[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1255-gb7a5e7a
Günther Deschner
gd at samba.org
Fri Aug 28 02:09:52 MDT 2009
The branch, master has been updated
via b7a5e7a5d607d38e28cb8b28d45ede749500fa13 (commit)
via 38d677bdf2cd3df554c93bb7ffbcf34f444538b5 (commit)
via e8c19f31b34ca56ae785ade9e2fdc17c80795acc (commit)
via 82469deeac99ebf4d01bb4d88e5f3a456b752045 (commit)
via 25d6c0a51813928a7ef343a1d5411247212a0bc6 (commit)
via 3a519fac8a1bf352fc8895458d4d27311a215c81 (commit)
from 4d1c88123980dc7ac92c5881aa05c016d2d060f6 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b7a5e7a5d607d38e28cb8b28d45ede749500fa13
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 25 12:30:48 2009 +0200
libcli/auth: remove unused NTLMSSP_NAME_TYPE_ flags.
Guenther
commit 38d677bdf2cd3df554c93bb7ffbcf34f444538b5
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 25 12:27:51 2009 +0200
s4-ntlmssp: use interface constants in TargetInfo blob.
Guenther
commit e8c19f31b34ca56ae785ade9e2fdc17c80795acc
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 25 12:12:59 2009 +0200
s4-ntlmssp: use NTLMSSP headers from IDL and remove duplicate constants.
Guenther
commit 82469deeac99ebf4d01bb4d88e5f3a456b752045
Author: Günther Deschner <gd at samba.org>
Date: Fri Aug 14 14:08:45 2009 +0200
s3-ntlmssp: use interface constants in TargetInfo blob.
Guenther
commit 25d6c0a51813928a7ef343a1d5411247212a0bc6
Author: Günther Deschner <gd at samba.org>
Date: Wed Aug 12 20:22:04 2009 +0200
s3-ntlmssp: use NTLMSSP headers from IDL and remove duplicate constants.
Guenther
commit 3a519fac8a1bf352fc8895458d4d27311a215c81
Author: Günther Deschner <gd at samba.org>
Date: Fri Aug 21 20:41:03 2009 +0200
ntlmssp: add ndr_print_ntlmssp_{nt,lm}_response() function.
Guenther
-----------------------------------------------------------------------
Summary of changes:
libcli/auth/libcli_auth.h | 5 ---
libcli/auth/smbencrypt.c | 6 ++--
librpc/ndr/ndr_ntlmssp.c | 56 +++++++++++++++++++++++++++++++++
librpc/ndr/ndr_ntlmssp.h | 8 +++++
source3/include/ntlmssp.h | 29 -----------------
source3/include/rpc_dce.h | 3 --
source3/include/smb.h | 1 +
source3/libsmb/ntlmssp.c | 40 +++++++++++------------
source4/auth/ntlmssp/ntlmssp.c | 27 +++++++--------
source4/auth/ntlmssp/ntlmssp.h | 31 ------------------
source4/auth/ntlmssp/ntlmssp_client.c | 5 ++-
source4/auth/ntlmssp/ntlmssp_server.c | 17 +++++-----
source4/auth/ntlmssp/ntlmssp_sign.c | 1 +
13 files changed, 113 insertions(+), 116 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/auth/libcli_auth.h b/libcli/auth/libcli_auth.h
index 388694a..c5c7a7b 100644
--- a/libcli/auth/libcli_auth.h
+++ b/libcli/auth/libcli_auth.h
@@ -25,9 +25,4 @@
#include "libcli/auth/proto.h"
#include "libcli/auth/msrpc_parse.h"
-#define NTLMSSP_NAME_TYPE_SERVER 0x01
-#define NTLMSSP_NAME_TYPE_DOMAIN 0x02
-#define NTLMSSP_NAME_TYPE_SERVER_DNS 0x03
-#define NTLMSSP_NAME_TYPE_DOMAIN_DNS 0x04
-
#endif /* __LIBCLI_AUTH_H__ */
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index 4aacc54..dc33b75 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -368,9 +368,9 @@ DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx,
msrpc_gen(mem_ctx, &names_blob,
"aaa",
- NTLMSSP_NAME_TYPE_DOMAIN, domain,
- NTLMSSP_NAME_TYPE_SERVER, hostname,
- 0, "");
+ MsvAvNbDomainName, domain,
+ MsvAvNbComputerName, hostname,
+ MsvAvEOL, "");
return names_blob;
}
diff --git a/librpc/ndr/ndr_ntlmssp.c b/librpc/ndr/ndr_ntlmssp.c
index b91b143..d90495f 100644
--- a/librpc/ndr/ndr_ntlmssp.c
+++ b/librpc/ndr/ndr_ntlmssp.c
