smbfs_ntlmssp.c revision 2
2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. 2N/A * NT Lan Manager Security Support Provider (NTLMSSP) 2N/A * Based on information from the "Davenport NTLM" page: 2N/A * So called "security buffer". 2N/A * A lot like an RPC string. 2N/A * Get a "security buffer" (header part) 2N/A * Get a "security buffer" (data part), where 2N/A * the data is delivered as an mbuf. 2N/A * Setup tmp_mb to point to the start of the header. 2N/A * This is a dup ref - do NOT free it. 2N/A /* Skip data up to the offset. */ 2N/A /* Get the data (as an mbuf). */ 2N/A * Put a "security buffer" (header part) 2N/A * Put a "security buffer" (data part), where 2N/A * the data is an mbuf. Note: consumes m. 2N/A * Put a "security buffer" (data part), where 2N/A * the data is a string (OEM or unicode). 2N/A * The string is NOT null terminated. 2N/A * Put the string into a temp. mbuf, 2N/A * then chop off the null terminator 2N/A * before appending to caller's mbp. 2N/A * Note: tmp_mb.mb_top has been consumed, 2N/A * so do NOT free it (no mb_done) 2N/A * Build a Type 1 message 2N/A * This message has a header section containing offsets to 2N/A * data later in the message. We use the common trick of 2N/A * building it in two parts and then concatenatening. 2N/A * Initialize the negotiation flags, and 2N/A * save what we sent. For reference: 2N/A * The client domain and client name strings 2N/A * are always in OEM format, upper-case. 2N/A * Marshal the header (in LE order) 2N/A * then concatenate the 2nd part. 2N/A * Parse a Type 2 message 2N/A * Save the mbdata pointers before we consume anything. 2N/A * Careful to NOT free this (would be dup. free) 2N/A * We use this below to find data based on offsets 2N/A * from the start of the header. 2N/A /* Parse the fixed size header stuff. */ 2N/A * Save flags, challenge for later. 2N/A * Now find out if the optional parts are there. 2N/A * Get the target name string. First get a copy of 2N/A * security buffer header; then parse the string. 2N/A * Get the target info blob, if present. 2N/A * Build a Type 3 message 2N/A * This message has a header section containing offsets to 2N/A * data later in the message. We use the common trick of 2N/A * building it in two parts and then concatenatening. 2N/A * Fill in the NTLMSSP header, etc. 2N/A * with extended session security or the LM/NTLMv1 responses 2N/A /* Build the NTLMv2 "target info" blob. */ 2N/A * Put the "target" (domain), user, workstation 2N/A * Put the "Random Session Key". We don't set 2N/A * NTLMSSP_NEGOTIATE_KEY_EXCH, so it's empty. 2N/A * (In-line mb_put_sb_data here.) 2N/A * Marshal the header (in LE order) 2N/A * then concatenate the 2nd part. 2N/A * smbfs_ntlmssp_final 2N/A * Called after successful authentication. 2N/A * Setup the MAC key for signing. 2N/A * MAC_key is just the session key, but 2N/A * Only on the first successful auth. 2N/A * Apparently, the server used seq. no. zero 2N/A * for our previous message, so next is two. 2N/A * smbfs_ntlmssp_next_token 2N/A /* final call on successful auth. */ 2N/A /* Will build an ouptut token. */ 2N/A * When called with in_mb == NULL, it means 2N/A * this is the first call for this session, 2N/A * so put a Type 1 (initialize) token. 2N/A * This is not the first call, so 2N/A * parse the response token we received. 2N/A * It should be a Type 2 (challenge). 2N/A * Then put a Type 3 (authenticate) 2N/A * smbfs_ntlmssp_ctx_destroy 2N/A * Destroy mechanism-specific data. 2N/A * smbfs_ntlmssp_init_clnt 2N/A * Initialize a new NTLMSSP client context.