wmi-1.3.16 from opsview.com

Samba/source/auth/ntlmssp/config.mk

@@ -0,0 +1,18 @@
+[SUBSYSTEM::MSRPC_PARSE]
+PRIVATE_PROTO_HEADER = msrpc_parse.h
+OBJ_FILES = ntlmssp_parse.o
+
+################################################
+# Start MODULE gensec_ntlmssp
+[MODULE::gensec_ntlmssp]
+SUBSYSTEM = gensec
+INIT_FUNCTION = gensec_ntlmssp_init
+PRIVATE_PROTO_HEADER = proto.h
+OBJ_FILES = ntlmssp.o \
+		ntlmssp_sign.o \
+		ntlmssp_client.o \
+		ntlmssp_server.o
+PUBLIC_DEPENDENCIES = auth MSRPC_PARSE
+OUTPUT_TYPE = INTEGRATED
+# End MODULE gensec_ntlmssp
+################################################

Samba/source/auth/ntlmssp/ntlmssp.c

@@ -0,0 +1,441 @@
+/* 
+   Unix SMB/Netbios implementation.
+   Version 3.0
+   handle NLTMSSP, client server side parsing
+
+   Copyright (C) Andrew Tridgell      2001
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2005
+   Copyright (C) Stefan Metzmacher 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "auth/ntlmssp/ntlmssp.h"
+#include "auth/ntlmssp/msrpc_parse.h"
+#include "librpc/gen_ndr/ndr_dcerpc.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+#include "auth/auth.h"
+
+/**
+ * Callbacks for NTLMSSP - for both client and server operating modes
+ * 
+ */
+
+static const struct ntlmssp_callbacks {
+	enum ntlmssp_role role;
+	enum ntlmssp_message_type command;
+	NTSTATUS (*sync_fn)(struct gensec_security *gensec_security,
+			    TALLOC_CTX *out_mem_ctx,
+			    DATA_BLOB in, DATA_BLOB *out);
+} ntlmssp_callbacks[] = {
+	{
+		.role		= NTLMSSP_CLIENT,
+		.command	= NTLMSSP_INITIAL,
+		.sync_fn	= ntlmssp_client_initial,
+	},{
+		.role		= NTLMSSP_SERVER,
+		.command	= NTLMSSP_NEGOTIATE,
+		.sync_fn	= ntlmssp_server_negotiate,
+	},{
+		.role		= NTLMSSP_CLIENT,
+		.command	= NTLMSSP_CHALLENGE,
+		.sync_fn	= ntlmssp_client_challenge,
+	},{
+		.role		= NTLMSSP_SERVER,
+		.command	= NTLMSSP_AUTH,
+		.sync_fn	= ntlmssp_server_auth,
+	}
+};
+
+
+/**
+ * Print out the NTLMSSP flags for debugging 
+ * @param neg_flags The flags from the packet
+ */
+
+void debug_ntlmssp_flags(uint32_t neg_flags)
+{
+	DEBUG(3,("Got NTLMSSP neg_flags=0x%08x\n", neg_flags));
+	
+	if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) 
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_UNICODE\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_OEM) 
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_OEM\n"));
+	if (neg_flags & NTLMSSP_REQUEST_TARGET) 
+		DEBUGADD(4, ("  NTLMSSP_REQUEST_TARGET\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_SIGN) 
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_SIGN\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_SEAL) 
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_SEAL\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_DATAGRAM_STYLE) 
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_DATAGRAM_STYLE\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) 
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_LM_KEY\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE) 
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_NETWARE\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_NTLM) 
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_NTLM\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED) 
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED) 
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL) 
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN) 
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n"));
+	if (neg_flags & NTLMSSP_CHAL_ACCEPT_RESPONSE) 
+		DEBUGADD(4, ("  NTLMSSP_CHAL_ACCEPT_RESPONSE\n"));
+	if (neg_flags & NTLMSSP_CHAL_NON_NT_SESSION_KEY) 
+		DEBUGADD(4, ("  NTLMSSP_CHAL_NON_NT_SESSION_KEY\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2) 
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_NTLM2\n"));
+	if (neg_flags & NTLMSSP_CHAL_TARGET_INFO) 
+		DEBUGADD(4, ("  NTLMSSP_CHAL_TARGET_INFO\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_128) 
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_128\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) 
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_KEY_EXCH\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_56) 
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_56\n"));
+}
+
+static NTSTATUS gensec_ntlmssp_magic(struct gensec_security *gensec_security, 
+				     const DATA_BLOB *first_packet) 
+{
+	if (first_packet->length > 8 && memcmp("NTLMSSP\0", first_packet->data, 8) == 0) {
+		return NT_STATUS_OK;
+	} else {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+}
+
+static NTSTATUS gensec_ntlmssp_update_find(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
+					   const DATA_BLOB input, uint32_t *idx)
+{
+	struct gensec_security *gensec_security = gensec_ntlmssp_state->gensec_security;
+	uint32_t ntlmssp_command;
+	uint32_t i;
+
+	if (gensec_ntlmssp_state->expected_state == NTLMSSP_DONE) {
+		/* We are strict here because other modules, which we
+		 * don't fully control (such as GSSAPI) are also
+		 * strict, but are tested less often */
+
+		DEBUG(1, ("Called NTLMSSP after state machine was 'done'\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (!input.length) {
+		switch (gensec_ntlmssp_state->role) {
+		case NTLMSSP_CLIENT:
+			ntlmssp_command = NTLMSSP_INITIAL;
+			break;
+		case NTLMSSP_SERVER:
+			if (gensec_security->want_features & GENSEC_FEATURE_DATAGRAM_MODE) {
+				/* 'datagram' mode - no neg packet */
+				ntlmssp_command = NTLMSSP_NEGOTIATE;
+			} else {
+				/* This is normal in SPNEGO mech negotiation fallback */
+				DEBUG(2, ("Failed to parse NTLMSSP packet: zero length\n"));
+				return NT_STATUS_INVALID_PARAMETER;
+			}
+			break;
+		}
+	} else {
+		if (!msrpc_parse(gensec_ntlmssp_state, 
+				 &input, "Cd",
+				 "NTLMSSP",
+				 &ntlmssp_command)) {
+			DEBUG(1, ("Failed to parse NTLMSSP packet, could not extract NTLMSSP command\n"));
+			dump_data(2, input.data, input.length);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+	}
+
+	if (ntlmssp_command != gensec_ntlmssp_state->expected_state) {
+		DEBUG(2, ("got NTLMSSP command %u, expected %u\n", ntlmssp_command, gensec_ntlmssp_state->expected_state));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	for (i=0; i < ARRAY_SIZE(ntlmssp_callbacks); i++) {
+		if (ntlmssp_callbacks[i].role == gensec_ntlmssp_state->role &&
+		    ntlmssp_callbacks[i].command == ntlmssp_command) {
+			*idx = i;
+			return NT_STATUS_OK;
+		}
+	}
+
+	DEBUG(1, ("failed to find NTLMSSP callback for NTLMSSP mode %u, command %u\n", 
+		  gensec_ntlmssp_state->role, ntlmssp_command)); 
+		
+	return NT_STATUS_INVALID_PARAMETER;
+}
+
+/**
+ * Next state function for the wrapped NTLMSSP state machine
+ * 
+ * @param gensec_security GENSEC state, initialised to NTLMSSP
+ * @param out_mem_ctx The TALLOC_CTX for *out to be allocated on
+ * @param in The request, as a DATA_BLOB
+ * @param out The reply, as an talloc()ed DATA_BLOB, on *out_mem_ctx
+ * @return Error, MORE_PROCESSING_REQUIRED if a reply is sent, 
+ *                or NT_STATUS_OK if the user is authenticated. 
