The branch, master has been updated
via 4581902... s3-dcerpc: Unifiy cli_pipe_auth_data and pipe_auth_data
via a91727f... s3-auth: Add auth_ntlmssp wrapper for client side
via e958b39... s3-auth: Move auth_ntlmssp wrappers in their own file
via a04bbd2... s3-auth: Refactor and rename auth_ntlmssp_server_info()
from 0bb8d13... Remove gen_negTokenInit() - change all callers to
spnego_gen_negTokenInit(). We now have one function to do this in all calling
code. More rationalization to follow.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4581902553b511a5ad4bae3249df9326b4cf95ec
Author: Simo Sorce <i...@samba.org>
Date: Sat Jul 17 16:58:50 2010 -0400
s3-dcerpc: Unifiy cli_pipe_auth_data and pipe_auth_data
Signed-off-by: Andrew Bartlett <abart...@samba.org>
commit a91727fc7974aeb314bfb6378f078e6727b20344
Author: Simo Sorce <i...@samba.org>
Date: Mon Jul 19 13:39:01 2010 -0400
s3-auth: Add auth_ntlmssp wrapper for client side
Signed-off-by: Andrew Bartlett <abart...@samba.org>
commit e958b39042b67acaf2dc90a1f3d9bea51d7cebd8
Author: Simo Sorce <i...@samba.org>
Date: Mon Jul 19 13:36:33 2010 -0400
s3-auth: Move auth_ntlmssp wrappers in their own file
Signed-off-by: Andrew Bartlett <abart...@samba.org>
commit a04bbd281c5b94166e23026ea06e98939250028c
Author: Simo Sorce <i...@samba.org>
Date: Fri Jul 16 18:33:38 2010 -0400
s3-auth: Refactor and rename auth_ntlmssp_server_info()
Rename it to auth_ntlmssp_steal_server_info() to make it clear that
the server_info struct is stolen from the auth_ntlmssp_state structure.
Use talloc_move instead of manual steal&clear
Add comments to explain what is going on.
Signed-off-by: Andrew Bartlett <abart...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/Makefile.in | 1 +
source3/auth/auth_netlogond.c | 4 +-
source3/auth/auth_ntlmssp.c | 102 +++--------------------
source3/include/client.h | 17 +----
source3/include/ntdomain.h | 9 ++-
source3/include/ntlmssp_wrap.h | 85 +++++++++++++++++++
source3/include/proto.h | 41 ++--------
source3/libsmb/ntlmssp_wrap.c | 177 ++++++++++++++++++++++++++++++++++++++++
source3/rpc_client/cli_pipe.c | 104 +++++++++++++-----------
source3/rpc_server/srv_pipe.c | 3 +-
source3/smbd/seal.c | 1 +
source3/smbd/sesssetup.c | 4 +-
source3/smbd/smb2_sesssetup.c | 3 +-
13 files changed, 360 insertions(+), 191 deletions(-)
create mode 100644 source3/include/ntlmssp_wrap.h
create mode 100644 source3/libsmb/ntlmssp_wrap.c
Changeset truncated at 500 lines:
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 26879c4..45bf8fd 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -495,6 +495,7 @@ LIBSMB_ERR_OBJ = $(LIBSMB_ERR_OBJ0) $(LIBSMB_ERR_OBJ1) \
LIBSMB_OBJ0 = \
../libcli/auth/ntlm_check.o \
libsmb/ntlmssp.o \
+ libsmb/ntlmssp_wrap.o \
../libcli/auth/ntlmssp.o \
../libcli/auth/ntlmssp_sign.o \
$(LIBNDR_NTLMSSP_OBJ) \
diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c
index 6bd7c3d..7eea5af 100644
--- a/source3/auth/auth_netlogond.c
+++ b/source3/auth/auth_netlogond.c
@@ -34,7 +34,7 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx,
NTSTATUS *schannel_bind_result)
{
struct rpc_pipe_client *p = NULL;
- struct cli_pipe_auth_data *auth = NULL;
+ struct pipe_auth_data *auth = NULL;
struct netr_SamInfo3 *info3 = NULL;
NTSTATUS status;
@@ -161,7 +161,7 @@ static NTSTATUS check_netlogond_security(const struct
auth_context *auth_context
TALLOC_CTX *frame = talloc_stackframe();
struct netr_SamInfo3 *info3 = NULL;
struct rpc_pipe_client *p = NULL;
- struct cli_pipe_auth_data *auth = NULL;
+ struct pipe_auth_data *auth = NULL;
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
char *plaintext_machinepw = NULL;
uint8_t machine_password[16];
