search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-selftest: Remove some unnecessary comma
[Samba/gebeck_regimport.git] / source3 / libsmb / ntlmssp.c
blobb877af583a3efe4e69e734f814527e727158b115
1 /*
2 Unix SMB/Netbios implementation.
3 Version 3.0
4 handle NLTMSSP, server side
5
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Andrew Bartlett 2001-2010
8 Copyright (C) Stefan Metzmacher 2005
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "../auth/ntlmssp/ntlmssp.h"
26 #include "../auth/ntlmssp/ntlmssp_private.h"
27 #include "../libcli/auth/libcli_auth.h"
28 #include "../librpc/gen_ndr/ndr_ntlmssp.h"
29 #include "../auth/ntlmssp/ntlmssp_ndr.h"
30 #include "../lib/crypto/md5.h"
31 #include "../lib/crypto/arcfour.h"
32 #include "../lib/crypto/hmacmd5.h"
33 #include "../nsswitch/libwbclient/wbclient.h"
34
35 static NTSTATUS ntlmssp3_client_initial(struct ntlmssp_state *ntlmssp_state,
36 TALLOC_CTX *out_mem_ctx,
37 DATA_BLOB reply, DATA_BLOB *next_request);
38 static NTSTATUS ntlmssp3_client_challenge(struct ntlmssp_state *ntlmssp_state,
39 TALLOC_CTX *out_mem_ctx, /* Unused at this time */
40 const DATA_BLOB reply, DATA_BLOB *next_request);
41 /**
42 * Callbacks for NTLMSSP - for both client and server operating modes
43 *
44 */
45
46 static const struct ntlmssp_callbacks {
47 enum ntlmssp_role role;
48 enum ntlmssp_message_type ntlmssp_command;
49 NTSTATUS (*fn)(struct ntlmssp_state *ntlmssp_state,
50 TALLOC_CTX *out_mem_ctx,
51 DATA_BLOB in, DATA_BLOB *out);
52 } ntlmssp_callbacks[] = {
53 {NTLMSSP_CLIENT, NTLMSSP_INITIAL, ntlmssp3_client_initial},
54 {NTLMSSP_CLIENT, NTLMSSP_CHALLENGE, ntlmssp3_client_challenge},
55 {NTLMSSP_CLIENT, NTLMSSP_UNKNOWN, NULL},
56 {NTLMSSP_SERVER, NTLMSSP_UNKNOWN, NULL}
57 };
58
59 /**
60 * Set a username on an NTLMSSP context - ensures it is talloc()ed
61 *
62 */
63
64 NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *user)
65 {
66 ntlmssp_state->user = talloc_strdup(ntlmssp_state, user ? user : "" );
67 if (!ntlmssp_state->user) {
68 return NT_STATUS_NO_MEMORY;
69 }
70 return NT_STATUS_OK;
71 }
72
73 /**
74 * Converts a password to the hashes on an NTLMSSP context.
75 *
76 */
77 NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *password)
78 {
79 TALLOC_FREE(ntlmssp_state->lm_hash);
80 TALLOC_FREE(ntlmssp_state->nt_hash);
81 if (!password) {
82 return NT_STATUS_OK;
83 } else {
84 uint8_t lm_hash[16];
85 uint8_t nt_hash[16];
86
87 if (E_deshash(password, lm_hash)) {
88 ntlmssp_state->lm_hash = (uint8_t *)
89 talloc_memdup(ntlmssp_state, lm_hash, 16);
90 if (!ntlmssp_state->lm_hash) {
91 return NT_STATUS_NO_MEMORY;
92 }
93 }
94
95 E_md4hash(password, nt_hash);
96
97 ntlmssp_state->nt_hash = (uint8_t *)
98 talloc_memdup(ntlmssp_state, nt_hash, 16);
99 if (!ntlmssp_state->nt_hash) {
100 TALLOC_FREE(ntlmssp_state->lm_hash);
101 return NT_STATUS_NO_MEMORY;
102 }
103 }
104 return NT_STATUS_OK;
105 }
106
107 /**
108 * Set a domain on an NTLMSSP context - ensures it is talloc()ed
109 *
110 */
111 NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *domain)
112 {
113 ntlmssp_state->domain = talloc_strdup(ntlmssp_state,
114 domain ? domain : "" );
115 if (!ntlmssp_state->domain) {
116 return NT_STATUS_NO_MEMORY;
117 }
118 return NT_STATUS_OK;
119 }
120
121 /**
122 * Request features for the NTLMSSP negotiation
123 *
124 * @param ntlmssp_state NTLMSSP state
125 * @param feature_list List of space seperated features requested from NTLMSSP.