@@ -107,3 +107,59 @@ _PUBLIC_ enum ndr_err_code ndr_pull_AV_PAIR_LIST(struct ndr_pull *ndr, int ndr_f
}
return NDR_ERR_SUCCESS;
}
+
+_PUBLIC_ void ndr_print_ntlmssp_nt_response(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *ic,
+ const DATA_BLOB *nt_response,
+ bool ntlmv2)
+{
+ enum ndr_err_code ndr_err;
+
+ if (ntlmv2) {
+ struct NTLMv2_RESPONSE nt;
+ if (nt_response->length > 24) {
+ ndr_err = ndr_pull_struct_blob(nt_response, mem_ctx, ic, &nt,
+ (ndr_pull_flags_fn_t)ndr_pull_NTLMv2_RESPONSE);
+ if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ NDR_PRINT_DEBUG(NTLMv2_RESPONSE, &nt);
+ }
+ }
+ } else {
+ struct NTLM_RESPONSE nt;
+ if (nt_response->length == 24) {
+ ndr_err = ndr_pull_struct_blob(nt_response, mem_ctx, ic, &nt,
+ (ndr_pull_flags_fn_t)ndr_pull_NTLM_RESPONSE);
+ if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ NDR_PRINT_DEBUG(NTLM_RESPONSE, &nt);
+ }
+ }
+ }
+}
+
+_PUBLIC_ void ndr_print_ntlmssp_lm_response(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *ic,
+ const DATA_BLOB *lm_response,
+ bool ntlmv2)
+{
+ enum ndr_err_code ndr_err;
+
+ if (ntlmv2) {
+ struct LMv2_RESPONSE lm;
+ if (lm_response->length == 24) {
+ ndr_err = ndr_pull_struct_blob(lm_response, mem_ctx, ic, &lm,
+ (ndr_pull_flags_fn_t)ndr_pull_LMv2_RESPONSE);
+ if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ NDR_PRINT_DEBUG(LMv2_RESPONSE, &lm);
+ }
+ }
+ } else {
+ struct LM_RESPONSE lm;
+ if (lm_response->length == 24) {
+ ndr_err = ndr_pull_struct_blob(lm_response, mem_ctx, ic, &lm,
+ (ndr_pull_flags_fn_t)ndr_pull_LM_RESPONSE);
+ if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ NDR_PRINT_DEBUG(LM_RESPONSE, &lm);
+ }
+ }
+ }
+}
diff --git a/librpc/ndr/ndr_ntlmssp.h b/librpc/ndr/ndr_ntlmssp.h
index 4b21b4f..6d76be2 100644
--- a/librpc/ndr/ndr_ntlmssp.h
+++ b/librpc/ndr/ndr_ntlmssp.h
@@ -23,3 +23,11 @@ _PUBLIC_ size_t ndr_ntlmssp_string_length(uint32_t negotiate_flags, const char *
_PUBLIC_ uint32_t ndr_ntlmssp_negotiated_string_flags(uint32_t negotiate_flags);
_PUBLIC_ enum ndr_err_code ndr_push_AV_PAIR_LIST(struct ndr_push *ndr, int ndr_flags, const struct AV_PAIR_LIST *r);
_PUBLIC_ enum ndr_err_code ndr_pull_AV_PAIR_LIST(struct ndr_pull *ndr, int ndr_flags, struct AV_PAIR_LIST *r);
+_PUBLIC_ void ndr_print_ntlmssp_nt_response(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *ic,
+ const DATA_BLOB *nt_response,
+ bool ntlmv2);
+_PUBLIC_ void ndr_print_ntlmssp_lm_response(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *ic,
+ const DATA_BLOB *lm_response,
+ bool ntlmv2);
diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h
index 1662eaa..9f47c9c 100644
--- a/source3/include/ntlmssp.h
+++ b/source3/include/ntlmssp.h
@@ -37,39 +37,10 @@ enum NTLM_MESSAGE_TYPE
NTLMSSP_DONE = 5 /* samba final state */
};
-/* NTLMSSP negotiation flags */
-#define NTLMSSP_NEGOTIATE_UNICODE 0x00000001
-#define NTLMSSP_NEGOTIATE_OEM 0x00000002
-#define NTLMSSP_REQUEST_TARGET 0x00000004
-#define NTLMSSP_NEGOTIATE_SIGN 0x00000010 /* Message integrity */
-#define NTLMSSP_NEGOTIATE_SEAL 0x00000020 /* Message confidentiality */
-#define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE 0x00000040
-#define NTLMSSP_NEGOTIATE_LM_KEY 0x00000080
-#define NTLMSSP_NEGOTIATE_NETWARE 0x00000100
-#define NTLMSSP_NEGOTIATE_NTLM 0x00000200
-#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x00001000
-#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x00002000
-#define NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 0x00004000