+ */
+
+static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, 
+				      TALLOC_CTX *out_mem_ctx, 
+				      const DATA_BLOB input, DATA_BLOB *out)
+{
+	struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+	NTSTATUS status;
+	uint32_t i;
+
+	*out = data_blob(NULL, 0);
+
+	if (!out_mem_ctx) {
+		/* if the caller doesn't want to manage/own the memory, 
+		   we can put it on our context */
+		out_mem_ctx = gensec_ntlmssp_state;
+	}
+
+	status = gensec_ntlmssp_update_find(gensec_ntlmssp_state, input, &i);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	status = ntlmssp_callbacks[i].sync_fn(gensec_security, out_mem_ctx, input, out);
+	NT_STATUS_NOT_OK_RETURN(status);
+	
+	return NT_STATUS_OK;
+}
+
+/**
+ * Return the NTLMSSP master session key
+ * 
+ * @param gensec_ntlmssp_state NTLMSSP State
+ */
+
+NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security, 
+				    DATA_BLOB *session_key)
+{
+	struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+
+	if (!gensec_ntlmssp_state->session_key.data) {
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+	*session_key = gensec_ntlmssp_state->session_key;
+
+	return NT_STATUS_OK;
+}
+
+void ntlmssp_handle_neg_flags(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
+			      uint32_t neg_flags, BOOL allow_lm)
+{
+	if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
+		gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM;
+		gensec_ntlmssp_state->unicode = True;
+	} else {
+		gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_UNICODE;
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_OEM;
+		gensec_ntlmssp_state->unicode = False;
+	}
+
+	if ((neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) && allow_lm && !gensec_ntlmssp_state->use_ntlmv2) {
+		/* other end forcing us to use LM */
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
+		gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
+	} else {
+		gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
+	}
+
+	if (!(neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) {
+		gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
+	}
+
+	if (!(neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
+		gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN;
+	}
+
+	if (!(neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
+		gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SEAL;
+	}
+
+	if (!(neg_flags & NTLMSSP_NEGOTIATE_NTLM2)) {
+		gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
+	}
+
+	if (!(neg_flags & NTLMSSP_NEGOTIATE_128)) {
+		gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_128;
+	}
+
+	if (!(neg_flags & NTLMSSP_NEGOTIATE_56)) {
+		gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_56;
+	}
+
+	if (!(neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) {
+		gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_KEY_EXCH;
+	}
+
+	/* Woop Woop - unknown flag for Windows compatibility...
+	   What does this really do ? JRA. */
+	if (!(neg_flags & NTLMSSP_UNKNOWN_02000000)) {
+		gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_UNKNOWN_02000000;
+	}
+
+	if ((neg_flags & NTLMSSP_REQUEST_TARGET)) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_REQUEST_TARGET;
+	}
+	
+}
+
+/**
+   Weaken NTLMSSP keys to cope with down-level clients and servers.
+
+   We probably should have some parameters to control this, but as
+   it only occours for LM_KEY connections, and this is controlled
+   by the client lanman auth/lanman auth parameters, it isn't too bad.
+*/
+
+DATA_BLOB ntlmssp_weakend_key(struct gensec_ntlmssp_state *gensec_ntlmssp_state, 
+			      TALLOC_CTX *mem_ctx) 
+{
+	DATA_BLOB weakened_key = data_blob_talloc(mem_ctx, 
+						  gensec_ntlmssp_state->session_key.data, 
+						  gensec_ntlmssp_state->session_key.length);
+	/* Nothing to weaken.  We certainly don't want to 'extend' the length... */
+	if (weakened_key.length < 16) {
+		/* perhaps there was no key? */
+		return weakened_key;
+	}
+
+	/* Key weakening not performed on the master key for NTLM2
+	   and does not occour for NTLM1.  Therefore we only need
+	   to do this for the LM_KEY.  