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index a71c02b..66adc6f 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -22,56 +22,7 @@
#include "includes.h"
#include "../libcli/auth/ntlmssp.h"
-
-struct auth_ntlmssp_state {
- struct auth_context *auth_context;
- struct auth_serversupplied_info *server_info;
- struct ntlmssp_state *ntlmssp_state;
-};
-
-NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state
*auth_ntlmssp_state,
- TALLOC_CTX *sig_mem_ctx,
- const uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- DATA_BLOB *sig)
-{
- return ntlmssp_sign_packet(auth_ntlmssp_state->ntlmssp_state,
sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
-}
-
-NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state
*auth_ntlmssp_state,
- const uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- const DATA_BLOB *sig)
-{
- return ntlmssp_check_packet(auth_ntlmssp_state->ntlmssp_state, data,
length, whole_pdu, pdu_length, sig);
-}
-
-NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state
*auth_ntlmssp_state,
- TALLOC_CTX *sig_mem_ctx,
- uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- DATA_BLOB *sig)
-{
- return ntlmssp_seal_packet(auth_ntlmssp_state->ntlmssp_state,
sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
-}
-
-NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state
*auth_ntlmssp_state,
- uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- const DATA_BLOB *sig)
-{
- return ntlmssp_unseal_packet(auth_ntlmssp_state->ntlmssp_state, data,
length, whole_pdu, pdu_length, sig);
-}
-
-bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state
*auth_ntlmssp_state)
-{
- return auth_ntlmssp_state->ntlmssp_state->neg_flags &
NTLMSSP_NEGOTIATE_SIGN;
-}
-
-bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state
*auth_ntlmssp_state)
-{
- return auth_ntlmssp_state->ntlmssp_state->neg_flags &
NTLMSSP_NEGOTIATE_SEAL;
-}
+#include "ntlmssp_wrap.h"
void auth_ntlmssp_want_sign(struct auth_ntlmssp_state *auth_ntlmssp_state)
{
@@ -83,47 +34,28 @@ void auth_ntlmssp_want_seal(struct auth_ntlmssp_state
*auth_ntlmssp_state)
}
-NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
- struct auth_ntlmssp_state *auth_ntlmssp_state,
- struct auth_serversupplied_info
**_server_info)
+NTSTATUS auth_ntlmssp_steal_server_info(TALLOC_CTX *mem_ctx,
+ struct auth_ntlmssp_state *auth_ntlmssp_state,
+ struct auth_serversupplied_info **server_info)
{
- struct auth_serversupplied_info *server_info =
auth_ntlmssp_state->server_info;
- data_blob_free(&server_info->user_session_key);
- server_info->user_session_key =
+ /* Free the current server_info user_session_key and reset it from the
+ * current ntlmssp_state session_key */
+ data_blob_free(&auth_ntlmssp_state->server_info->user_session_key);
+ auth_ntlmssp_state->server_info->user_session_key =
data_blob_talloc(
- server_info,
+ auth_ntlmssp_state->server_info,
auth_ntlmssp_state->ntlmssp_state->session_key.data,
auth_ntlmssp_state->ntlmssp_state->session_key.length);
- if (auth_ntlmssp_state->ntlmssp_state->session_key.length &&
!server_info->user_session_key.data) {
- *_server_info = NULL;
+ if (auth_ntlmssp_state->ntlmssp_state->session_key.length &&
+ !auth_ntlmssp_state->server_info->user_session_key.data) {
+ *server_info = NULL;
return NT_STATUS_NO_MEMORY;
}
- auth_ntlmssp_state->server_info = NULL;
- *_server_info = talloc_steal(mem_ctx, server_info);
+ /* Steal server_info away from auth_ntlmssp_state */
+ *server_info = talloc_move(mem_ctx, &auth_ntlmssp_state->server_info);
return NT_STATUS_OK;
}
-struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state
*auth_ntlmssp_state)
-{
