NTSTATUS ntlmssp_client_start(NTLMSSP_STATE **ntlmssp_state)
{
*ntlmssp_state = TALLOC_ZERO_P(NULL, NTLMSSP_STATE);
if (!*ntlmssp_state) {
DEBUG(0,("ntlmssp_client_start: talloc failed!\n"));
talloc_destroy(*ntlmssp_state);
return NT_STATUS_NO_MEMORY;
}
(*ntlmssp_state)->role = NTLMSSP_CLIENT;
(*ntlmssp_state)->get_global_myname = global_myname;
(*ntlmssp_state)->get_domain = lp_workgroup;
(*ntlmssp_state)->unicode = True;
(*ntlmssp_state)->use_ntlmv2 = lp_client_ntlmv2_auth();
(*ntlmssp_state)->expected_state = NTLMSSP_INITIAL;
(*ntlmssp_state)->ref_count = 1;
(*ntlmssp_state)->neg_flags =
NTLMSSP_NEGOTIATE_128 |
NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
NTLMSSP_NEGOTIATE_NTLM |
NTLMSSP_NEGOTIATE_NTLM2 |
NTLMSSP_NEGOTIATE_KEY_EXCH |
NTLMSSP_REQUEST_TARGET;
return NT_STATUS_OK;
}
static NTSTATUS gensec_ntlmssp3_client_start(struct gensec_security *gensec_security)
{
NTSTATUS nt_status;
struct gensec_ntlmssp_context *gensec_ntlmssp;
const char *user, *domain;
const char *password;
nt_status = gensec_ntlmssp_start(gensec_security);
NT_STATUS_NOT_OK_RETURN(nt_status);
gensec_ntlmssp =
talloc_get_type_abort(gensec_security->private_data,
struct gensec_ntlmssp_context);
nt_status = ntlmssp_client_start(gensec_ntlmssp,
lp_netbios_name(), lp_workgroup(),
lp_client_ntlmv2_auth(), &gensec_ntlmssp->ntlmssp_state);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
cli_credentials_get_ntlm_username_domain(gensec_security->credentials, gensec_ntlmssp, &user, &domain);
if (!user || !domain) {
return NT_STATUS_NO_MEMORY;
}
nt_status = ntlmssp_set_username(gensec_ntlmssp->ntlmssp_state, user);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
nt_status = ntlmssp_set_domain(gensec_ntlmssp->ntlmssp_state, domain);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
password = cli_credentials_get_password(gensec_security->credentials);
if (!password) {
return NT_STATUS_NO_MEMORY;
}
nt_status = ntlmssp_set_password(gensec_ntlmssp->ntlmssp_state, password);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
if (gensec_ntlmssp->gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
gensec_ntlmssp->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
if (gensec_ntlmssp->gensec_security->want_features & GENSEC_FEATURE_SIGN) {
gensec_ntlmssp->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
if (gensec_ntlmssp->gensec_security->want_features & GENSEC_FEATURE_SEAL) {
gensec_ntlmssp->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
gensec_ntlmssp->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
return NT_STATUS_OK;
}
NTSTATUS ntlmssp_client_start(NTLMSSP_STATE **ntlmssp_state)
{
TALLOC_CTX *mem_ctx;
mem_ctx = talloc_init("NTLMSSP Client context");
*ntlmssp_state = TALLOC_ZERO_P(mem_ctx, NTLMSSP_STATE);
if (!*ntlmssp_state) {
DEBUG(0,("ntlmssp_client_start: talloc failed!\n"));
talloc_destroy(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
(*ntlmssp_state)->role = NTLMSSP_CLIENT;
(*ntlmssp_state)->mem_ctx = mem_ctx;
(*ntlmssp_state)->get_global_myname = global_myname;
(*ntlmssp_state)->get_domain = lp_workgroup;
(*ntlmssp_state)->unicode = True;
(*ntlmssp_state)->use_ntlmv2 = lp_client_ntlmv2_auth();
(*ntlmssp_state)->expected_state = NTLMSSP_INITIAL;
(*ntlmssp_state)->ref_count = 1;
(*ntlmssp_state)->neg_flags =
NTLMSSP_NEGOTIATE_128 |
NTLMSSP_NEGOTIATE_NTLM |
NTLMSSP_NEGOTIATE_NTLM2 |
NTLMSSP_NEGOTIATE_KEY_EXCH |
/*
* We need to set this to allow a later SetPassword
* via the SAMR pipe to succeed. Strange.... We could
* also add NTLMSSP_NEGOTIATE_SEAL here. JRA.
