Changeset 745 for trunk/server/source4/auth/ntlmssp/ntlmssp.h
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source4/auth/ntlmssp/ntlmssp.h (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source4/auth/ntlmssp/ntlmssp.h
r414 r745 1 /* 1 /* 2 2 Unix SMB/CIFS implementation. 3 3 SMB parameters and setup … … 5 5 Copyright (C) Luke Kenneth Casson Leighton 1996-1997 6 6 Copyright (C) Paul Ashton 1997 7 7 Copyright (C) Andrew Bartlett 2010 8 8 9 This program is free software; you can redistribute it and/or modify 9 10 it under the terms of the GNU General Public License as published by 10 11 the Free Software Foundation; either version 3 of the License, or 11 12 (at your option) any later version. 12 13 13 14 This program is distributed in the hope that it will be useful, 14 15 but WITHOUT ANY WARRANTY; without even the implied warranty of 15 16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 17 GNU General Public License for more details. 17 18 18 19 You should have received a copy of the GNU General Public License 19 20 along with this program. If not, see <http://www.gnu.org/licenses/>. 20 21 */ 21 22 22 #include "librpc/gen_ndr/samr.h"23 23 #include "../librpc/gen_ndr/ntlmssp.h" 24 #include "../libcli/auth/ntlmssp.h" 24 25 25 /* NTLMSSP mode */ 26 enum ntlmssp_role 27 { 28 NTLMSSP_SERVER, 29 NTLMSSP_CLIENT 30 }; 31 32 /* NTLMSSP message types */ 33 enum ntlmssp_message_type 34 { 35 NTLMSSP_INITIAL = 0 /* samba internal state */, 36 NTLMSSP_NEGOTIATE = 1, 37 NTLMSSP_CHALLENGE = 2, 38 NTLMSSP_AUTH = 3, 39 NTLMSSP_UNKNOWN = 4, 40 NTLMSSP_DONE = 5 /* samba final state */ 41 }; 42 43 struct gensec_ntlmssp_state 44 { 26 struct gensec_ntlmssp_context { 45 27 struct gensec_security *gensec_security; 46 47 enum ntlmssp_role role; 48 enum samr_Role server_role; 49 uint32_t expected_state; 50 51 bool unicode; 52 bool use_ntlmv2; 53 bool use_nt_response; /* Set to 'False' to debug what happens when the NT response is omited */ 54 bool allow_lm_key; /* The LM_KEY code is not functional at this point, and it's not 55 very secure anyway */ 56 57 bool server_multiple_authentications; /* Set to 'True' to allow squid 2.5 58 style 'challenge caching' */ 59 60 char *user; 61 const char *domain; 62 const char *workstation; 63 char *server_domain; 64 65 DATA_BLOB internal_chal; /* Random challenge as supplied to the client for NTLM authentication */ 66 67 DATA_BLOB chal; /* Random challenge as input into the actual NTLM (or NTLM2) authentication */ 68 DATA_BLOB lm_resp; 69 DATA_BLOB nt_resp; 70 DATA_BLOB session_key; 71 72 uint32_t neg_flags; /* the current state of negotiation with the NTLMSSP partner */ 73 74 /* internal variables used by KEY_EXCH (client-supplied user session key */ 75 DATA_BLOB encrypted_session_key; 76 77 /** 78 * Callback to get the 'challenge' used for NTLM authentication. 79 * 80 * @param ntlmssp_state This structure 81 * @return 8 bytes of challenge data, determined by the server to be the challenge for NTLM authentication 82 * 83 */ 84 const uint8_t *(*get_challenge)(const struct gensec_ntlmssp_state *); 85 86 /** 87 * Callback to find if the challenge used by NTLM authentication may be modified 88 * 89 * The NTLM2 authentication scheme modifies the effective challenge, but this is not compatiable with the 90 * current 'security=server' implementation.. 91 * 92 * @param ntlmssp_state This structure 93 * @return Can the challenge be set to arbitary values? 94 * 95 */ 96 bool (*may_set_challenge)(const struct gensec_ntlmssp_state *); 97 98 /** 99 * Callback to set the 'challenge' used for NTLM authentication. 100 * 101 * The callback may use the void *auth_context to store state information, but the same value is always available 102 * from the DATA_BLOB chal on this structure. 103 * 104 * @param ntlmssp_state This structure 105 * @param challenge 8 bytes of data, agreed by the client and server to be the effective challenge for NTLM2 authentication 106 * 107 */ 108 NTSTATUS (*set_challenge)(struct gensec_ntlmssp_state *, DATA_BLOB *challenge); 109 110 /** 111 * Callback to check the user's password. 112 * 113 * The callback must reads the feilds of this structure for the information it needs on the user 114 * @param ntlmssp_state This structure 115 * @param nt_session_key If an NT session key is returned by the authentication process, return it here 116 * @param lm_session_key If an LM session key is returned by the authentication process, return it here 117 * 118 */ 119 NTSTATUS (*check_password)(struct gensec_ntlmssp_state *, 120 TALLOC_CTX *mem_ctx, 121 DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key); 122 123 const char *server_name; 124 125 bool doing_ntlm2; 126 127 union { 128 /* NTLM */ 129 struct { 130 uint32_t seq_num; 131 struct arcfour_state *arcfour_state; 132 } ntlm; 133 134 /* NTLM2 */ 135 struct { 136 uint32_t send_seq_num; 137 uint32_t recv_seq_num; 138 DATA_BLOB send_sign_key; 139 DATA_BLOB recv_sign_key; 140 struct arcfour_state *send_seal_arcfour_state; 141 struct arcfour_state *recv_seal_arcfour_state; 142 143 /* internal variables used by NTLM2 */ 144 uint8_t session_nonce[16]; 145 } ntlm2; 146 } crypt; 147 28 struct ntlmssp_state *ntlmssp_state; 148 29 struct auth_context *auth_context; 149 struct auth_ serversupplied_info *server_info;30 struct auth_user_info_dc *user_info_dc; 150 31 }; 151 32 … … 153 34 struct auth_session_info; 154 35 36 NTSTATUS gensec_ntlmssp_init(void); 37 155 38 #include "auth/ntlmssp/proto.h"
Note:
See TracChangeset
for help on using the changeset viewer.