-#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000
-#define NTLMSSP_TARGET_TYPE_DOMAIN 0x10000
-#define NTLMSSP_TARGET_TYPE_SERVER 0x20000
-#define NTLMSSP_CHAL_INIT_RESPONSE 0x00010000
-
-#define NTLMSSP_CHAL_ACCEPT_RESPONSE 0x00020000
-#define NTLMSSP_CHAL_NON_NT_SESSION_KEY 0x00040000
-#define NTLMSSP_NEGOTIATE_NTLM2 0x00080000
-#define NTLMSSP_CHAL_TARGET_INFO 0x00800000
-#define NTLMSSP_NEGOTIATE_VERSION 0x02000000
-#define NTLMSSP_NEGOTIATE_128 0x20000000 /* 128-bit encryption */
-#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000
-#define NTLMSSP_NEGOTIATE_56 0x80000000
-
#define NTLMSSP_FEATURE_SESSION_KEY 0x00000001
#define NTLMSSP_FEATURE_SIGN 0x00000002
#define NTLMSSP_FEATURE_SEAL 0x00000004
-#define NTLMSSP_SIG_SIZE 16
-
typedef struct ntlmssp_state
{
unsigned int ref_count;
diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h
index 50ca980..3dfbc16 100644
--- a/source3/include/rpc_dce.h
+++ b/source3/include/rpc_dce.h
@@ -56,9 +56,6 @@ enum RPC_PKT_TYPE {
#define SMBD_NTLMSSP_NEG_FLAGS 0x000082b1 /* ALWAYS_SIGN|NEG_NTLM|NEG_LM|NEG_SEAL|NEG_SIGN|NEG_UNICODE */
-/* NTLMSSP signature version */
-#define NTLMSSP_SIGN_VERSION 0x01
-
/* DCE RPC auth types - extended by Microsoft. */
#define RPC_ANONYMOUS_AUTH_TYPE 0
#define RPC_AUTH_TYPE_KRB5_1 1
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 3f3d7e6..f8816b6 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -253,6 +253,7 @@ struct id_map {
#include "librpc/gen_ndr/spoolss.h"
#include "librpc/gen_ndr/dcerpc.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
+#include "librpc/gen_ndr/ntlmssp.h"
struct lsa_dom_info {
bool valid;
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 023d356..2e5d8cc 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -72,30 +72,28 @@ void debug_ntlmssp_flags(uint32 neg_flags)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SIGN\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_SEAL)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SEAL\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_DATAGRAM_STYLE)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DATAGRAM_STYLE\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_DATAGRAM)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DATAGRAM\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_LM_KEY\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NETWARE\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_NTLM)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n"));
- if (neg_flags & NTLMSSP_CHAL_ACCEPT_RESPONSE)
- DEBUGADD(4, (" NTLMSSP_CHAL_ACCEPT_RESPONSE\n"));
- if (neg_flags & NTLMSSP_CHAL_NON_NT_SESSION_KEY)
- DEBUGADD(4, (" NTLMSSP_CHAL_NON_NT_SESSION_KEY\n"));
+ if (neg_flags & NTLMSSP_REQUEST_NON_NT_SESSION_KEY)
+ DEBUGADD(4, (" NTLMSSP_REQUEST_NON_NT_SESSION_KEY\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM2\n"));
- if (neg_flags & NTLMSSP_CHAL_TARGET_INFO)
- DEBUGADD(4, (" NTLMSSP_CHAL_TARGET_INFO\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_TARGET_INFO)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_TARGET_INFO\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_VERSION)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_VERSION\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_128)
@@ -385,7 +383,7 @@ static const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state,
uint32 neg_flags, uint32 *chal_flags)
{
if (neg_flags & NTLMSSP_REQUEST_TARGET) {
- *chal_flags |= NTLMSSP_CHAL_TARGET_INFO;
+ *chal_flags |= NTLMSSP_NEGOTIATE_TARGET_INFO;