* */
NTLMSSP_NEGOTIATE_SIGN |
NTLMSSP_REQUEST_TARGET;
return NT_STATUS_OK;
}
static bool wbinfo_auth_crap(char *username, const char *pass)
{
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
struct wbcAuthUserParams params;
struct wbcAuthUserInfo *info = NULL;
struct wbcAuthErrorInfo *err = NULL;
DATA_BLOB lm = data_blob_null;
DATA_BLOB nt = data_blob_null;
fstring name_user;
fstring name_domain;
parse_wbinfo_domain_user(username, name_domain, name_user);
params.account_name = name_user;
params.domain_name = name_domain;
params.workstation_name = NULL;
params.flags = 0;
params.parameter_control= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
params.level = WBC_AUTH_USER_LEVEL_RESPONSE;
generate_random_buffer(params.password.response.challenge, 8);
if (lp_client_ntlmv2_auth()) {
DATA_BLOB server_chal;
DATA_BLOB names_blob;
server_chal = data_blob(params.password.response.challenge, 8);
/* Pretend this is a login to 'us', for blob purposes */
names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
if (!SMBNTLMv2encrypt(name_user, name_domain, pass, &server_chal,
&names_blob,
&lm, &nt, NULL)) {
data_blob_free(&names_blob);
data_blob_free(&server_chal);
return false;
}
data_blob_free(&names_blob);
data_blob_free(&server_chal);
} else {
if (lp_client_lanman_auth()) {
bool ok;
lm = data_blob(NULL, 24);
ok = SMBencrypt(pass, params.password.response.challenge,
lm.data);
if (!ok) {
data_blob_free(&lm);
}
}
nt = data_blob(NULL, 24);
SMBNTencrypt(pass, params.password.response.challenge,
nt.data);
}
params.password.response.nt_length = nt.length;
params.password.response.nt_data = nt.data;
params.password.response.lm_length = lm.length;
params.password.response.lm_data = lm.data;
wbc_status = wbcAuthenticateUserEx(¶ms, &info, &err);
/* Display response */
d_printf("challenge/response password authentication %s\n",
WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
if (wbc_status == WBC_ERR_AUTH_ERROR) {
d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
err->nt_string,
err->nt_status,
err->display_string);
wbcFreeMemory(err);
} else if (WBC_ERROR_IS_OK(wbc_status)) {
wbcFreeMemory(info);
}
data_blob_free(&nt);
data_blob_free(&lm);
return WBC_ERROR_IS_OK(wbc_status);
}
NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_context,
enum auth_password_state to_state,
const struct auth_usersupplied_info *user_info_in,
const struct auth_usersupplied_info **user_info_encrypted)
{
NTSTATUS nt_status;
struct auth_usersupplied_info *user_info_temp;
switch (to_state) {
case AUTH_PASSWORD_RESPONSE:
switch (user_info_in->password_state) {
case AUTH_PASSWORD_PLAIN:
{
const struct auth_usersupplied_info *user_info_temp2;
nt_status = encrypt_user_info(mem_ctx, auth_context,
AUTH_PASSWORD_HASH,
user_info_in, &user_info_temp2);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
user_info_in = user_info_temp2;
/* fall through */
}
case AUTH_PASSWORD_HASH:
{
const uint8_t *challenge;
DATA_BLOB chall_blob;
user_info_temp = talloc(mem_ctx, struct auth_usersupplied_info);
if (!user_info_temp) {
return NT_STATUS_NO_MEMORY;
}
if (!talloc_reference(user_info_temp, user_info_in)) {
return NT_STATUS_NO_MEMORY;
}
*user_info_temp = *user_info_in;
user_info_temp->mapped_state = to_state;
nt_status = auth_get_challenge(auth_context, &challenge);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
chall_blob = data_blob_talloc(mem_ctx, challenge, 8);
if (lp_client_ntlmv2_auth(auth_context->lp_ctx)) {
DATA_BLOB names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(auth_context->lp_ctx), lp_workgroup(auth_context->lp_ctx));
DATA_BLOB lmv2_response, ntlmv2_response, lmv2_session_key, ntlmv2_session_key;
if (!SMBNTLMv2encrypt_hash(user_info_temp,