+	*/
+	if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) {
+		/* LM key doesn't support 128 bit crypto, so this is
+		 * the best we can do.  If you negotiate 128 bit, but
+		 * not 56, you end up with 40 bit... */
+		if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {
+			weakened_key.data[7] = 0xa0;
+			weakened_key.length = 8;
+		} else { /* forty bits */
+			weakened_key.data[5] = 0xe5;
+			weakened_key.data[6] = 0x38;
+			weakened_key.data[7] = 0xb0;
+			weakened_key.length = 8;
+		}
+	}
+	return weakened_key;
+}
+
+static BOOL gensec_ntlmssp_have_feature(struct gensec_security *gensec_security,
+					uint32_t feature)
+{
+	struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+	if (feature & GENSEC_FEATURE_SIGN) {
+		if (!gensec_ntlmssp_state->session_key.length) {
+			return False;
+		}
+		if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) {
+			return True;
+		}
+	}
+	if (feature & GENSEC_FEATURE_SEAL) {
+		if (!gensec_ntlmssp_state->session_key.length) {
+			return False;
+		}
+		if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
+			return True;
+		}
+	}
+	if (feature & GENSEC_FEATURE_SESSION_KEY) {
+		if (gensec_ntlmssp_state->session_key.length) {
+			return True;
+		}
+	}
+	if (feature & GENSEC_FEATURE_DCE_STYLE) {
+		return True;
+	}
+	if (feature & GENSEC_FEATURE_ASYNC_REPLIES) {
+		if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
+			return True;
+		}
+	}
+	return False;
+}
+
+NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security)
+{
+	struct gensec_ntlmssp_state *gensec_ntlmssp_state;
+	
+	gensec_ntlmssp_state = talloc_zero(gensec_security, struct gensec_ntlmssp_state);
+	if (!gensec_ntlmssp_state) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	gensec_ntlmssp_state->gensec_security = gensec_security;
+	gensec_ntlmssp_state->auth_context = NULL;
+	gensec_ntlmssp_state->server_info = NULL;
+
+	gensec_security->private_data = gensec_ntlmssp_state;
+	return NT_STATUS_OK;
+}
+
+static const char *gensec_ntlmssp_oids[] = { 
+	GENSEC_OID_NTLMSSP, 
+	NULL
+};
+
+static const struct gensec_security_ops gensec_ntlmssp_security_ops = {
+	.name		= "ntlmssp",
+	.sasl_name	= "NTLM",
+	.auth_type	= DCERPC_AUTH_TYPE_NTLMSSP,
+	.oid            = gensec_ntlmssp_oids,
+	.client_start   = gensec_ntlmssp_client_start,
+	.server_start   = gensec_ntlmssp_server_start,
+	.magic 	        = gensec_ntlmssp_magic,
+	.update 	= gensec_ntlmssp_update,
+	.sig_size	= gensec_ntlmssp_sig_size,
+	.sign_packet	= gensec_ntlmssp_sign_packet,
+	.check_packet	= gensec_ntlmssp_check_packet,
+	.seal_packet	= gensec_ntlmssp_seal_packet,
+	.unseal_packet	= gensec_ntlmssp_unseal_packet,
+	.wrap           = gensec_ntlmssp_wrap,
+	.unwrap         = gensec_ntlmssp_unwrap,
+	.session_key	= gensec_ntlmssp_session_key,
+	.session_info   = gensec_ntlmssp_session_info,
+	.have_feature   = gensec_ntlmssp_have_feature,
+	.enabled        = True,
+	.priority       = GENSEC_NTLMSSP
+};
+
+
+NTSTATUS gensec_ntlmssp_init(void)
+{
+	NTSTATUS ret;
+
+	auth_init();
+
+	ret = gensec_register(&gensec_ntlmssp_security_ops);
+	if (!NT_STATUS_IS_OK(ret)) {
+		DEBUG(0,("Failed to register '%s' gensec backend!\n",
+			gensec_ntlmssp_security_ops.name));
+		return ret;
+	}
+
+	return ret;
+}

Samba/source/auth/ntlmssp/ntlmssp.h

@@ -0,0 +1,190 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell 1992-1997
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   Copyright (C) Paul Ashton 1997
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "librpc/gen_ndr/samr.h"
+
+/* NTLMSSP mode */
+enum ntlmssp_role
+{
+	NTLMSSP_SERVER,
+	NTLMSSP_CLIENT
+};
+
+/* NTLMSSP message types */
+enum ntlmssp_message_type
+{
+	NTLMSSP_INITIAL = 0 /* samba internal state */,
+	NTLMSSP_NEGOTIATE = 1,
+	NTLMSSP_CHALLENGE = 2,
+	NTLMSSP_AUTH      = 3,
+	NTLMSSP_UNKNOWN   = 4,
+	NTLMSSP_DONE   = 5 /* samba final state */
+};
+
+/* NTLMSSP negotiation flags */
+#define NTLMSSP_NEGOTIATE_UNICODE          0x00000001
+#define NTLMSSP_NEGOTIATE_OEM              0x00000002
+#define NTLMSSP_REQUEST_TARGET             0x00000004
+#define NTLMSSP_NEGOTIATE_SIGN             0x00000010 /* Message integrity */
+#define NTLMSSP_NEGOTIATE_SEAL             0x00000020 /* Message confidentiality */
+#define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE   0x00000040
+#define NTLMSSP_NEGOTIATE_LM_KEY           0x00000080
+#define NTLMSSP_NEGOTIATE_NETWARE          0x00000100
+#define NTLMSSP_NEGOTIATE_NTLM             0x00000200
+#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED  0x00001000
+#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x00002000
+#define NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL  0x00004000
+#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN      0x00008000
+#define NTLMSSP_TARGET_TYPE_DOMAIN            0x10000
+#define NTLMSSP_TARGET_TYPE_SERVER            0x20000
+#define NTLMSSP_CHAL_INIT_RESPONSE         0x00010000
+
+#define NTLMSSP_CHAL_ACCEPT_RESPONSE       0x00020000
+#define NTLMSSP_CHAL_NON_NT_SESSION_KEY    0x00040000
+#define NTLMSSP_NEGOTIATE_NTLM2            0x00080000
+#define NTLMSSP_CHAL_TARGET_INFO           0x00800000
+#define NTLMSSP_UNKNOWN_02000000           0x02000000
+#define NTLMSSP_NEGOTIATE_128              0x20000000 /* 128-bit encryption */
+#define NTLMSSP_NEGOTIATE_KEY_EXCH         0x40000000
+#define NTLMSSP_NEGOTIATE_56               0x80000000
+
+#define NTLMSSP_NAME_TYPE_SERVER      0x01
+#define NTLMSSP_NAME_TYPE_DOMAIN      0x02
+#define NTLMSSP_NAME_TYPE_SERVER_DNS  0x03
+#define NTLMSSP_NAME_TYPE_DOMAIN_DNS  0x04
+
+#define NTLMSSP_SIGN_VERSION 1
+
+#define NTLMSSP_SIG_SIZE 16
+
+struct gensec_ntlmssp_state
+{
+	struct gensec_security *gensec_security;
+
+	enum ntlmssp_role role;
+	enum samr_Role server_role;
+	uint32_t expected_state;
+
+	BOOL unicode;
+	BOOL use_ntlmv2;
+	BOOL use_nt_response;  /* Set to 'False' to debug what happens when the NT response is omited */
+	BOOL allow_lm_key;     /* The LM_KEY code is not functional at this point, and it's not 
+				  very secure anyway */
+
+	BOOL server_multiple_authentications;  /* Set to 'True' to allow squid 2.5 
+						  style 'challenge caching' */
+
+	char *user;
+	char *domain;
+	const char *workstation;
+	char *server_domain;
+
+	DATA_BLOB internal_chal; /* Random challenge as supplied to the client for NTLM authentication */
+
+	DATA_BLOB chal; /* Random challenge as input into the actual NTLM (or NTLM2) authentication */
+ 	DATA_BLOB lm_resp;
+	DATA_BLOB nt_resp;
+	DATA_BLOB session_key;
+	
+	uint32_t neg_flags; /* the current state of negotiation with the NTLMSSP partner */
+
+	/* internal variables used by KEY_EXCH (client-supplied user session key */
+	DATA_BLOB encrypted_session_key;
+	
+	/**
+	 * Callback to get the 'challenge' used for NTLM authentication.  
