mech-ntlm.c revision 88c2db95c4a0f8f7986a63cd57cf4b6850d76543
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * NTLM and NTLMv2 authentication mechanism.
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * Copyright (c) 2004 Andrey Panin <pazke@donpac.ru>
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * This program is free software; you can redistribute it and/or modify
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * it under the terms of the GNU Lesser General Public License as published
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * by the Free Software Foundation; either version 2 of the License, or
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * (at your option) any later version.
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen /* requested: */
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen const unsigned char *challenge;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen /* received: */
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainenlm_credentials_callback(const char *credentials,
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen const unsigned char *client_response;
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen mech_auth_finish(auth_request, NULL, 0, FALSE);
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen hash_buffer = buffer_create_data(auth_request->pool,
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen client_response = ntlmssp_buffer_data(auth->response, lm_response);
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen ntlmssp_v1_response(hash, auth->challenge, lm_response);
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen ret = memcmp(lm_response, client_response, LM_RESPONSE_SIZE) == 0;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainenntlm_credentials_callback(const char *credentials,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen const unsigned char *client_response;
88c2db95c4a0f8f7986a63cd57cf4b6850d76543Timo Sirainen if (credentials == NULL && !auth->ntlm2_negotiated) {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen hash_buffer = buffer_create_data(auth_request->pool,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen response_length = ntlmssp_buffer_length(auth->response, ntlm_response);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen client_response = ntlmssp_buffer_data(auth->response, ntlm_response);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen if (response_length > NTLMSSP_RESPONSE_SIZE) {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen unsigned char ntlm_v2_response[NTLMSSP_V2_RESPONSE_SIZE];
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen const unsigned char *blob =
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * Authentication target == NULL because we are acting
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * as a standalone server, not as NT domain member.
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen ret = memcmp(ntlm_v2_response, client_response,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen unsigned char ntlm_response[NTLMSSP_RESPONSE_SIZE];
88c2db95c4a0f8f7986a63cd57cf4b6850d76543Timo Sirainen const unsigned char *client_lm_response =
88c2db95c4a0f8f7986a63cd57cf4b6850d76543Timo Sirainen ntlmssp_buffer_data(auth->response, lm_response);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainenmech_ntlm_auth_continue(struct auth_request *auth_request,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen if (!ntlmssp_check_request(request, data_size, &error)) {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen mech_auth_finish(auth_request, NULL, 0, FALSE);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen message = ntlmssp_create_challenge(auth->pool, request,
88c2db95c4a0f8f7986a63cd57cf4b6850d76543Timo Sirainen auth->ntlm2_negotiated = message->flags & NTLMSSP_NEGOTIATE_NTLM2;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen callback(&reply, message, auth_request->conn);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen if (!ntlmssp_check_response(response, data_size, &error)) {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen mech_auth_finish(auth_request, NULL, 0, FALSE);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen auth->response = p_malloc(auth->pool, data_size);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen mech_auth_finish(auth_request, NULL, 0, FALSE);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainenmech_ntlm_auth_initial(struct auth_request *auth_request,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainenmech_ntlm_auth_free(struct auth_request *auth_request)
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainenstatic struct auth_request *mech_ntlm_auth_new(void)
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen pool = pool_alloconly_create("ntlm_auth_request", 256);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen auth = p_new(pool, struct ntlm_auth_request, 1);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen auth->auth_request.auth_initial = mech_ntlm_auth_initial;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen auth->auth_request.auth_continue = mech_ntlm_auth_continue;