user_info_in->client.account_name,
user_info_in->client.domain_name,
user_info_in->password.hash.nt->hash, &chall_blob,
&names_blob,
&lmv2_response, &ntlmv2_response,
&lmv2_session_key, &ntlmv2_session_key)) {
data_blob_free(&names_blob);
return NT_STATUS_NO_MEMORY;
}
data_blob_free(&names_blob);
user_info_temp->password.response.lanman = lmv2_response;
user_info_temp->password.response.nt = ntlmv2_response;
data_blob_free(&lmv2_session_key);
data_blob_free(&ntlmv2_session_key);
} else {
DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, 24);
SMBOWFencrypt(user_info_in->password.hash.nt->hash, challenge, blob.data);
user_info_temp->password.response.nt = blob;
if (lp_client_lanman_auth(auth_context->lp_ctx) && user_info_in->password.hash.lanman) {
DATA_BLOB lm_blob = data_blob_talloc(mem_ctx, NULL, 24);
SMBOWFencrypt(user_info_in->password.hash.lanman->hash, challenge, blob.data);
user_info_temp->password.response.lanman = lm_blob;
} else {
/* if not sending the LM password, send the NT password twice */
user_info_temp->password.response.lanman = user_info_temp->password.response.nt;
}
}
user_info_in = user_info_temp;
/* fall through */
}
case AUTH_PASSWORD_RESPONSE:
*user_info_encrypted = user_info_in;
}
break;
case AUTH_PASSWORD_HASH:
{
switch (user_info_in->password_state) {
case AUTH_PASSWORD_PLAIN:
{
struct samr_Password lanman;
struct samr_Password nt;
user_info_temp = talloc(mem_ctx, struct auth_usersupplied_info);
if (!user_info_temp) {
return NT_STATUS_NO_MEMORY;
}
if (!talloc_reference(user_info_temp, user_info_in)) {
return NT_STATUS_NO_MEMORY;
}
*user_info_temp = *user_info_in;
user_info_temp->mapped_state = to_state;
if (E_deshash(user_info_in->password.plaintext, lanman.hash)) {
user_info_temp->password.hash.lanman = talloc(user_info_temp,
struct samr_Password);
*user_info_temp->password.hash.lanman = lanman;
} else {
user_info_temp->password.hash.lanman = NULL;
}
E_md4hash(user_info_in->password.plaintext, nt.hash);
user_info_temp->password.hash.nt = talloc(user_info_temp,
struct samr_Password);
*user_info_temp->password.hash.nt = nt;
user_info_in = user_info_temp;
/* fall through */
}
case AUTH_PASSWORD_HASH:
*user_info_encrypted = user_info_in;
break;
default:
return NT_STATUS_INVALID_PARAMETER;
break;
}
break;
}
static NTSTATUS do_ntlm_auth_with_hashes(const char *username,
const char *domain,
const unsigned char lm_hash[LM_HASH_LEN],
const unsigned char nt_hash[NT_HASH_LEN],
const DATA_BLOB initial_msg,
const DATA_BLOB challenge_msg,
DATA_BLOB *auth_msg,
uint8_t session_key[16])
{
NTSTATUS status;
struct ntlmssp_state *ntlmssp_state = NULL;
DATA_BLOB dummy_msg, reply;
status = ntlmssp_client_start(NULL,
global_myname(),
lp_workgroup(),
lp_client_ntlmv2_auth(),
&ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Could not start NTLMSSP client: %s\n",
nt_errstr(status)));
goto done;
}
status = ntlmssp_set_username(ntlmssp_state, username);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Could not set username: %s\n",
nt_errstr(status)));
goto done;
}
status = ntlmssp_set_domain(ntlmssp_state, domain);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Could not set domain: %s\n",
nt_errstr(status)));
goto done;
}
status = ntlmssp_set_hashes(ntlmssp_state, lm_hash, nt_hash);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Could not set hashes: %s\n",
nt_errstr(status)));
goto done;
}
ntlmssp_want_feature(ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
/* We need to get our protocol handler into the right state. So first
we ask it to generate the initial message. Actually the client has already
sent its own initial message, so we're going to drop this one on the floor.