*chal_flags |= NTLMSSP_REQUEST_TARGET;
if (ntlmssp_state->server_role == ROLE_STANDALONE) {
*chal_flags |= NTLMSSP_TARGET_TYPE_SERVER;
@@ -580,14 +578,14 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
}
/* This creates the 'blob' of names that appears at the end of the packet */
- if (chal_flags & NTLMSSP_CHAL_TARGET_INFO)
+ if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO)
{
msrpc_gen(ntlmssp_state, &struct_blob, "aaaaa",
- NTLMSSP_NAME_TYPE_DOMAIN, target_name,
- NTLMSSP_NAME_TYPE_SERVER, ntlmssp_state->get_global_myname(),
- NTLMSSP_NAME_TYPE_DOMAIN_DNS, dnsdomname,
- NTLMSSP_NAME_TYPE_SERVER_DNS, dnsname,
- 0, "");
+ MsvAvNbDomainName, target_name,
+ MsvAvNbComputerName, ntlmssp_state->get_global_myname(),
+ MsvAvDnsDomainName, dnsdomname,
+ MsvAvDnsComputerName, dnsname,
+ MsvAvEOL, "");
} else {
struct_blob = data_blob_null;
}
@@ -989,14 +987,14 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
ntlmssp_handle_neg_flags(ntlmssp_state, chal_flags, lp_client_lanman_auth());
if (ntlmssp_state->unicode) {
- if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) {
+ if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
chal_parse_string = "CdUdbddB";
} else {
chal_parse_string = "CdUdbdd";
}
auth_gen_string = "CdBBUUUBd";
} else {
- if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) {
+ if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
chal_parse_string = "CdAdbddB";
} else {
chal_parse_string = "CdAdbdd";
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c
index e649bba..633199f 100644
--- a/source4/auth/ntlmssp/ntlmssp.c
+++ b/source4/auth/ntlmssp/ntlmssp.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "auth/ntlmssp/ntlmssp.h"
+#include "../librpc/gen_ndr/ntlmssp.h"
#include "../libcli/auth/libcli_auth.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "auth/credentials/credentials.h"
@@ -81,30 +82,28 @@ void debug_ntlmssp_flags(uint32_t neg_flags)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SIGN\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_SEAL)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SEAL\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_DATAGRAM_STYLE)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DATAGRAM_STYLE\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_DATAGRAM)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DATAGRAM\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_LM_KEY\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NETWARE\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_NTLM)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n"));
- if (neg_flags & NTLMSSP_CHAL_ACCEPT_RESPONSE)
- DEBUGADD(4, (" NTLMSSP_CHAL_ACCEPT_RESPONSE\n"));
- if (neg_flags & NTLMSSP_CHAL_NON_NT_SESSION_KEY)
- DEBUGADD(4, (" NTLMSSP_CHAL_NON_NT_SESSION_KEY\n"));
+ if (neg_flags & NTLMSSP_REQUEST_NON_NT_SESSION_KEY)
+ DEBUGADD(4, (" NTLMSSP_REQUEST_NON_NT_SESSION_KEY\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM2\n"));
- if (neg_flags & NTLMSSP_CHAL_TARGET_INFO)
- DEBUGADD(4, (" NTLMSSP_CHAL_TARGET_INFO\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_TARGET_INFO)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_TARGET_INFO\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_128)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_128\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)
@@ -295,8 +294,8 @@ void ntlmssp_handle_neg_flags(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
/* Woop Woop - unknown flag for Windows compatibility...