+	 *
+	 * @param ntlmssp_state This structure
+	 * @return 8 bytes of challenge data, determined by the server to be the challenge for NTLM authentication
+	 *
+	 */
+	const uint8_t *(*get_challenge)(const struct gensec_ntlmssp_state *);
+
+	/**
+	 * Callback to find if the challenge used by NTLM authentication may be modified 
+	 *
+	 * The NTLM2 authentication scheme modifies the effective challenge, but this is not compatiable with the
+	 * current 'security=server' implementation..  
+	 *
+	 * @param ntlmssp_state This structure
+	 * @return Can the challenge be set to arbitary values?
+	 *
+	 */
+	BOOL (*may_set_challenge)(const struct gensec_ntlmssp_state *);
+
+	/**
+	 * Callback to set the 'challenge' used for NTLM authentication.  
+	 *
+	 * The callback may use the void *auth_context to store state information, but the same value is always available
+	 * from the DATA_BLOB chal on this structure.
+	 *
+	 * @param ntlmssp_state This structure
+	 * @param challenge 8 bytes of data, agreed by the client and server to be the effective challenge for NTLM2 authentication
+	 *
+	 */
+	NTSTATUS (*set_challenge)(struct gensec_ntlmssp_state *, DATA_BLOB *challenge);
+
+	/**
+	 * Callback to check the user's password.  
+	 *
+	 * The callback must reads the feilds of this structure for the information it needs on the user 
+	 * @param ntlmssp_state This structure
+	 * @param nt_session_key If an NT session key is returned by the authentication process, return it here
+	 * @param lm_session_key If an LM session key is returned by the authentication process, return it here
+	 *
+	 */
+	NTSTATUS (*check_password)(struct gensec_ntlmssp_state *, 
+				   TALLOC_CTX *mem_ctx, 
+				   DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key);
+
+	const char *server_name;
+	const char *(*get_domain)(void);
+
+	BOOL doing_ntlm2; 
+
+	union {
+		/* NTLM */
+		struct {
+			uint32_t seq_num;
+			struct arcfour_state *arcfour_state;
+		} ntlm;
+
+		/* NTLM2 */
+		struct {
+			uint32_t send_seq_num;
+			uint32_t recv_seq_num;
+			DATA_BLOB send_sign_key;
+			DATA_BLOB recv_sign_key;
+			struct arcfour_state *send_seal_arcfour_state;
+			struct arcfour_state *recv_seal_arcfour_state;
+
+			/* internal variables used by NTLM2 */
+			uint8_t session_nonce[16];
+		} ntlm2;
+	} crypt;
+
+	struct auth_context *auth_context;
+	struct auth_serversupplied_info *server_info;
+};
+
+struct auth_session_info;
+#include "auth/ntlmssp/proto.h"

Samba/source/auth/ntlmssp/ntlmssp_client.c

@@ -0,0 +1,368 @@
+/* 
+   Unix SMB/Netbios implementation.
+   Version 3.0
+   handle NLTMSSP, client server side parsing
+
+   Copyright (C) Andrew Tridgell      2001
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2005
+   Copyright (C) Stefan Metzmacher 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "auth/ntlmssp/ntlmssp.h"
+#include "auth/ntlmssp/msrpc_parse.h"
+#include "lib/crypto/crypto.h"
+#include "libcli/auth/libcli_auth.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+
+/*********************************************************************
+ Client side NTLMSSP
+*********************************************************************/
+
+/**
+ * Next state function for the Initial packet
+ * 
+ * @param ntlmssp_state NTLMSSP State
+ * @param out_mem_ctx The DATA_BLOB *out will be allocated on this context
+ * @param in A NULL data blob (input ignored)
+ * @param out The initial negotiate request to the server, as an talloc()ed DATA_BLOB, on out_mem_ctx
+ * @return Errors or NT_STATUS_OK. 
+ */
+
+NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security, 
+				TALLOC_CTX *out_mem_ctx, 
+				DATA_BLOB in, DATA_BLOB *out) 
+{
+	struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+
+	if (gensec_ntlmssp_state->unicode) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
+	} else {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_OEM;
+	}
+	
+	if (gensec_ntlmssp_state->use_ntlmv2) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
+	}
+
+	/* generate the ntlmssp negotiate packet */
+	msrpc_gen(out_mem_ctx, 
+		  out, "CddAA",
+		  "NTLMSSP",
+		  NTLMSSP_NEGOTIATE,
+		  gensec_ntlmssp_state->neg_flags,
+		  gensec_ntlmssp_state->get_domain(), 
+		  cli_credentials_get_workstation(gensec_security->credentials));
+
+	gensec_ntlmssp_state->expected_state = NTLMSSP_CHALLENGE;
+
+	return NT_STATUS_MORE_PROCESSING_REQUIRED;
+}
+
+/**
+ * Next state function for the Challenge Packet.  Generate an auth packet.
+ * 
+ * @param gensec_security GENSEC state
+ * @param out_mem_ctx Memory context for *out
+ * @param in The server challnege, as a DATA_BLOB.  reply.data must be NULL
+ * @param out The next request (auth packet) to the server, as an allocated DATA_BLOB, on the out_mem_ctx context
+ * @return Errors or NT_STATUS_OK. 