The client might have sent a different message, for example with different
negotiation options, but as far as I can tell this won't hurt us. (Unless
the client sent a different username or domain, in which case that's their
problem for telling us the wrong username or domain.)
Since we have a copy of the initial message that the client sent, we could
resolve any discrepancies if we had to.
*/
dummy_msg = data_blob_null;
reply = data_blob_null;
status = ntlmssp_update(ntlmssp_state, dummy_msg, &reply);
data_blob_free(&dummy_msg);
data_blob_free(&reply);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
DEBUG(1, ("Failed to create initial message! [%s]\n",
nt_errstr(status)));
goto done;
}
/* Now we are ready to handle the server's actual response. */
status = ntlmssp_update(ntlmssp_state, challenge_msg, &reply);
if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
DEBUG(1, ("We didn't get a response to the challenge! [%s]\n",
nt_errstr(status)));
data_blob_free(&reply);
goto done;
}
if (ntlmssp_state->session_key.length != 16) {
DEBUG(1, ("invalid session key length %d\n",
(int)ntlmssp_state->session_key.length));
data_blob_free(&reply);
goto done;
}
*auth_msg = data_blob(reply.data, reply.length);
memcpy(session_key, ntlmssp_state->session_key.data, 16);
status = NT_STATUS_OK;
done:
TALLOC_FREE(ntlmssp_state);
return status;
}
/*
perform a LDAP/SASL/SPNEGO/NTLMSSP bind (just how many layers can
we fit on one socket??)
*/
static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
{
DATA_BLOB msg1 = data_blob_null;
DATA_BLOB blob = data_blob_null;
DATA_BLOB blob_in = data_blob_null;
DATA_BLOB blob_out = data_blob_null;
struct berval cred, *scred = NULL;
int rc;
NTSTATUS nt_status;
ADS_STATUS status;
int turn = 1;
uint32 features = 0;
struct ntlmssp_state *ntlmssp_state;
nt_status = ntlmssp_client_start(NULL,
lp_netbios_name(),
lp_workgroup(),
lp_client_ntlmv2_auth(),
&ntlmssp_state);
if (!NT_STATUS_IS_OK(nt_status)) {
return ADS_ERROR_NT(nt_status);
}
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN;
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, ads->auth.user_name))) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, ads->auth.realm))) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_password(ntlmssp_state, ads->auth.password))) {
return ADS_ERROR_NT(nt_status);
}
switch (ads->ldap.wrap_type) {
case ADS_SASLWRAP_TYPE_SEAL:
features = NTLMSSP_FEATURE_SIGN | NTLMSSP_FEATURE_SEAL;
break;
case ADS_SASLWRAP_TYPE_SIGN:
if (ads->auth.flags & ADS_AUTH_SASL_FORCE) {
features = NTLMSSP_FEATURE_SIGN;
} else {
/*
* windows servers are broken with sign only,
* so we need to use seal here too
*/
features = NTLMSSP_FEATURE_SIGN | NTLMSSP_FEATURE_SEAL;
ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_SEAL;
}
break;
case ADS_SASLWRAP_TYPE_PLAIN:
break;
}
ntlmssp_want_feature(ntlmssp_state, features);
blob_in = data_blob_null;
do {
nt_status = ntlmssp_update(ntlmssp_state,
blob_in, &blob_out);
data_blob_free(&blob_in);
if ((NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)
|| NT_STATUS_IS_OK(nt_status))
&& blob_out.length) {
if (turn == 1) {
const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
/* and wrap it in a SPNEGO wrapper */
msg1 = spnego_gen_negTokenInit(talloc_tos(),
OIDs_ntlm, &blob_out, NULL);
} else {
/* wrap it in SPNEGO */