What does this really do ? JRA. */
- if (!(neg_flags & NTLMSSP_UNKNOWN_02000000)) {
- gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_UNKNOWN_02000000;
+ if (!(neg_flags & NTLMSSP_NEGOTIATE_VERSION)) {
+ gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_VERSION;
}
if ((neg_flags & NTLMSSP_REQUEST_TARGET)) {
diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h
index ff7225b..d46b120 100644
--- a/source4/auth/ntlmssp/ntlmssp.h
+++ b/source4/auth/ntlmssp/ntlmssp.h
@@ -39,37 +39,6 @@ enum ntlmssp_message_type
NTLMSSP_DONE = 5 /* samba final state */
};
-/* NTLMSSP negotiation flags */
-#define NTLMSSP_NEGOTIATE_UNICODE 0x00000001
-#define NTLMSSP_NEGOTIATE_OEM 0x00000002
-#define NTLMSSP_REQUEST_TARGET 0x00000004
-#define NTLMSSP_NEGOTIATE_SIGN 0x00000010 /* Message integrity */
-#define NTLMSSP_NEGOTIATE_SEAL 0x00000020 /* Message confidentiality */
-#define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE 0x00000040
-#define NTLMSSP_NEGOTIATE_LM_KEY 0x00000080
-#define NTLMSSP_NEGOTIATE_NETWARE 0x00000100
-#define NTLMSSP_NEGOTIATE_NTLM 0x00000200
-#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x00001000
-#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x00002000
-#define NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 0x00004000
-#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000
-#define NTLMSSP_TARGET_TYPE_DOMAIN 0x10000
-#define NTLMSSP_TARGET_TYPE_SERVER 0x20000
-#define NTLMSSP_CHAL_INIT_RESPONSE 0x00010000
-
-#define NTLMSSP_CHAL_ACCEPT_RESPONSE 0x00020000
-#define NTLMSSP_CHAL_NON_NT_SESSION_KEY 0x00040000
-#define NTLMSSP_NEGOTIATE_NTLM2 0x00080000
-#define NTLMSSP_CHAL_TARGET_INFO 0x00800000
-#define NTLMSSP_UNKNOWN_02000000 0x02000000
-#define NTLMSSP_NEGOTIATE_128 0x20000000 /* 128-bit encryption */
-#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000
-#define NTLMSSP_NEGOTIATE_56 0x80000000
-
-#define NTLMSSP_SIGN_VERSION 1
-
-#define NTLMSSP_SIG_SIZE 16
-
struct gensec_ntlmssp_state
{
struct gensec_security *gensec_security;
diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c
index d3c1165..87794ae 100644
--- a/source4/auth/ntlmssp/ntlmssp_client.c
+++ b/source4/auth/ntlmssp/ntlmssp_client.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "auth/ntlmssp/ntlmssp.h"
+#include "../librpc/gen_ndr/ntlmssp.h"
#include "../lib/crypto/crypto.h"
#include "../libcli/auth/libcli_auth.h"
#include "auth/credentials/credentials.h"
@@ -141,14 +142,14 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
ntlmssp_handle_neg_flags(gensec_ntlmssp_state, chal_flags, gensec_ntlmssp_state->allow_lm_key);
if (gensec_ntlmssp_state->unicode) {
- if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) {
+ if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
chal_parse_string = "CdUdbddB";
} else {
chal_parse_string = "CdUdbdd";
}
auth_gen_string = "CdBBUUUBd";