+ */
+
+NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, 
+				  TALLOC_CTX *out_mem_ctx,
+				  const DATA_BLOB in, DATA_BLOB *out) 
+{
+	struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+	uint32_t chal_flags, ntlmssp_command, unkn1, unkn2;
+	DATA_BLOB server_domain_blob;
+	DATA_BLOB challenge_blob;
+	DATA_BLOB target_info = data_blob(NULL, 0);
+	char *server_domain;
+	const char *chal_parse_string;
+	const char *auth_gen_string;
+	DATA_BLOB lm_response = data_blob(NULL, 0);
+	DATA_BLOB nt_response = data_blob(NULL, 0);
+	DATA_BLOB session_key = data_blob(NULL, 0);
+	DATA_BLOB lm_session_key = data_blob(NULL, 0);
+	DATA_BLOB encrypted_session_key = data_blob(NULL, 0);
+	NTSTATUS nt_status;
+	int flags = 0;
+	const char *user, *domain;
+
+	TALLOC_CTX *mem_ctx = talloc_new(out_mem_ctx);
+	if (!mem_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!msrpc_parse(mem_ctx,
+			 &in, "CdBd",
+			 "NTLMSSP",
+			 &ntlmssp_command, 
+			 &server_domain_blob,
+			 &chal_flags)) {
+		DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n"));
+		dump_data(2, in.data, in.length);
+		talloc_free(mem_ctx);
+
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	
+	data_blob_free(&server_domain_blob);
+
+	DEBUG(3, ("Got challenge flags:\n"));
+	debug_ntlmssp_flags(chal_flags);
+
+	ntlmssp_handle_neg_flags(gensec_ntlmssp_state, chal_flags, gensec_ntlmssp_state->allow_lm_key);
+
+	if (gensec_ntlmssp_state->unicode) {
+		if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) {
+			chal_parse_string = "CdUdbddB";
+		} else {
+			chal_parse_string = "CdUdbdd";
+		}
+		auth_gen_string = "CdBBUUUBd";
+	} else {
+		if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) {
+			chal_parse_string = "CdAdbddB";
+		} else {
+			chal_parse_string = "CdAdbdd";
+		}
+
+		auth_gen_string = "CdBBAAABd";
+	}
+
+	if (!msrpc_parse(mem_ctx,
+			 &in, chal_parse_string,
+			 "NTLMSSP",
+			 &ntlmssp_command, 
+			 &server_domain,
+			 &chal_flags,
+			 &challenge_blob, 8,
+			 &unkn1, &unkn2,
+			 &target_info)) {
+		DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#2)\n"));
+		dump_data(2, in.data, in.length);
+		talloc_free(mem_ctx);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	gensec_ntlmssp_state->server_domain = server_domain;
+
+	if (challenge_blob.length != 8) {
+		talloc_free(mem_ctx);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	cli_credentials_get_ntlm_username_domain(gensec_security->credentials, mem_ctx, 
+						 &user, &domain);
+
+	if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
+		flags |= CLI_CRED_NTLM2;
+	}
+	if (gensec_ntlmssp_state->use_ntlmv2) {
+		flags |= CLI_CRED_NTLMv2_AUTH;
+	}
+	if (gensec_ntlmssp_state->use_nt_response) {
+		flags |= CLI_CRED_NTLM_AUTH;
+	}
+	if (lp_client_lanman_auth()) {
+		flags |= CLI_CRED_LANMAN_AUTH;
+	}
+
+	nt_status = cli_credentials_get_ntlm_response(gensec_security->credentials, mem_ctx, 
+						      &flags, challenge_blob, target_info,
+						      &lm_response, &nt_response, 
+						      &lm_session_key, &session_key);
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+	
+	if (!(flags & CLI_CRED_LANMAN_AUTH)) {
+		/* LM Key is still possible, just silly.  Fortunetly
+		 * we require command line options to end up here */
+		/* gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY; */
+	}
+
+	if (!(flags & CLI_CRED_NTLM2)) {
+		/* NTLM2 is incompatible... */
+		gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
+	}
+	
+	if ((gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) 
+	    && lp_client_lanman_auth() && lm_session_key.length == 16) {
+		DATA_BLOB new_session_key = data_blob_talloc(mem_ctx, NULL, 16);
+		if (lm_response.length == 24) {
+			SMBsesskeygen_lm_sess_key(lm_session_key.data, lm_response.data, 
+						  new_session_key.data);
+		} else {
+			static const uint8_t zeros[24];
+			SMBsesskeygen_lm_sess_key(lm_session_key.data, zeros,
+						  new_session_key.data);
+		}
+		session_key = new_session_key;
+		dump_data_pw("LM session key\n", session_key.data, session_key.length);
+	}
+
+
+	/* Key exchange encryptes a new client-generated session key with
+	   the password-derived key */
+	if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
+		/* Make up a new session key */
+		uint8_t client_session_key[16];
+		generate_random_buffer(client_session_key, sizeof(client_session_key));
+
+		/* Encrypt the new session key with the old one */
+		encrypted_session_key = data_blob_talloc(gensec_ntlmssp_state, 
+							 client_session_key, sizeof(client_session_key));
+		dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, encrypted_session_key.length);
+		arcfour_crypt(encrypted_session_key.data, session_key.data, encrypted_session_key.length);
+		dump_data_pw("KEY_EXCH session key (enc):\n", encrypted_session_key.data, encrypted_session_key.length);
+
+		/* Mark the new session key as the 'real' session key */
+		session_key = data_blob_talloc(mem_ctx, client_session_key, sizeof(client_session_key));
+	}
+
+	DEBUG(3, ("NTLMSSP: Set final flags:\n"));
+	debug_ntlmssp_flags(gensec_ntlmssp_state->neg_flags);