msg1 = spnego_gen_auth(talloc_tos(), blob_out);
}
data_blob_free(&blob_out);
cred.bv_val = (char *)msg1.data;
cred.bv_len = msg1.length;
scred = NULL;
rc = ldap_sasl_bind_s(ads->ldap.ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
data_blob_free(&msg1);
if ((rc != LDAP_SASL_BIND_IN_PROGRESS) && (rc != 0)) {
if (scred) {
ber_bvfree(scred);
}
TALLOC_FREE(ntlmssp_state);
return ADS_ERROR(rc);
}
if (scred) {
blob = data_blob(scred->bv_val, scred->bv_len);
ber_bvfree(scred);
} else {
blob = data_blob_null;
}
} else {
TALLOC_FREE(ntlmssp_state);
data_blob_free(&blob_out);
return ADS_ERROR_NT(nt_status);
}
if ((turn == 1) &&
(rc == LDAP_SASL_BIND_IN_PROGRESS)) {
DATA_BLOB tmp_blob = data_blob_null;
/* the server might give us back two challenges */
if (!spnego_parse_challenge(talloc_tos(), blob, &blob_in,
&tmp_blob)) {
TALLOC_FREE(ntlmssp_state);
data_blob_free(&blob);
DEBUG(3,("Failed to parse challenges\n"));
return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
data_blob_free(&tmp_blob);
} else if (rc == LDAP_SASL_BIND_IN_PROGRESS) {
if (!spnego_parse_auth_response(talloc_tos(), blob, nt_status, OID_NTLMSSP,
&blob_in)) {
TALLOC_FREE(ntlmssp_state);
data_blob_free(&blob);
DEBUG(3,("Failed to parse auth response\n"));
return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
}
data_blob_free(&blob);
data_blob_free(&blob_out);
turn++;
} while (rc == LDAP_SASL_BIND_IN_PROGRESS && !NT_STATUS_IS_OK(nt_status));
/* we have a reference conter on ntlmssp_state, if we are signing
then the state will be kept by the signing engine */
if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) {
ads->ldap.out.max_unwrapped = ADS_SASL_WRAPPING_OUT_MAX_WRAPPED - NTLMSSP_SIG_SIZE;
ads->ldap.out.sig_size = NTLMSSP_SIG_SIZE;
ads->ldap.in.min_wrapped = ads->ldap.out.sig_size;
ads->ldap.in.max_wrapped = ADS_SASL_WRAPPING_IN_MAX_WRAPPED;
status = ads_setup_sasl_wrapping(ads, &ads_sasl_ntlmssp_ops, ntlmssp_state);
if (!ADS_ERR_OK(status)) {
DEBUG(0, ("ads_setup_sasl_wrapping() failed: %s\n",
ads_errstr(status)));
TALLOC_FREE(ntlmssp_state);
return status;
}
} else {
TALLOC_FREE(ntlmssp_state);
}
return ADS_ERROR(rc);
}
static bool wbinfo_auth_crap(struct loadparm_context *lp_ctx, char *username)
{
struct winbindd_request request;
struct winbindd_response response;
NSS_STATUS result;
fstring name_user;
fstring name_domain;
fstring pass;
char *p;
/* Send off request */
ZERO_STRUCT(request);
ZERO_STRUCT(response);
p = strchr(username, '%');
if (p) {
*p = 0;
fstrcpy(pass, p + 1);
}
parse_wbinfo_domain_user(username, name_domain, name_user);
request.data.auth_crap.logon_parameters = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
fstrcpy(request.data.auth_crap.user, name_user);
fstrcpy(request.data.auth_crap.domain,
name_domain);
generate_random_buffer(request.data.auth_crap.chal, 8);
if (lp_client_ntlmv2_auth(lp_ctx)) {
DATA_BLOB server_chal;
DATA_BLOB names_blob;
DATA_BLOB lm_response;
DATA_BLOB nt_response;
TALLOC_CTX *mem_ctx;
mem_ctx = talloc_new(NULL);
if (mem_ctx == NULL) {
d_printf("talloc_new failed\n");
return false;
}
server_chal = data_blob(request.data.auth_crap.chal, 8);
/* Pretend this is a login to 'us', for blob purposes */
names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(lp_ctx), lp_workgroup(lp_ctx));
if (!SMBNTLMv2encrypt(mem_ctx, name_user, name_domain, pass, &server_chal,