- return auth_ntlmssp_state->ntlmssp_state;
-}
-
-/* Needed for 'map to guest' and 'smb username' processing */
-const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state
*auth_ntlmssp_state)
-{
- return auth_ntlmssp_state->ntlmssp_state->user;
-}
-
-const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state
*auth_ntlmssp_state)
-{
- return auth_ntlmssp_state->ntlmssp_state->domain;
-}
-
-const char *auth_ntlmssp_get_client(struct auth_ntlmssp_state
*auth_ntlmssp_state)
-{
- return auth_ntlmssp_state->ntlmssp_state->client.netbios_name;
-}
-
/**
* Return the challenge as determined by the authentication subsystem
* @return an 8 byte random challenge
@@ -327,9 +259,3 @@ static int auth_ntlmssp_state_destructor(void *ptr)
TALLOC_FREE(ans->ntlmssp_state);
return 0;
}
-
-NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *auth_ntlmssp_state,
- const DATA_BLOB request, DATA_BLOB *reply)
-{
- return ntlmssp_update(auth_ntlmssp_state->ntlmssp_state, request,
reply);
-}
diff --git a/source3/include/client.h b/source3/include/client.h
index c245f55..d2afecf 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -48,21 +48,6 @@ struct print_job_info {
time_t t;
};
-struct cli_pipe_auth_data {
- enum pipe_auth_type auth_type; /* switch for the union below. Defined
in ntdomain.h */
- enum dcerpc_AuthLevel auth_level; /* defined in ntdomain.h */
-
- char *domain;
- char *user_name;
- DATA_BLOB user_session_key;
-
- union {
- struct schannel_state *schannel_auth;
- struct ntlmssp_state *ntlmssp_state;
- struct kerberos_auth_struct *kerberos_auth;
- } a_u;
-};
-
/**
* rpc_cli_transport defines a transport mechanism to ship rpc requests
* asynchronously to a server and receive replies
@@ -149,7 +134,7 @@ struct rpc_pipe_client {
uint16 max_xmit_frag;
uint16 max_recv_frag;
- struct cli_pipe_auth_data *auth;
+ struct pipe_auth_data *auth;
/* The following is only non-null on a netlogon client pipe. */
struct netlogon_creds_CredentialState *dc;
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index 629e51c..ea1c0c8 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -107,11 +107,18 @@ struct kerberos_auth_struct {
struct pipe_auth_data {
enum pipe_auth_type auth_type; /* switch for union below. */
enum dcerpc_AuthLevel auth_level;
+
union {
struct schannel_state *schannel_auth;
struct auth_ntlmssp_state *auth_ntlmssp_state;
-/* struct kerberos_auth_struct *kerberos_auth; TO BE ADDED... */
+ struct kerberos_auth_struct *kerberos_auth; /* Client only for
now */
} a_u;
+
+ /* Only the client code uses these 3 for now */
+ char *domain;
+ char *user_name;
+ DATA_BLOB user_session_key;
+
void (*auth_data_free_func)(struct pipe_auth_data *);
};
diff --git a/source3/include/ntlmssp_wrap.h b/source3/include/ntlmssp_wrap.h
new file mode 100644
index 0000000..ec97f58
--- /dev/null
+++ b/source3/include/ntlmssp_wrap.h
@@ -0,0 +1,85 @@
+/*
+ NLTMSSP wrappers
+
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Andrew Bartlett 2001-2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _NTLMSSP_WRAP_
+#define _NTLMSSP_WRAP_
+
+struct auth_ntlmssp_state {
+ /* used only by server implementation */
+ struct auth_context *auth_context;
+ struct auth_serversupplied_info *server_info;
+
+ /* used by both client and server implementation */
+ struct ntlmssp_state *ntlmssp_state;
+};
+
+NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans,
+ TALLOC_CTX *sig_mem_ctx,
+ const uint8_t *data,
+ size_t length,
+ const uint8_t *whole_pdu,
+ size_t pdu_length,
+ DATA_BLOB *sig);
+NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *ans,
+ const uint8_t *data,
+ size_t length,
+ const uint8_t *whole_pdu,
+ size_t pdu_length,