+
+	/* this generates the actual auth packet */
+	if (!msrpc_gen(mem_ctx, 
+		       out, auth_gen_string, 
+		       "NTLMSSP", 
+		       NTLMSSP_AUTH, 
+		       lm_response.data, lm_response.length,
+		       nt_response.data, nt_response.length,
+		       domain, 
+		       user, 
+		       cli_credentials_get_workstation(gensec_security->credentials),
+		       encrypted_session_key.data, encrypted_session_key.length,
+		       gensec_ntlmssp_state->neg_flags)) {
+		talloc_free(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	gensec_ntlmssp_state->session_key = session_key;
+	talloc_steal(gensec_ntlmssp_state, session_key.data);
+
+	talloc_steal(out_mem_ctx, out->data);
+
+	gensec_ntlmssp_state->chal = challenge_blob;
+	gensec_ntlmssp_state->lm_resp = lm_response;
+	talloc_steal(gensec_ntlmssp_state->lm_resp.data, lm_response.data);
+	gensec_ntlmssp_state->nt_resp = nt_response;
+	talloc_steal(gensec_ntlmssp_state->nt_resp.data, nt_response.data);
+
+	gensec_ntlmssp_state->expected_state = NTLMSSP_DONE;
+
+	if (gensec_security->want_features & (GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL)) {
+		nt_status = ntlmssp_sign_init(gensec_ntlmssp_state);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			DEBUG(1, ("Could not setup NTLMSSP signing/sealing system (error was: %s)\n", 
+				  nt_errstr(nt_status)));
+			talloc_free(mem_ctx);
+			return nt_status;
+		}
+	}
+
+	talloc_free(mem_ctx);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
+{
+	struct gensec_ntlmssp_state *gensec_ntlmssp_state;
+	NTSTATUS nt_status;
+
+	nt_status = gensec_ntlmssp_start(gensec_security);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
+
+	gensec_ntlmssp_state = gensec_security->private_data;
+
+	gensec_ntlmssp_state->role = NTLMSSP_CLIENT;
+
+	gensec_ntlmssp_state->get_domain = lp_workgroup;
+
+	gensec_ntlmssp_state->unicode = lp_parm_bool(-1, "ntlmssp_client", "unicode", True);
+
+	gensec_ntlmssp_state->use_nt_response = lp_parm_bool(-1, "ntlmssp_client", "send_nt_reponse", True);
+
+	gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth() 
+					      && (lp_parm_bool(-1, "ntlmssp_client", "allow_lm_key", False)
+						  || lp_parm_bool(-1, "ntlmssp_client", "lm_key", False)));
+
+	gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth();
+
+	gensec_ntlmssp_state->expected_state = NTLMSSP_INITIAL;
+
+	gensec_ntlmssp_state->neg_flags = 
+		NTLMSSP_NEGOTIATE_NTLM |
+		NTLMSSP_REQUEST_TARGET;
+
+	if (lp_parm_bool(-1, "ntlmssp_client", "128bit", True)) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;		
+	}
+
+	if (lp_parm_bool(-1, "ntlmssp_client", "56bit", False)) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;		
+	}
+
+	if (lp_parm_bool(-1, "ntlmssp_client", "lm_key", False)) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
+	}
+
+	if (lp_parm_bool(-1, "ntlmssp_client", "keyexchange", True)) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;		
+	}
+
+	if (lp_parm_bool(-1, "ntlmssp_client", "alwayssign", True)) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;		
+	}
+
+	if (lp_parm_bool(-1, "ntlmssp_client", "ntlm2", True)) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;		
+	} else {
+		/* apparently we can't do ntlmv2 if we don't do ntlm2 */
+		gensec_ntlmssp_state->use_ntlmv2 = False;
+	}
+
+	if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
+		/*
+		 * We need to set this to allow a later SetPassword
+		 * via the SAMR pipe to succeed. Strange.... We could
+		 * also add  NTLMSSP_NEGOTIATE_SEAL here. JRA.
+		 * 
+		 * Without this, Windows will not create the master key
+		 * that it thinks is only used for NTLMSSP signing and 
+		 * sealing.  (It is actually pulled out and used directly) 
+		 */
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+	}
+	if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+	}
+	if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
+	}
+
+	gensec_security->private_data = gensec_ntlmssp_state;
+
+	return NT_STATUS_OK;
+}
+

Samba/source/auth/ntlmssp/ntlmssp_parse.c

@@ -0,0 +1,336 @@
+/* 
+   Unix SMB/CIFS implementation.
+   simple kerberos5/SPNEGO routines
+   Copyright (C) Andrew Tridgell 2001
+   Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
+   Copyright (C) Andrew Bartlett 2002-2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "pstring.h"
+
+/*
+  this is a tiny msrpc packet generator. I am only using this to
+  avoid tying this code to a particular varient of our rpc code. This
+  generator is not general enough for all our rpc needs, its just
+  enough for the spnego/ntlmssp code
+
+  format specifiers are:
+
+  U = unicode string (input is unix string)
+  a = address (input is char *unix_string)
+      (1 byte type, 1 byte length, unicode/ASCII string, all inline)
+  A = ASCII string (input is unix string)
+  B = data blob (pointer + length)
+  b = data blob in header (pointer + length)
+  D
+  d = word (4 bytes)
+  C = constant ascii string
+ */
+BOOL msrpc_gen(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
+	       const char *format, ...)