126 */
127 void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *feature_list)
128 {
129 /*
130 * We need to set this to allow a later SetPassword
131 * via the SAMR pipe to succeed. Strange.... We could
132 * also add NTLMSSP_NEGOTIATE_SEAL here. JRA.
133 */
134 if (in_list("NTLMSSP_FEATURE_SESSION_KEY", feature_list, True)) {
135 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
136 }
137 if (in_list("NTLMSSP_FEATURE_SIGN", feature_list, True)) {
138 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
139 }
140 if(in_list("NTLMSSP_FEATURE_SEAL", feature_list, True)) {
141 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
142 }
143 if (in_list("NTLMSSP_FEATURE_CCACHE", feature_list, true)) {
144 ntlmssp_state->use_ccache = true;
145 }
146 }
147
148 /**
149 * Request a feature for the NTLMSSP negotiation
150 *
151 * @param ntlmssp_state NTLMSSP state
152 * @param feature Bit flag specifying the requested feature
153 */
154 void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature)
155 {
156 /* As per JRA's comment above */
157 if (feature & NTLMSSP_FEATURE_SESSION_KEY) {
158 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
159 }
160 if (feature & NTLMSSP_FEATURE_SIGN) {
161 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
162 }
163 if (feature & NTLMSSP_FEATURE_SEAL) {
164 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
165 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
166 }
167 if (feature & NTLMSSP_FEATURE_CCACHE) {
168 ntlmssp_state->use_ccache = true;
169 }
170 }
171
172 /**
173 * Next state function for the NTLMSSP state machine
174 *
175 * @param ntlmssp_state NTLMSSP State
176 * @param in The packet in from the NTLMSSP partner, as a DATA_BLOB
177 * @param out The reply, as an allocated DATA_BLOB, caller to free.
178 * @return Errors, NT_STATUS_MORE_PROCESSING_REQUIRED or NT_STATUS_OK.
179 */
180
181 NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
182 const DATA_BLOB input, DATA_BLOB *out)
183 {
184 uint32_t ntlmssp_command;
185 int i;
186
187 if (ntlmssp_state->expected_state == NTLMSSP_DONE) {
188 /* Called update after negotiations finished. */
189 DEBUG(1, ("Called NTLMSSP after state machine was 'done'\n"));
190 return NT_STATUS_INVALID_PARAMETER;
191 }
192
193 *out = data_blob_null;
194
195 if (!input.length) {
196 switch (ntlmssp_state->role) {
197 case NTLMSSP_CLIENT:
198 ntlmssp_command = NTLMSSP_INITIAL;
199 break;
200 case NTLMSSP_SERVER:
201 /* 'datagram' mode - no neg packet */
202 ntlmssp_command = NTLMSSP_NEGOTIATE;
203 break;
204 default:
205 DEBUG(1, ("Invalid role: %d\n", ntlmssp_state->role));
206 return NT_STATUS_INVALID_PARAMETER;
207 }
208 } else {
209 if (!msrpc_parse(ntlmssp_state, &input, "Cd",
210 "NTLMSSP",
211 &ntlmssp_command)) {
212 DEBUG(1, ("Failed to parse NTLMSSP packet, could not extract NTLMSSP command\n"));
213 dump_data(2, input.data, input.length);
214 return NT_STATUS_INVALID_PARAMETER;
215 }
216 }
217
218 if (ntlmssp_command != ntlmssp_state->expected_state) {
219 DEBUG(1, ("got NTLMSSP command %u, expected %u\n", ntlmssp_command, ntlmssp_state->expected_state));
220 return NT_STATUS_INVALID_PARAMETER;
221 }
222
223 for (i=0; ntlmssp_callbacks[i].fn; i++) {
224 if (ntlmssp_callbacks[i].role == ntlmssp_state->role
225 && ntlmssp_callbacks[i].ntlmssp_command == ntlmssp_command) {
226 return ntlmssp_callbacks[i].fn(ntlmssp_state, ntlmssp_state, input, out);
227 }
228 }
229
230 DEBUG(1, ("failed to find NTLMSSP callback for NTLMSSP mode %u, command %u\n",
231 ntlmssp_state->role, ntlmssp_command));
232
233 return NT_STATUS_INVALID_PARAMETER;
234 }
235
236 /*********************************************************************
237 Client side NTLMSSP
238 *********************************************************************/
239
240 /**
241 * Next state function for the Initial packet
242 *
243 * @param ntlmssp_state NTLMSSP State
244 * @param request The request, as a DATA_BLOB. reply.data must be NULL
245 * @param request The reply, as an allocated DATA_BLOB, caller to free.