&names_blob,
&lm_response, &nt_response, NULL, NULL)) {
data_blob_free(&names_blob);
data_blob_free(&server_chal);
return false;
}
data_blob_free(&names_blob);
data_blob_free(&server_chal);
memcpy(request.data.auth_crap.nt_resp, nt_response.data,
MIN(nt_response.length,
sizeof(request.data.auth_crap.nt_resp)));
request.data.auth_crap.nt_resp_len = nt_response.length;
memcpy(request.data.auth_crap.lm_resp, lm_response.data,
MIN(lm_response.length,
sizeof(request.data.auth_crap.lm_resp)));
request.data.auth_crap.lm_resp_len = lm_response.length;
data_blob_free(&nt_response);
data_blob_free(&lm_response);
} else {
if (lp_client_lanman_auth(lp_ctx)
&& SMBencrypt(pass, request.data.auth_crap.chal,
(unsigned char *)request.data.auth_crap.lm_resp)) {
request.data.auth_crap.lm_resp_len = 24;
} else {
request.data.auth_crap.lm_resp_len = 0;
}
SMBNTencrypt(pass, request.data.auth_crap.chal,
(unsigned char *)request.data.auth_crap.nt_resp);
request.data.auth_crap.nt_resp_len = 24;
}
result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response);
/* Display response */
d_printf("challenge/response password authentication %s\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
if (response.data.auth.nt_status)
d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
response.data.auth.nt_status_string,
response.data.auth.nt_status,
response.data.auth.error_string);
return result == NSS_STATUS_SUCCESS;
}
/*
try a netlogon SamLogon
*/
BOOL test_netlogon_ex_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct cli_credentials *credentials,
struct creds_CredentialState *creds)
{
NTSTATUS status;
struct netr_LogonSamLogonEx r;
struct netr_NetworkInfo ninfo;
DATA_BLOB names_blob, chal, lm_resp, nt_resp;
int i;
BOOL ret = True;
int flags = CLI_CRED_NTLM_AUTH;
if (lp_client_lanman_auth()) {
flags |= CLI_CRED_LANMAN_AUTH;
}
if (lp_client_ntlmv2_auth()) {
flags |= CLI_CRED_NTLMv2_AUTH;
}
cli_credentials_get_ntlm_username_domain(cmdline_credentials, mem_ctx,
&ninfo.identity_info.account_name.string,
&ninfo.identity_info.domain_name.string);
generate_random_buffer(ninfo.challenge,
sizeof(ninfo.challenge));
chal = data_blob_const(ninfo.challenge,
sizeof(ninfo.challenge));
names_blob = NTLMv2_generate_names_blob(mem_ctx, cli_credentials_get_workstation(credentials),
cli_credentials_get_domain(credentials));
status = cli_credentials_get_ntlm_response(cmdline_credentials, mem_ctx,
&flags,
chal,
names_blob,
&lm_resp, &nt_resp,
NULL, NULL);
if (!NT_STATUS_IS_OK(status)) {
printf("cli_credentials_get_ntlm_response failed: %s\n",
nt_errstr(status));
return False;
}
ninfo.lm.data = lm_resp.data;
ninfo.lm.length = lm_resp.length;
ninfo.nt.data = nt_resp.data;
ninfo.nt.length = nt_resp.length;
ninfo.identity_info.parameter_control = 0;
ninfo.identity_info.logon_id_low = 0;
ninfo.identity_info.logon_id_high = 0;
ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
r.in.computer_name = cli_credentials_get_workstation(credentials);
r.in.logon_level = 2;
r.in.logon.network = &ninfo;
r.in.flags = 0;
printf("Testing LogonSamLogonEx with name %s\n", ninfo.identity_info.account_name.string);
for (i=2;i<3;i++) {
r.in.validation_level = i;
status = dcerpc_netr_LogonSamLogonEx(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("LogonSamLogon failed: %s\n",
nt_errstr(status));
return False;
}
}
return ret;
}
