mech-ntlm.c revision b97514e470fc4c78f6f1ce4660f1e5aec559c3b4
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * NTLM and NTLMv2 authentication mechanism.
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * Copyright (c) 2004 Andrey Panin <pazke@donpac.ru>
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * This program is free software; you can redistribute it and/or modify
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * it under the terms of the GNU Lesser General Public License as published
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * by the Free Software Foundation; either version 2 of the License, or
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * (at your option) any later version.
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen /* requested: */
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen const unsigned char *challenge;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen /* received: */
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainenlm_credentials_callback(const char *credentials,
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen const unsigned char *client_response;
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen ntlmssp_buffer_length(request->response, lm_response);
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen client_response = ntlmssp_buffer_data(request->response, lm_response);
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen if (credentials == NULL || response_length < LM_RESPONSE_SIZE) {
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen mech_auth_finish(auth_request, NULL, 0, FALSE);
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen hash_buffer = buffer_create_data(auth_request->pool,
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen ntlmssp_v1_response(hash, request->challenge, lm_response);
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen ret = memcmp(lm_response, client_response, LM_RESPONSE_SIZE) == 0;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainenntlm_credentials_callback(const char *credentials,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen const unsigned char *client_response;
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen ntlmssp_buffer_length(request->response, ntlm_response);
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen client_response = ntlmssp_buffer_data(request->response, ntlm_response);
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen if (credentials == NULL || response_length == 0) {
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen /* We can't use LM authentication if NTLM2 was negotiated */
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen mech_auth_finish(auth_request, NULL, 0, FALSE);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen hash_buffer = buffer_create_data(auth_request->pool,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen if (response_length > NTLMSSP_RESPONSE_SIZE) {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen unsigned char ntlm_v2_response[NTLMSSP_V2_RESPONSE_SIZE];
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen const unsigned char *blob =
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * Authentication target == NULL because we are acting
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * as a standalone server, not as NT domain member.
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen ret = memcmp(ntlm_v2_response, client_response,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen unsigned char ntlm_response[NTLMSSP_RESPONSE_SIZE];
88c2db95c4a0f8f7986a63cd57cf4b6850d76543Timo Sirainen const unsigned char *client_lm_response =
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen ntlmssp_buffer_data(request->response, lm_response);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainenmech_ntlm_auth_continue(struct auth_request *auth_request,
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen if (!ntlmssp_check_request(ntlm_request, data_size, &error)) {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen mech_auth_finish(auth_request, NULL, 0, FALSE);
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen message = ntlmssp_create_challenge(request->pool, ntlm_request,
1704aa6b56b6a97bab6e995bcf7170b0c6527291Timo Sirainen request->ntlm2_negotiated = flags & NTLMSSP_NEGOTIATE_NTLM2;
1704aa6b56b6a97bab6e995bcf7170b0c6527291Timo Sirainen request->unicode_negotiated = flags & NTLMSSP_NEGOTIATE_UNICODE;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen if (!ntlmssp_check_response(response, data_size, &error)) {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen mech_auth_finish(auth_request, NULL, 0, FALSE);
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen request->response = p_malloc(request->pool, data_size);
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen memcpy(request->response, response, data_size);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen mech_auth_finish(auth_request, NULL, 0, FALSE);
b97514e470fc4c78f6f1ce4660f1e5aec559c3b4Timo Sirainenmech_ntlm_auth_initial(struct auth_request *request,
b97514e470fc4c78f6f1ce4660f1e5aec559c3b4Timo Sirainen callback(request, AUTH_CLIENT_RESULT_CONTINUE, NULL, 0);
b97514e470fc4c78f6f1ce4660f1e5aec559c3b4Timo Sirainen mech_ntlm_auth_continue(request, data, data_size, callback);
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainenmech_ntlm_auth_free(struct auth_request *request)
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainenstatic struct auth_request *mech_ntlm_auth_new(void)
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen pool = pool_alloconly_create("ntlm_auth_request", 256);
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen request = p_new(pool, struct ntlm_auth_request, 1);