246 * @return Errors or NT_STATUS_OK.
247 */
248
249 static NTSTATUS ntlmssp3_client_initial(struct ntlmssp_state *ntlmssp_state,
250 TALLOC_CTX *out_mem_ctx,
251 DATA_BLOB in, DATA_BLOB *out)
252 {
253 const char *domain = ntlmssp_state->client.netbios_domain;
254 const char *workstation = ntlmssp_state->client.netbios_name;
255 NTSTATUS status;
256
257 /* These don't really matter in the initial packet, so don't panic if they are not set */
258 if (!domain) {
259 domain = "";
260 }
261
262 if (!workstation) {
263 workstation = "";
264 }
265
266 if (ntlmssp_state->unicode) {
267 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
268 } else {
269 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_OEM;
270 }
271
272 if (ntlmssp_state->use_ntlmv2) {
273 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
274 }
275
276 /* generate the ntlmssp negotiate packet */
277 status = msrpc_gen(out_mem_ctx,
278 out, "CddAA",
279 "NTLMSSP",
280 NTLMSSP_NEGOTIATE,
281 ntlmssp_state->neg_flags,
282 domain,
283 workstation);
284
285 if (!NT_STATUS_IS_OK(status)) {
286 DEBUG(0, ("ntlmssp_client_initial: failed to generate "
287 "ntlmssp negotiate packet\n"));
288 return status;
289 }
290
291 if (DEBUGLEVEL >= 10) {
292 struct NEGOTIATE_MESSAGE *negotiate = talloc(
293 talloc_tos(), struct NEGOTIATE_MESSAGE);
294 if (negotiate != NULL) {
295 status = ntlmssp_pull_NEGOTIATE_MESSAGE(
296 out, negotiate, negotiate);
297 if (NT_STATUS_IS_OK(status)) {
298 NDR_PRINT_DEBUG(NEGOTIATE_MESSAGE,
299 negotiate);
300 }
301 TALLOC_FREE(negotiate);
302 }
303 }
304
305 ntlmssp_state->expected_state = NTLMSSP_CHALLENGE;
306
307 return NT_STATUS_MORE_PROCESSING_REQUIRED;
308 }
309
310 /**
311 * Next state function for the Challenge Packet. Generate an auth packet.
312 *
313 * @param ntlmssp_state NTLMSSP State
314 * @param request The request, as a DATA_BLOB. reply.data must be NULL
315 * @param request The reply, as an allocated DATA_BLOB, caller to free.
316 * @return Errors or NT_STATUS_OK.
317 */
318
319 static NTSTATUS ntlmssp3_client_challenge(struct ntlmssp_state *ntlmssp_state,
320 TALLOC_CTX *out_mem_ctx, /* Unused at this time */
321 const DATA_BLOB reply, DATA_BLOB *next_request)
322 {
323 uint32_t chal_flags, ntlmssp_command, unkn1, unkn2;
324 DATA_BLOB server_domain_blob;
325 DATA_BLOB challenge_blob;
326 DATA_BLOB struct_blob = data_blob_null;
327 char *server_domain;
328 const char *chal_parse_string;
329 const char *auth_gen_string;
330 DATA_BLOB lm_response = data_blob_null;
331 DATA_BLOB nt_response = data_blob_null;
332 DATA_BLOB session_key = data_blob_null;
333 DATA_BLOB encrypted_session_key = data_blob_null;
334 NTSTATUS nt_status = NT_STATUS_OK;
335
336 if (ntlmssp_state->use_ccache) {
337 struct wbcCredentialCacheParams params;
338 struct wbcCredentialCacheInfo *info = NULL;
339 struct wbcAuthErrorInfo *error = NULL;
340 struct wbcNamedBlob auth_blob;
341 struct wbcBlob *wbc_next = NULL;
342 struct wbcBlob *wbc_session_key = NULL;
343 wbcErr wbc_status;
344 int i;
345
346 params.account_name = ntlmssp_state->user;
347 params.domain_name = ntlmssp_state->domain;
348 params.level = WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP;
349
350 auth_blob.name = "challenge_blob";
351 auth_blob.flags = 0;
352 auth_blob.blob.data = reply.data;
353 auth_blob.blob.length = reply.length;
354 params.num_blobs = 1;
355 params.blobs = &auth_blob;
356
357 wbc_status = wbcCredentialCache(&params, &info, &error);