} else {
- if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) {
+ if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
chal_parse_string = "CdAdbddB";
} else {
chal_parse_string = "CdAdbdd";
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index 8cb2b1f..b55c1cd 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -24,6 +24,7 @@
#include "includes.h"
#include "system/network.h"
#include "auth/ntlmssp/ntlmssp.h"
+#include "../librpc/gen_ndr/ntlmssp.h"
#include "../libcli/auth/libcli_auth.h"
#include "../lib/crypto/crypto.h"
#include "auth/gensec/gensec.h"
@@ -91,7 +92,7 @@ static const char *ntlmssp_target_name(struct gensec_ntlmssp_state *gensec_ntlms
uint32_t neg_flags, uint32_t *chal_flags)
{
if (neg_flags & NTLMSSP_REQUEST_TARGET) {
- *chal_flags |= NTLMSSP_CHAL_TARGET_INFO;
+ *chal_flags |= NTLMSSP_NEGOTIATE_TARGET_INFO;
*chal_flags |= NTLMSSP_REQUEST_TARGET;
if (gensec_ntlmssp_state->server_role == ROLE_STANDALONE) {
*chal_flags |= NTLMSSP_TARGET_TYPE_SERVER;
@@ -179,7 +180,7 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
gensec_ntlmssp_state->internal_chal = data_blob_talloc(gensec_ntlmssp_state, cryptkey, 8);
/* This creates the 'blob' of names that appears at the end of the packet */
- if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) {
+ if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
char dnsdomname[MAXHOSTNAMELEN], dnsname[MAXHOSTNAMELEN];
const char *target_name_dns = "";
@@ -204,11 +205,11 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
msrpc_gen(out_mem_ctx,
&struct_blob, "aaaaa",
- NTLMSSP_NAME_TYPE_DOMAIN, target_name,
- NTLMSSP_NAME_TYPE_SERVER, gensec_ntlmssp_state->server_name,
- NTLMSSP_NAME_TYPE_DOMAIN_DNS, dnsdomname,
- NTLMSSP_NAME_TYPE_SERVER_DNS, dnsname,
- 0, "");
+ MsvAvNbDomainName, target_name,
+ MsvAvNbComputerName, gensec_ntlmssp_state->server_name,
+ MsvAvDnsDomainName, dnsdomname,
+ MsvAvDnsComputerName, dnsname,
+ MsvAvEOL, "");
} else {
struct_blob = data_blob(NULL, 0);
}
@@ -762,7 +763,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
gensec_ntlmssp_state->server_multiple_authentications = false;
gensec_ntlmssp_state->neg_flags =
- NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_UNKNOWN_02000000;
+ NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_VERSION;
gensec_ntlmssp_state->lm_resp = data_blob(NULL, 0);
gensec_ntlmssp_state->nt_resp = data_blob(NULL, 0);
diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c
index 957d0a8..6e5a08c 100644
--- a/source4/auth/ntlmssp/ntlmssp_sign.c
+++ b/source4/auth/ntlmssp/ntlmssp_sign.c
@@ -21,6 +21,7 @@
#include "includes.h"
#include "auth/ntlmssp/ntlmssp.h"
+#include "../librpc/gen_ndr/ntlmssp.h"
#include "../libcli/auth/libcli_auth.h"
#include "../lib/crypto/crypto.h"
#include "auth/gensec/gensec.h"
--
Samba Shared Repository
More information about the samba-cvs
mailing list