+ const DATA_BLOB *sig);
+NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *ans,
+ TALLOC_CTX *sig_mem_ctx,
+ uint8_t *data,
+ size_t length,
+ const uint8_t *whole_pdu,
+ size_t pdu_length,
+ DATA_BLOB *sig);
+NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans,
+ uint8_t *data,
+ size_t length,
+ const uint8_t *whole_pdu,
+ size_t pdu_length,
+ const DATA_BLOB *sig);
+bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *ans);
+bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *ans);
+struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(
+ struct auth_ntlmssp_state *ans);
+const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *ans);
+const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *ans);
+const char *auth_ntlmssp_get_client(struct auth_ntlmssp_state *ans);
+const uint8_t *auth_ntlmssp_get_nt_hash(struct auth_ntlmssp_state *ans);
+NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans,
+ const char *user);
+NTSTATUS auth_ntlmssp_set_domain(struct auth_ntlmssp_state *ans,
+ const char *domain);
+NTSTATUS auth_ntlmssp_set_password(struct auth_ntlmssp_state *ans,
+ const char *password);
+void auth_ntlmssp_and_flags(struct auth_ntlmssp_state *ans, uint32_t flags);
+void auth_ntlmssp_or_flags(struct auth_ntlmssp_state *ans, uint32_t flags);
+DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans);
+
+NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans,
+ const DATA_BLOB request, DATA_BLOB *reply);
+
+NTSTATUS auth_ntlmssp_client_start(TALLOC_CTX *mem_ctx,
+ const char *netbios_name,
+ const char *netbios_domain,
+ bool use_ntlmv2,
+ struct auth_ntlmssp_state **_ans);
+#endif /* _NTLMSSP_WRAP_ */
diff --git a/source3/include/proto.h b/source3/include/proto.h
index a85f7b5..0865340 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -54,38 +54,13 @@ NTSTATUS auth_netlogond_init(void);
/* The following definitions come from auth/auth_ntlmssp.c */
-NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
- struct auth_ntlmssp_state *auth_ntlmssp_state,
- struct auth_serversupplied_info
**_server_info);
-struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state
*auth_ntlmssp_state);
-const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state
*auth_ntlmssp_state);
-const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state
*auth_ntlmssp_state);
-const char *auth_ntlmssp_get_client(struct auth_ntlmssp_state
*auth_ntlmssp_state);
-bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state
*auth_ntlmssp_state);
-bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state
*auth_ntlmssp_state);
+NTSTATUS auth_ntlmssp_steal_server_info(TALLOC_CTX *mem_ctx,
+ struct auth_ntlmssp_state *auth_ntlmssp_state,
+ struct auth_serversupplied_info **server_info);
void auth_ntlmssp_want_sign(struct auth_ntlmssp_state *auth_ntlmssp_state);
void auth_ntlmssp_want_seal(struct auth_ntlmssp_state *auth_ntlmssp_state);
NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state);
-NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *auth_ntlmssp_state,
- const DATA_BLOB request, DATA_BLOB *reply) ;
-NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state
*auth_ntlmssp_state,
- TALLOC_CTX *sig_mem_ctx,
- const uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- DATA_BLOB *sig);
-NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state
*auth_ntlmssp_state,
- const uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- const DATA_BLOB *sig) ;
-NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state
*auth_ntlmssp_state,
- TALLOC_CTX *sig_mem_ctx,
- uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- DATA_BLOB *sig);
-NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state
*auth_ntlmssp_state,
- uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- const DATA_BLOB *sig);
+
/* The following definitions come from auth/auth_sam.c */
@@ -4853,20 +4828,20 @@ NTSTATUS rpc_api_pipe_req_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
struct tevent_req *rpc_pipe_bind_send(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct rpc_pipe_client *cli,
- struct cli_pipe_auth_data *auth);
+ struct pipe_auth_data *auth);
NTSTATUS rpc_pipe_bind_recv(struct tevent_req *req);
NTSTATUS rpc_pipe_bind(struct rpc_pipe_client *cli,
- struct cli_pipe_auth_data *auth);
+ struct pipe_auth_data *auth);
unsigned int rpccli_set_timeout(struct rpc_pipe_client *cli,
unsigned int timeout);
bool rpccli_is_connected(struct rpc_pipe_client *rpc_cli);
bool rpccli_get_pwd_hash(struct rpc_pipe_client *cli, uint8_t nt_hash[16]);
NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
- struct cli_pipe_auth_data **presult);
+ struct pipe_auth_data **presult);
NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
enum dcerpc_AuthLevel auth_level,
struct netlogon_creds_CredentialState *creds,
- struct cli_pipe_auth_data **presult);
+ struct pipe_auth_data **presult);
NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, const char *host,
const struct ndr_syntax_id *abstract_syntax,
struct rpc_pipe_client **presult);
diff --git a/source3/libsmb/ntlmssp_wrap.c b/source3/libsmb/ntlmssp_wrap.c
new file mode 100644
index 0000000..b3ddf50
--- /dev/null
+++ b/source3/libsmb/ntlmssp_wrap.c
@@ -0,0 +1,177 @@
+/*
+ NLTMSSP wrappers
+
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Andrew Bartlett 2001-2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/auth/ntlmssp.h"
+#include "ntlmssp_wrap.h"
+
+NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans,
+ TALLOC_CTX *sig_mem_ctx,
+ const uint8_t *data,
+ size_t length,
+ const uint8_t *whole_pdu,
+ size_t pdu_length,
+ DATA_BLOB *sig)
+{
+ return ntlmssp_sign_packet(ans->ntlmssp_state,
+ sig_mem_ctx,
+ data, length,
+ whole_pdu, pdu_length,
+ sig);
+}
+
+NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *ans,
+ const uint8_t *data,
+ size_t length,
+ const uint8_t *whole_pdu,
+ size_t pdu_length,
+ const DATA_BLOB *sig)
+{
+ return ntlmssp_check_packet(ans->ntlmssp_state,
+ data, length,
+ whole_pdu, pdu_length,
+ sig);
+}
+
+NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *ans,
+ TALLOC_CTX *sig_mem_ctx,
+ uint8_t *data,
+ size_t length,
+ const uint8_t *whole_pdu,
+ size_t pdu_length,
+ DATA_BLOB *sig)
+{
+ return ntlmssp_seal_packet(ans->ntlmssp_state,
+ sig_mem_ctx,
+ data, length,
+ whole_pdu, pdu_length,
+ sig);
+}
+
+NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans,
+ uint8_t *data,
+ size_t length,
+ const uint8_t *whole_pdu,
+ size_t pdu_length,
+ const DATA_BLOB *sig)
+{
+ return ntlmssp_unseal_packet(ans->ntlmssp_state,
+ data, length,
+ whole_pdu, pdu_length,
+ sig);
+}
+
+bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *ans)
+{
+ return ans->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN;
+}
+
+bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *ans)
+{
+ return ans->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL;
+}
+
+struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(
+ struct auth_ntlmssp_state *ans)
+{
+ return ans->ntlmssp_state;
+}
+
+/* Needed for 'map to guest' and 'smb username' processing */
+const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *ans)
+{
+ return ans->ntlmssp_state->user;
+}
+
+const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *ans)
+{
+ return ans->ntlmssp_state->domain;
--
Samba Shared Repository