358 wbcFreeMemory(error);
359 if (!WBC_ERROR_IS_OK(wbc_status)) {
360 goto noccache;
361 }
362
363 for (i=0; i<info->num_blobs; i++) {
364 if (strequal(info->blobs[i].name, "auth_blob")) {
365 wbc_next = &info->blobs[i].blob;
366 }
367 if (strequal(info->blobs[i].name, "session_key")) {
368 wbc_session_key = &info->blobs[i].blob;
369 }
370 }
371 if ((wbc_next == NULL) || (wbc_session_key == NULL)) {
372 wbcFreeMemory(info);
373 goto noccache;
374 }
375
376 *next_request = data_blob(wbc_next->data, wbc_next->length);
377 ntlmssp_state->session_key = data_blob(
378 wbc_session_key->data, wbc_session_key->length);
379
380 wbcFreeMemory(info);
381 goto done;
382 }
383
384 noccache:
385
386 if (!msrpc_parse(ntlmssp_state, &reply, "CdBd",
387 "NTLMSSP",
388 &ntlmssp_command,
389 &server_domain_blob,
390 &chal_flags)) {
391 DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n"));
392 dump_data(2, reply.data, reply.length);
393
394 return NT_STATUS_INVALID_PARAMETER;
395 }
396
397 if (DEBUGLEVEL >= 10) {
398 struct CHALLENGE_MESSAGE *challenge = talloc(
399 talloc_tos(), struct CHALLENGE_MESSAGE);
400 if (challenge != NULL) {
401 NTSTATUS status;
402 challenge->NegotiateFlags = chal_flags;
403 status = ntlmssp_pull_CHALLENGE_MESSAGE(
404 &reply, challenge, challenge);
405 if (NT_STATUS_IS_OK(status)) {
406 NDR_PRINT_DEBUG(CHALLENGE_MESSAGE,
407 challenge);
408 }
409 TALLOC_FREE(challenge);
410 }
411 }
412
413 data_blob_free(&server_domain_blob);
414
415 DEBUG(3, ("Got challenge flags:\n"));
416 debug_ntlmssp_flags(chal_flags);
417
418 ntlmssp_handle_neg_flags(ntlmssp_state, chal_flags, lp_client_lanman_auth());
419
420 if (ntlmssp_state->unicode) {
421 if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
422 chal_parse_string = "CdUdbddB";
423 } else {
424 chal_parse_string = "CdUdbdd";
425 }
426 auth_gen_string = "CdBBUUUBd";
427 } else {
428 if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
429 chal_parse_string = "CdAdbddB";
430 } else {
431 chal_parse_string = "CdAdbdd";
432 }
433
434 auth_gen_string = "CdBBAAABd";
435 }
436
437 DEBUG(3, ("NTLMSSP: Set final flags:\n"));
438 debug_ntlmssp_flags(ntlmssp_state->neg_flags);
439
440 if (!msrpc_parse(ntlmssp_state, &reply, chal_parse_string,
441 "NTLMSSP",
442 &ntlmssp_command,
443 &server_domain,
444 &chal_flags,
445 &challenge_blob, 8,
446 &unkn1, &unkn2,
447 &struct_blob)) {
448 DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#2)\n"));
449 dump_data(2, reply.data, reply.length);
450 return NT_STATUS_INVALID_PARAMETER;
451 }
452
453 if (chal_flags & NTLMSSP_TARGET_TYPE_SERVER) {
454 ntlmssp_state->server.is_standalone = true;
455 } else {
456 ntlmssp_state->server.is_standalone = false;
457 }
458 /* TODO: parse struct_blob and fill in the rest */
459 ntlmssp_state->server.netbios_name = "";
460 ntlmssp_state->server.netbios_domain = server_domain;
461 ntlmssp_state->server.dns_name = "";
462 ntlmssp_state->server.dns_domain = "";
463
464 if (challenge_blob.length != 8) {
465 data_blob_free(&struct_blob);
466 return NT_STATUS_INVALID_PARAMETER;
467 }
468
469 if (!ntlmssp_state->nt_hash) {
470 static const uint8_t zeros[16] = {0, };
471 /* do nothing - blobs are zero length */
472
473 /* session key is all zeros */
474 session_key = data_blob_talloc(ntlmssp_state, zeros, 16);
475
476 /* not doing NLTM2 without a password */
477 ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
478 } else if (ntlmssp_state->use_ntlmv2) {