+{
+	int i;
+	ssize_t n;
+	va_list ap;
+	char *s;
+	uint8_t *b;
+	int head_size=0, data_size=0;
+	int head_ofs, data_ofs;
+	int *intargs;
+
+	DATA_BLOB *pointers;
+
+	pointers = talloc_array(mem_ctx, DATA_BLOB, strlen(format));
+	intargs = talloc_array(pointers, int, strlen(format));
+
+	/* first scan the format to work out the header and body size */
+	va_start(ap, format);
+	for (i=0; format[i]; i++) {
+		switch (format[i]) {
+		case 'U':
+			s = va_arg(ap, char *);
+			head_size += 8;
+			n = push_ucs2_talloc(pointers, (void **)&pointers[i].data, s);
+			if (n == -1) {
+				return False;
+			}
+			pointers[i].length = n;
+			pointers[i].length -= 2;
+			data_size += pointers[i].length;
+			break;
+		case 'A':
+			s = va_arg(ap, char *);
+			head_size += 8;
+			n = push_ascii_talloc(pointers, (char **)&pointers[i].data, s);
+			if (n == -1) {
+				return False;
+			}
+			pointers[i].length = n;
+			pointers[i].length -= 1;
+			data_size += pointers[i].length;
+			break;
+		case 'a':
+			n = va_arg(ap, int);
+			intargs[i] = n;
+			s = va_arg(ap, char *);
+			n = push_ucs2_talloc(pointers, (void **)&pointers[i].data, s);
+			if (n == -1) {
+				return False;
+			}
+			pointers[i].length = n;
+			pointers[i].length -= 2;
+			data_size += pointers[i].length + 4;
+			break;
+		case 'B':
+			b = va_arg(ap, uint8_t *);
+			head_size += 8;
+			pointers[i].data = b;
+			pointers[i].length = va_arg(ap, int);
+			data_size += pointers[i].length;
+			break;
+		case 'b':
+			b = va_arg(ap, uint8_t *);
+			pointers[i].data = b;
+			pointers[i].length = va_arg(ap, int);
+			head_size += pointers[i].length;
+			break;
+		case 'd':
+			n = va_arg(ap, int);
+			intargs[i] = n;
+			head_size += 4;
+			break;
+		case 'C':
+			s = va_arg(ap, char *);
+			pointers[i].data = (uint8_t *)s;
+			pointers[i].length = strlen(s)+1;
+			head_size += pointers[i].length;
+			break;
+		}
+	}
+	va_end(ap);
+
+	/* allocate the space, then scan the format again to fill in the values */
+	*blob = data_blob_talloc(mem_ctx, NULL, head_size + data_size);
+
+	head_ofs = 0;
+	data_ofs = head_size;
+
+	va_start(ap, format);
+	for (i=0; format[i]; i++) {
+		switch (format[i]) {
+		case 'U':
+		case 'A':
+		case 'B':
+			n = pointers[i].length;
+			SSVAL(blob->data, head_ofs, n); head_ofs += 2;
+			SSVAL(blob->data, head_ofs, n); head_ofs += 2;
+			SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
+			if (pointers[i].data && n) /* don't follow null pointers... */
+				memcpy(blob->data+data_ofs, pointers[i].data, n);
+			data_ofs += n;
+			break;
+		case 'a':
+			n = intargs[i];
+			SSVAL(blob->data, data_ofs, n); data_ofs += 2;
+
+			n = pointers[i].length;
+			SSVAL(blob->data, data_ofs, n); data_ofs += 2;
+			if (n >= 0) {
+				memcpy(blob->data+data_ofs, pointers[i].data, n);
+			}
+			data_ofs += n;
+			break;
+		case 'd':
+			n = intargs[i];
+			SIVAL(blob->data, head_ofs, n); 
+			head_ofs += 4;
+			break;
+		case 'b':
+			n = pointers[i].length;
+			memcpy(blob->data + head_ofs, pointers[i].data, n);
+			head_ofs += n;
+			break;
+		case 'C':
+			n = pointers[i].length;
+			memcpy(blob->data + head_ofs, pointers[i].data, n);
+			head_ofs += n;
+			break;
+		}
+	}
+	va_end(ap);
+	
+	talloc_free(pointers);
+
+	return True;
+}
+
+
+/* a helpful macro to avoid running over the end of our blob */
+#define NEED_DATA(amount) \
+if ((head_ofs + amount) > blob->length) { \
+        return False; \
+}
+
+/*
+  this is a tiny msrpc packet parser. This the the partner of msrpc_gen
+
+  format specifiers are:
+
+  U = unicode string (output is unix string)
+  A = ascii string
+  B = data blob
+  b = data blob in header
+  d = word (4 bytes)
+  C = constant ascii string
+ */
+
+BOOL msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
+		 const char *format, ...)
+{
+	int i;
+	va_list ap;
+	const char **ps, *s;
+	DATA_BLOB *b;
+	size_t head_ofs = 0;
+	uint16_t len1, len2;
+	uint32_t ptr;
+	uint32_t *v;
+	pstring p;
+
+	va_start(ap, format);
+	for (i=0; format[i]; i++) {
+		switch (format[i]) {
+		case 'U':
+			NEED_DATA(8);
+			len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
+			len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
+			ptr =  IVAL(blob->data, head_ofs); head_ofs += 4;
+
+			ps = (const char **)va_arg(ap, char **);
+			if (len1 == 0 && len2 == 0) {
+				*ps = "";
+			} else {
+				/* make sure its in the right format - be strict */
+				if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
+					return False;
+				}
+				if (len1 & 1) {
+					/* if odd length and unicode */
+					return False;
+				}
+				if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
+					return False;
+
+				if (0 < len1) {
+					pull_string(p, blob->data + ptr, sizeof(p), 
+						    len1, STR_UNICODE|STR_NOALIGN);
+					(*ps) = talloc_strdup(mem_ctx, p);
+					if (!(*ps)) {
+						return False;
+					}
+				} else {
+					(*ps) = "";
+				}
+			}
+			break;
+		case 'A':
+			NEED_DATA(8);
+			len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
+			len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
+			ptr =  IVAL(blob->data, head_ofs); head_ofs += 4;
+
+			ps = (const char **)va_arg(ap, char **);
+			/* make sure its in the right format - be strict */
+			if (len1 == 0 && len2 == 0) {
+				*ps = "";
+			} else {
+				if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
+					return False;
+				}
+
+				if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
+					return False;	
+
+				if (0 < len1) {
+					pull_string(p, blob->data + ptr, sizeof(p), 
+						    len1, STR_ASCII|STR_NOALIGN);
+					(*ps) = talloc_strdup(mem_ctx, p);
+					if (!(*ps)) {
+						return False;
+					}
+				} else {
+					(*ps) = "";
+				}
+			}
+			break;
+		case 'B':
+			NEED_DATA(8);
+			len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
+			len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
+			ptr =  IVAL(blob->data, head_ofs); head_ofs += 4;
+
+			b = (DATA_BLOB *)va_arg(ap, void *);
+			if (len1 == 0 && len2 == 0) {
+				*b = data_blob_talloc(mem_ctx, NULL, 0);
+			} else {
+				/* make sure its in the right format - be strict */
+				if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
+					return False;
+				}
+
+				if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
+					return False;	
+			
+				*b = data_blob_talloc(mem_ctx, blob->data + ptr, len1);
+			}
+			break;
+		case 'b':
+			b = (DATA_BLOB *)va_arg(ap, void *);
+			len1 = va_arg(ap, uint_t);
+			/* make sure its in the right format - be strict */
+			NEED_DATA(len1);
+			if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data)
+				return False;	
+			
+			*b = data_blob_talloc(mem_ctx, blob->data + head_ofs, len1);
+			head_ofs += len1;
+			break;
+		case 'd':
+			v = va_arg(ap, uint32_t *);
+			NEED_DATA(4);
+			*v = IVAL(blob->data, head_ofs); head_ofs += 4;
+			break;
+		case 'C':
+			s = va_arg(ap, char *);
+
+			if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data)
+				return False;	
+	
+			head_ofs += pull_string(p, blob->data+head_ofs, sizeof(p), 
+						blob->length - head_ofs, 
+						STR_ASCII|STR_TERMINATE);
+			if (strcmp(s, p) != 0) {
+				return False;
+			}
+			break;
+		}
+	}
+	va_end(ap);
+
+	return True;
+}

Samba/source/auth/ntlmssp/ntlmssp_server.c

@@ -0,0 +1,852 @@
+/* 
+   Unix SMB/Netbios implementation.
