 dump_data(2, request
.data
, request
.length
);
336 return NT_STATUS_INVALID_PARAMETER
;
340 talloc_steal(state
, state
->encrypted_session_key
.data
);
343 ntlmssp_handle_neg_flags(ntlmssp_state
, auth_flags
, ntlmssp_state
->allow_lm_key
);
345 if (DEBUGLEVEL
>= 10) {
346 struct AUTHENTICATE_MESSAGE
*authenticate
= talloc(
347 ntlmssp_state
, struct AUTHENTICATE_MESSAGE
);
348 if (authenticate
!= NULL
) {
350 authenticate
->NegotiateFlags
= auth_flags
;
351 status
= ntlmssp_pull_AUTHENTICATE_MESSAGE(
352 &request
, authenticate
, authenticate
);
353 if (NT_STATUS_IS_OK(status
)) {
354 NDR_PRINT_DEBUG(AUTHENTICATE_MESSAGE
,
357 TALLOC_FREE(authenticate
);
361 DEBUG(3,("Got user=[%s] domain=[%s] workstation=[%s] len1=%lu len2=%lu\n",
362 ntlmssp_state
->user
, ntlmssp_state
->domain
,
363 ntlmssp_state
->client
.netbios_name
,
364 (unsigned long)ntlmssp_state
->lm_resp
.length
,
365 (unsigned long)ntlmssp_state
->nt_resp
.length
));
368 file_save("nthash1.dat", &ntlmssp_state
->nt_resp
.data
, &ntlmssp_state
->nt_resp
.length
);
369 file_save("lmhash1.dat", &ntlmssp_state
->lm_resp
.data
, &ntlmssp_state
->lm_resp
.length
);
372 /* NTLM2 uses a 'challenge' that is made of up both the server challenge, and a
375 However, the NTLM2 flag may still be set for the real NTLMv2 logins, be careful.
377 if (ntlmssp_state
->neg_flags
& NTLMSSP_NEGOTIATE_NTLM2
) {
378 if (ntlmssp_state
->nt_resp
.length
== 24 && ntlmssp_state
->lm_resp
.length
== 24) {
379 struct MD5Context md5_session_nonce_ctx
;
380 state
->doing_ntlm2
= true;
382 memcpy(state
->session_nonce
, ntlmssp_state
->internal_chal
.data
, 8);
383 memcpy(&state
->session_nonce
[8], ntlmssp_state
->lm_resp
.data
, 8);
385 SMB_ASSERT(ntlmssp_state
->internal_chal
.data
&& ntlmssp_state
->internal_chal
.length
== 8);
387 MD5Init(&md5_session_nonce_ctx
);
388 MD5Update(&md5_session_nonce_ctx
, state
->session_nonce
, 16);
389 MD5Final(session_nonce_hash
, &md5_session_nonce_ctx
);
391 /* LM response is no longer useful */
392 data_blob_free(&ntlmssp_state
->lm_resp
);
394 /* We changed the effective challenge - set it */
395 if (auth_context
->set_ntlm_challenge
) {
396 nt_status
= auth_context
->set_ntlm_challenge(auth_context
,
398 "NTLMSSP callback (NTLM2)");
399 if (!NT_STATUS_IS_OK(nt_status
)) {
400 DEBUG(1, ("gensec_ntlmssp_server_negotiate: failed to get challenge: %s\n",
401 nt_errstr(nt_status
)));
405 DEBUG(1, ("gensec_ntlmssp_server_negotiate: backend doesn't have facility for challenge to be set\n"));
407 return NT_STATUS_NOT_IMPLEMENTED
;
410 /* LM Key is incompatible. */
411 ntlmssp_state
->neg_flags
&= ~NTLMSSP_NEGOTIATE_LM_KEY
;
418 * Check the password on an NTLMSSP login.
420 * Return the session keys used on the connection.