479 if (!struct_blob.length) {
480 /* be lazy, match win2k - we can't do NTLMv2 without it */
481 DEBUG(1, ("Server did not provide 'target information', required for NTLMv2\n"));
482 return NT_STATUS_INVALID_PARAMETER;
483 }
484
485 /* TODO: if the remote server is standalone, then we should replace 'domain'
486 with the server name as supplied above */
487
488 if (!SMBNTLMv2encrypt_hash(ntlmssp_state,
489 ntlmssp_state->user,
490 ntlmssp_state->domain,
491 ntlmssp_state->nt_hash, &challenge_blob,
492 &struct_blob,
493 &lm_response, &nt_response, NULL,
494 &session_key)) {
495 data_blob_free(&challenge_blob);
496 data_blob_free(&struct_blob);
497 return NT_STATUS_NO_MEMORY;
498 }
499 } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
500 struct MD5Context md5_session_nonce_ctx;
501 uint8_t session_nonce[16];
502 uint8_t session_nonce_hash[16];
503 uint8_t user_session_key[16];
504
505 lm_response = data_blob_talloc(ntlmssp_state, NULL, 24);
506 generate_random_buffer(lm_response.data, 8);
507 memset(lm_response.data+8, 0, 16);
508
509 memcpy(session_nonce, challenge_blob.data, 8);
510 memcpy(&session_nonce[8], lm_response.data, 8);
511
512 MD5Init(&md5_session_nonce_ctx);
513 MD5Update(&md5_session_nonce_ctx, challenge_blob.data, 8);
514 MD5Update(&md5_session_nonce_ctx, lm_response.data, 8);
515 MD5Final(session_nonce_hash, &md5_session_nonce_ctx);
516
517 DEBUG(5, ("NTLMSSP challenge set by NTLM2\n"));
518 DEBUG(5, ("challenge is: \n"));
519 dump_data(5, session_nonce_hash, 8);
520
521 nt_response = data_blob_talloc(ntlmssp_state, NULL, 24);
522 SMBNTencrypt_hash(ntlmssp_state->nt_hash,
523 session_nonce_hash,
524 nt_response.data);
525
526 session_key = data_blob_talloc(ntlmssp_state, NULL, 16);
527
528 SMBsesskeygen_ntv1(ntlmssp_state->nt_hash, user_session_key);
529 hmac_md5(user_session_key, session_nonce, sizeof(session_nonce), session_key.data);
530 dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length);
531 } else {
532 /* lanman auth is insecure, it may be disabled */
533 if (lp_client_lanman_auth() && ntlmssp_state->lm_hash) {
534 lm_response = data_blob_talloc(ntlmssp_state,
535 NULL, 24);
536 SMBencrypt_hash(ntlmssp_state->lm_hash,challenge_blob.data,
537 lm_response.data);
538 }
539
540 nt_response = data_blob_talloc(ntlmssp_state, NULL, 24);
541 SMBNTencrypt_hash(ntlmssp_state->nt_hash,challenge_blob.data,
542 nt_response.data);
543
544 session_key = data_blob_talloc(ntlmssp_state, NULL, 16);
545 if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
546 && lp_client_lanman_auth() && ntlmssp_state->lm_hash) {
547 SMBsesskeygen_lm_sess_key(ntlmssp_state->lm_hash, lm_response.data,
548 session_key.data);
549 dump_data_pw("LM session key\n", session_key.data, session_key.length);
550 } else {
551 SMBsesskeygen_ntv1(ntlmssp_state->nt_hash, session_key.data);
552 dump_data_pw("NT session key:\n", session_key.data, session_key.length);
553 }
554 }
555 data_blob_free(&struct_blob);
556
557 /* Key exchange encryptes a new client-generated session key with
558 the password-derived key */
559 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
560 /* Make up a new session key */
561 uint8_t client_session_key[16];
562 generate_random_buffer(client_session_key, sizeof(client_session_key));
563
564 /* Encrypt the new session key with the old one */
565 encrypted_session_key = data_blob(client_session_key, sizeof(client_session_key));
