| 1 | /*
|
|---|
| 2 | Unix SMB/Netbios implementation.
|
|---|
| 3 | Version 3.0
|
|---|
| 4 | handle NLTMSSP, server side
|
|---|
| 5 |
|
|---|
| 6 | Copyright (C) Andrew Tridgell 2001
|
|---|
| 7 | Copyright (C) Andrew Bartlett 2001-2003
|
|---|
| 8 |
|
|---|
| 9 | This program is free software; you can redistribute it and/or modify
|
|---|
| 10 | it under the terms of the GNU General Public License as published by
|
|---|
| 11 | the Free Software Foundation; either version 3 of the License, or
|
|---|
| 12 | (at your option) any later version.
|
|---|
| 13 |
|
|---|
| 14 | This program is distributed in the hope that it will be useful,
|
|---|
| 15 | but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|---|
| 16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|---|
| 17 | GNU General Public License for more details.
|
|---|
| 18 |
|
|---|
| 19 | You should have received a copy of the GNU General Public License
|
|---|
| 20 | along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|---|
| 21 | */
|
|---|
| 22 |
|
|---|
| 23 | #include "includes.h"
|
|---|
| 24 |
|
|---|
| 25 | /**
|
|---|
| 26 | * Return the challenge as determined by the authentication subsystem
|
|---|
| 27 | * @return an 8 byte random challenge
|
|---|
| 28 | */
|
|---|
| 29 |
|
|---|
| 30 | static const uint8 *auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state)
|
|---|
| 31 | {
|
|---|
| 32 | AUTH_NTLMSSP_STATE *auth_ntlmssp_state =
|
|---|
| 33 | (AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context;
|
|---|
| 34 | return auth_ntlmssp_state->auth_context->get_ntlm_challenge(auth_ntlmssp_state->auth_context);
|
|---|
| 35 | }
|
|---|
| 36 |
|
|---|
| 37 | /**
|
|---|
| 38 | * Some authentication methods 'fix' the challenge, so we may not be able to set it
|
|---|
| 39 | *
|
|---|
| 40 | * @return If the effective challenge used by the auth subsystem may be modified
|
|---|
| 41 | */
|
|---|
| 42 | static bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state)
|
|---|
| 43 | {
|
|---|
| 44 | AUTH_NTLMSSP_STATE *auth_ntlmssp_state =
|
|---|
| 45 | (AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context;
|
|---|
| 46 | struct auth_context *auth_context = auth_ntlmssp_state->auth_context;
|
|---|
| 47 |
|
|---|
| 48 | return auth_context->challenge_may_be_modified;
|
|---|
| 49 | }
|
|---|
| 50 |
|
|---|
| 51 | /**
|
|---|
| 52 | * NTLM2 authentication modifies the effective challenge,
|
|---|
| 53 | * @param challenge The new challenge value
|
|---|
| 54 | */
|
|---|
| 55 | static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge)
|
|---|
| 56 | {
|
|---|
| 57 | AUTH_NTLMSSP_STATE *auth_ntlmssp_state =
|
|---|
| 58 | (AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context;
|
|---|
| 59 | struct auth_context *auth_context = auth_ntlmssp_state->auth_context;
|
|---|
| 60 |
|
|---|
| 61 | SMB_ASSERT(challenge->length == 8);
|
|---|
| 62 |
|
|---|
| 63 | auth_context->challenge = data_blob_talloc(auth_context->mem_ctx,
|
|---|
| 64 | challenge->data, challenge->length);
|
|---|
| 65 |
|
|---|
| 66 | auth_context->challenge_set_by = "NTLMSSP callback (NTLM2)";
|
|---|
| 67 |
|
|---|
| 68 | DEBUG(5, ("auth_context challenge set by %s\n", auth_context->challenge_set_by));
|
|---|
| 69 | DEBUG(5, ("challenge is: \n"));
|
|---|
| 70 | dump_data(5, auth_context->challenge.data, auth_context->challenge.length);
|
|---|
| 71 | return NT_STATUS_OK;
|
|---|
| 72 | }
|
|---|
| 73 |
|
|---|
| 74 | /**
|
|---|
| 75 | * Check the password on an NTLMSSP login.
|
|---|
| 76 | *
|
|---|
| 77 | * Return the session keys used on the connection.
|
|---|
| 78 | */
|
|---|
| 79 |
|
|---|
| 80 | static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
|
|---|
| 81 | {
|
|---|
|
|---|