423 static NTSTATUS
ntlmssp_server_check_password(struct gensec_security
*gensec_security
,
424 struct gensec_ntlmssp_context
*gensec_ntlmssp
,
426 DATA_BLOB
*user_session_key
, DATA_BLOB
*lm_session_key
)
428 struct ntlmssp_state
*ntlmssp_state
= gensec_ntlmssp
->ntlmssp_state
;
429 struct auth4_context
*auth_context
= gensec_security
->auth_context
;
430 NTSTATUS nt_status
= NT_STATUS_NOT_IMPLEMENTED
;
431 struct auth_usersupplied_info
*user_info
;
433 user_info
= talloc_zero(ntlmssp_state
, struct auth_usersupplied_info
);
435 return NT_STATUS_NO_MEMORY
;
438 user_info
->logon_parameters
= MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
| MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
;
439 user_info
->flags
= 0;
440 user_info
->mapped_state
= false;
441 user_info
->client
.account_name
= ntlmssp_state
->user
;
442 user_info
->client
.domain_name
= ntlmssp_state
->domain
;
443 user_info
->workstation_name
= ntlmssp_state
->client
.netbios_name
;
444 user_info
->remote_host
= gensec_get_remote_address(gensec_security
);
446 user_info
->password_state
= AUTH_PASSWORD_RESPONSE
;
447 user_info
->password
.response
.lanman
= ntlmssp_state
->lm_resp
;
448 user_info
->password
.response
.lanman
.data
= talloc_steal(user_info
, ntlmssp_state
->lm_resp
.data
);
449 user_info
->password
.response
.nt
= ntlmssp_state
->nt_resp
;
450 user_info
->password
.response
.nt
.data
= talloc_steal(user_info
, ntlmssp_state
->nt_resp
.data
);
452 if (auth_context
->check_ntlm_password
) {
453 nt_status
= auth_context
->check_ntlm_password(auth_context
,
456 &gensec_ntlmssp
->server_returned_info
,
457 user_session_key
, lm_session_key
);
459 talloc_free(user_info
);
461 if (!NT_STATUS_IS_OK(nt_status
)) {
462 DEBUG(5, (__location__
": Checking NTLMSSP password for %s\\%s failed: %s\n", user_info
->client
.domain_name
, user_info
->client
.account_name
, nt_errstr(nt_status
)));
465 NT_STATUS_NOT_OK_RETURN(nt_status
);
467 talloc_steal(mem_ctx
, user_session_key
->data
);
468 talloc_steal(mem_ctx
, lm_session_key
->data
);
474 * Next state function for the Authenticate packet
475 * (after authentication - figures out the session keys etc)
477 * @param ntlmssp_state NTLMSSP State
478 * @return Errors or NT_STATUS_OK.
481 static NTSTATUS
ntlmssp_server_postauth(struct gensec_security
*gensec_security
,
482 struct gensec_ntlmssp_context
*gensec_ntlmssp
,
483 struct ntlmssp_server_auth_state
*state
)
485 struct ntlmssp_state
*ntlmssp_state
= gensec_ntlmssp
->ntlmssp_state
;
486 DATA_BLOB user_session_key
= state
->user_session_key
;
487 DATA_BLOB lm_session_key
= state
->lm_session_key
;
488 NTSTATUS nt_status
= NT_STATUS_OK
;
489 DATA_BLOB session_key
= data_blob(NULL
, 0);
491 dump_data_pw("NT session key:\n", user_session_key
.data
, user_session_key
.length
);
492 dump_data_pw("LM first-8:\n", lm_session_key
.data
, lm_session_key
.length
);
494 /* Handle the different session key derivation for NTLM2 */
495 if (state
->doing_ntlm2
) {
496 if (user_session_key
.data
&& user_session_key
.length
== 16) {
497 session_key
= data_blob_talloc(ntlmssp_state
,
499 hmac_md5(user_session_key
.data
, state
->session_nonce
,
500 sizeof(state
->session_nonce
), session_key
.data
);
501 DEBUG(10,("ntlmssp_server_auth: Created NTLM2 session key.\n"));
502 dump_data_pw("NTLM2 session key:\n", session_key
.data
, session_key
.length
);
505 DEBUG(10,("ntlmssp_server_auth: Failed to create NTLM2 session key.\n"));
506 session_key
= data_blob_null
;
508 } else if ((ntlmssp_state
->neg_flags
& NTLMSSP_NEGOTIATE_LM_KEY
)
509 /* Ensure we can never get here on NTLMv2 */
510 && (ntlmssp_state
->nt_resp
.length
== 0 || ntlmssp_state
->nt_resp
.length
== 24)) {
512 if (lm_session_key
.data
&& lm_session_key
.length
>= 8) {
513 if (ntlmssp_state
->lm_resp
.data
&& ntlmssp_state
->lm_resp
.length
== 24) {
514 session_key
= data_blob_talloc(ntlmssp_state
,
516 if (session_key
.data
== NULL
) {
517 return NT_STATUS_NO_MEMORY
;
519 SMBsesskeygen_lm_sess_key(lm_session_key
.data
, ntlmssp_state
->lm_resp
.data
,
521 DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
523 static const uint8_t zeros
[24] = {0, };
524 session_key
= data_blob_talloc(
525 ntlmssp_state
, NULL
, 16);
526 if (session_key
.data
== NULL
) {
527 return NT_STATUS_NO_MEMORY
;
529 SMBsesskeygen_lm_sess_key(zeros
, zeros
,
531 DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
533 dump_data_pw("LM session key:\n", session_key