566 dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, encrypted_session_key.length);
567 arcfour_crypt_blob(encrypted_session_key.data, encrypted_session_key.length, &session_key);
568 dump_data_pw("KEY_EXCH session key (enc):\n", encrypted_session_key.data, encrypted_session_key.length);
569
570 /* Mark the new session key as the 'real' session key */
571 data_blob_free(&session_key);
572 session_key = data_blob_talloc(ntlmssp_state,
573 client_session_key,
574 sizeof(client_session_key));
575 }
576
577 /* this generates the actual auth packet */
578 nt_status = msrpc_gen(ntlmssp_state, next_request, auth_gen_string,
579 "NTLMSSP",
580 NTLMSSP_AUTH,
581 lm_response.data, lm_response.length,
582 nt_response.data, nt_response.length,
583 ntlmssp_state->domain,
584 ntlmssp_state->user,
585 ntlmssp_state->client.netbios_name,
586 encrypted_session_key.data, encrypted_session_key.length,
587 ntlmssp_state->neg_flags);
588
589 if (!NT_STATUS_IS_OK(nt_status)) {
590 return NT_STATUS_NO_MEMORY;
591 }
592
593 if (DEBUGLEVEL >= 10) {
594 struct AUTHENTICATE_MESSAGE *authenticate = talloc(
595 talloc_tos(), struct AUTHENTICATE_MESSAGE);
596 if (authenticate != NULL) {
597 NTSTATUS status;
598 authenticate->NegotiateFlags =
599 ntlmssp_state->neg_flags;
600 status = ntlmssp_pull_AUTHENTICATE_MESSAGE(
601 next_request, authenticate, authenticate);
602 if (NT_STATUS_IS_OK(status)) {
603 NDR_PRINT_DEBUG(AUTHENTICATE_MESSAGE,
604 authenticate);
605 }
606 TALLOC_FREE(authenticate);
607 }
608 }
609
610 data_blob_free(&encrypted_session_key);
611
612 data_blob_free(&ntlmssp_state->chal);
613
614 ntlmssp_state->session_key = session_key;
615
616 ntlmssp_state->chal = challenge_blob;
617 ntlmssp_state->lm_resp = lm_response;
618 ntlmssp_state->nt_resp = nt_response;
619
620 done:
621
622 ntlmssp_state->expected_state = NTLMSSP_DONE;
623
624 if (!NT_STATUS_IS_OK(nt_status = ntlmssp_sign_init(ntlmssp_state))) {
625 DEBUG(1, ("Could not setup NTLMSSP signing/sealing system (error was: %s)\n", nt_errstr(nt_status)));
626 }
627
628 return nt_status;
629 }
630
631 NTSTATUS ntlmssp_client_start(TALLOC_CTX *mem_ctx,
632 const char *netbios_name,
633 const char *netbios_domain,
634 bool use_ntlmv2,
635 struct ntlmssp_state **_ntlmssp_state)
636 {
637 struct ntlmssp_state *ntlmssp_state;
638
639 if (!netbios_name) {
640 netbios_name = "";
641 }
642
643 if (!netbios_domain) {
644 netbios_domain = "";
645 }
646
647 ntlmssp_state = talloc_zero(mem_ctx, struct ntlmssp_state);
648 if (!ntlmssp_state) {
649 return NT_STATUS_NO_MEMORY;
650 }
651
652 ntlmssp_state->role = NTLMSSP_CLIENT;
653
654 ntlmssp_state->unicode = True;
655
656 ntlmssp_state->use_ntlmv2 = use_ntlmv2;
657
658 ntlmssp_state->expected_state = NTLMSSP_INITIAL;
659
660 ntlmssp_state->neg_flags =
661 NTLMSSP_NEGOTIATE_128 |
662 NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
663 NTLMSSP_NEGOTIATE_NTLM |
664 NTLMSSP_NEGOTIATE_NTLM2 |
665 NTLMSSP_NEGOTIATE_KEY_EXCH |
666 NTLMSSP_REQUEST_TARGET;
667
668 ntlmssp_state->client.netbios_name = talloc_strdup(ntlmssp_state, netbios_name);
669 if (!ntlmssp_state->client.netbios_name) {
670 talloc_free(ntlmssp_state);
671 return NT_STATUS_NO_MEMORY;
672 }
673 ntlmssp_state->client.netbios_domain = talloc_strdup(ntlmssp_state, netbios_domain);
674 if (!ntlmssp_state->client.netbios_domain) {
675 talloc_free(ntlmssp_state);
676 return NT_STATUS_NO_MEMORY;
677 }
678
679 *_ntlmssp_state = ntlmssp_state;
680 return NT_STATUS_OK;
681 }
reg import