.data
,
536 /* LM Key not selected */
537 ntlmssp_state
->neg_flags
&= ~NTLMSSP_NEGOTIATE_LM_KEY
;
539 DEBUG(10,("ntlmssp_server_auth: Failed to create NTLM session key.\n"));
540 session_key
= data_blob_null
;
543 } else if (user_session_key
.data
) {
544 session_key
= user_session_key
;
545 DEBUG(10,("ntlmssp_server_auth: Using unmodified nt session key.\n"));
546 dump_data_pw("unmodified session key:\n", session_key
.data
, session_key
.length
);
548 /* LM Key not selected */
549 ntlmssp_state
->neg_flags
&= ~NTLMSSP_NEGOTIATE_LM_KEY
;
551 } else if (lm_session_key
.data
) {
552 /* Very weird to have LM key, but no user session key, but anyway.. */
553 session_key
= lm_session_key
;
554 DEBUG(10,("ntlmssp_server_auth: Using unmodified lm session key.\n"));
555 dump_data_pw("unmodified session key:\n", session_key
.data
, session_key
.length
);
557 /* LM Key not selected */
558 ntlmssp_state
->neg_flags
&= ~NTLMSSP_NEGOTIATE_LM_KEY
;
561 DEBUG(10,("ntlmssp_server_auth: Failed to create unmodified session key.\n"));
562 session_key
= data_blob_null
;
564 /* LM Key not selected */
565 ntlmssp_state
->neg_flags
&= ~NTLMSSP_NEGOTIATE_LM_KEY
;
568 /* With KEY_EXCH, the client supplies the proposed session key,
569 but encrypts it with the long-term key */
570 if (ntlmssp_state
->neg_flags
& NTLMSSP_NEGOTIATE_KEY_EXCH
) {
571 if (!state
->encrypted_session_key
.data
572 || state
->encrypted_session_key
.length
!= 16) {
573 DEBUG(1, ("Client-supplied KEY_EXCH session key was of invalid length (%u)!\n",
574 (unsigned)state
->encrypted_session_key
.length
));
575 return NT_STATUS_INVALID_PARAMETER
;
576 } else if (!session_key
.data
|| session_key
.length
!= 16) {
577 DEBUG(5, ("server session key is invalid (len == %u), cannot do KEY_EXCH!\n",
578 (unsigned int)session_key
.length
));
579 ntlmssp_state
->session_key
= session_key
;
580 talloc_steal(ntlmssp_state
, session_key
.data
);
582 dump_data_pw("KEY_EXCH session key (enc):\n",
583 state
->encrypted_session_key
.data
,
584 state
->encrypted_session_key
.length
);
585 arcfour_crypt(state
->encrypted_session_key
.data
,
587 state
->encrypted_session_key
.length
);
588 ntlmssp_state
->session_key
= data_blob_talloc(ntlmssp_state
,
589 state
->encrypted_session_key
.data
,
590 state
->encrypted_session_key
.length
);
591 dump_data_pw("KEY_EXCH session key:\n",
592 state
->encrypted_session_key
.data
,
593 state
->encrypted_session_key
.length
);
596 ntlmssp_state
->session_key
= session_key
;
597 talloc_steal(ntlmssp_state
, session_key
.data
);
600 if (ntlmssp_state
->session_key
.length
) {
601 nt_status
= ntlmssp_sign_init(ntlmssp_state
);
604 ntlmssp_state
->expected_state
= NTLMSSP_DONE
;
611 * Next state function for the NTLMSSP Authenticate packet
613 * @param gensec_security GENSEC state
614 * @param out_mem_ctx Memory context for *out
615 * @param in The request, as a DATA_BLOB. reply.data must be NULL
616 * @param out The reply, as an allocated DATA_BLOB, caller to free.
617 * @return Errors or NT_STATUS_OK if authentication sucessful
620 NTSTATUS
gensec_ntlmssp_server_auth(struct gensec_security
*gensec_security
,
621 TALLOC_CTX
*out_mem_ctx
,
622 const DATA_BLOB in
, DATA_BLOB
*out
)
624 struct gensec_ntlmssp_context
*gensec_ntlmssp
=
625 talloc_get_type_abort(gensec_security
->private_data
,
626 struct gensec_ntlmssp_context
);
627 struct ntlmssp_server_auth_state
*state
;
630 /* zero the outbound NTLMSSP packet */
631 *out
= data_blob_null
;
633 state
= talloc_zero(gensec_ntlmssp
, struct ntlmssp_server_auth_state
);
635 return NT_STATUS_NO_MEMORY
;
638 nt_status
= ntlmssp_server_preauth(gensec_security
, gensec_ntlmssp
, state
, in
);
639 if (!NT_STATUS_IS_OK(nt_status
)) {
645 * Note we don't check here for NTLMv2 auth settings. If NTLMv2 auth
646 * is required (by "ntlm auth = no" and "lm auth = no" being set in the
647 * smb.conf file) and no NTLMv2 response was sent then the password check
648 * will fail here. JRA.
651 /* Finally, actually ask if the password is OK */
652 nt_status
= ntlmssp_server_check_password(gensec_security
, gensec_ntlmssp
,
654 &state
->user_session_key
,
655 &state
->lm_session_key
);
656 if (!NT_STATUS_IS_OK(nt_status
)) {
661 /* When we get more async in the auth code behind
662 ntlmssp_state->check_password, the ntlmssp_server_postpath
663 can be done in a callback */
665 nt_status
= ntlmssp_server_postauth(gensec_security
, gensec_ntlmssp
, state
);