+   Version 3.0
+   handle NLTMSSP, client server side parsing
+
+   Copyright (C) Andrew Tridgell      2001
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2005
+   Copyright (C) Stefan Metzmacher 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "auth/ntlmssp/ntlmssp.h"
+#include "auth/ntlmssp/msrpc_parse.h"
+#include "lib/crypto/crypto.h"
+#include "pstring.h"
+#include "system/filesys.h"
+#include "libcli/auth/libcli_auth.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+#include "auth/auth.h"
+
+/** 
+ * Set a username on an NTLMSSP context - ensures it is talloc()ed 
+ *
+ */
+
+static NTSTATUS ntlmssp_set_username(struct gensec_ntlmssp_state *gensec_ntlmssp_state, const char *user) 
+{
+	if (!user) {
+		/* it should be at least "" */
+		DEBUG(1, ("NTLMSSP failed to set username - cannot accept NULL username\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	gensec_ntlmssp_state->user = talloc_strdup(gensec_ntlmssp_state, user);
+	if (!gensec_ntlmssp_state->user) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	return NT_STATUS_OK;
+}
+
+/** 
+ * Set a domain on an NTLMSSP context - ensures it is talloc()ed 
+ *
+ */
+static NTSTATUS ntlmssp_set_domain(struct gensec_ntlmssp_state *gensec_ntlmssp_state, const char *domain) 
+{
+	gensec_ntlmssp_state->domain = talloc_strdup(gensec_ntlmssp_state, domain);
+	if (!gensec_ntlmssp_state->domain) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	return NT_STATUS_OK;
+}
+
+/** 
+ * Set a workstation on an NTLMSSP context - ensures it is talloc()ed 
+ *
+ */
+static NTSTATUS ntlmssp_set_workstation(struct gensec_ntlmssp_state *gensec_ntlmssp_state, const char *workstation) 
+{
+	gensec_ntlmssp_state->workstation = talloc_strdup(gensec_ntlmssp_state, workstation);
+	if (!gensec_ntlmssp_state->workstation) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	return NT_STATUS_OK;
+}
+
+/**
+ * Determine correct target name flags for reply, given server role 
+ * and negotiated flags
+ * 
+ * @param gensec_ntlmssp_state NTLMSSP State
+ * @param neg_flags The flags from the packet
+ * @param chal_flags The flags to be set in the reply packet
+ * @return The 'target name' string.
+ */
+
+static const char *ntlmssp_target_name(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
+				       uint32_t neg_flags, uint32_t *chal_flags) 
+{
+	if (neg_flags & NTLMSSP_REQUEST_TARGET) {
+		*chal_flags |= NTLMSSP_CHAL_TARGET_INFO;
+		*chal_flags |= NTLMSSP_REQUEST_TARGET;
+		if (gensec_ntlmssp_state->server_role == ROLE_STANDALONE) {
+			*chal_flags |= NTLMSSP_TARGET_TYPE_SERVER;
+			return gensec_ntlmssp_state->server_name;
+		} else {
+			*chal_flags |= NTLMSSP_TARGET_TYPE_DOMAIN;
+			return gensec_ntlmssp_state->get_domain();
+		};
+	} else {
+		return "";
+	}
+}
+
+/*
+  Andrew, please remove these totally bogus calls when you get time
+*/
+static BOOL get_myfullname(char *my_name)
+{
+	pstring hostname;
+
+	*hostname = 0;
+
+	/* get my host name */
+	if (gethostname(hostname, sizeof(hostname)) == -1) {
+		DEBUG(0,("gethostname failed\n"));
+		return False;
+	} 
+
+	/* Ensure null termination. */
+	hostname[sizeof(hostname)-1] = '\0';
+
+	if (my_name)
+		fstrcpy(my_name, hostname);
+	return True;
+}
+
+static BOOL get_mydomname(char *my_domname)
+{
+	pstring hostname;
+	char *p;
+
+	/* arrgh! relies on full name in system */
+
+	*hostname = 0;
+	/* get my host name */
+	if (gethostname(hostname, sizeof(hostname)) == -1) {
+		DEBUG(0,("gethostname failed\n"));
+		return False;
+	} 
+
+	/* Ensure null termination. */
+	hostname[sizeof(hostname)-1] = '\0';
+
+	p = strchr_m(hostname, '.');
+
+	if (!p)
+		return False;
+
+	p++;
+	
+	if (my_domname)
+		fstrcpy(my_domname, p);
+
+	return True;
+}
+
+
+
+/**
+ * Next state function for the Negotiate packet
+ * 
+ * @param gensec_security GENSEC state
+ * @param out_mem_ctx Memory context for *out
+ * @param in The request, as a DATA_BLOB.  reply.data must be NULL
+ * @param out The reply, as an allocated DATA_BLOB, caller to free.
+ * @return Errors or MORE_PROCESSING_REQUIRED if (normal) a reply is required. 
+ */
+
+NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security, 
+				  TALLOC_CTX *out_mem_ctx, 
+				  const DATA_BLOB in, DATA_BLOB *out) 
+{
+	struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+	DATA_BLOB struct_blob;
+	fstring dnsname, dnsdomname;
+	uint32_t neg_flags = 0;
+	uint32_t ntlmssp_command, chal_flags;
+	const uint8_t *cryptkey;
+	const char *target_name;
+
+	/* parse the NTLMSSP packet */
+#if 0
+	file_save("ntlmssp_negotiate.dat", request.data, request.length);
+#endif
+
+	if (in.length) {
+		if ((in.length < 16) || !msrpc_parse(out_mem_ctx, &in, "Cdd",
+							 "NTLMSSP",
+							 &ntlmssp_command,
+							 &neg_flags)) {
+			DEBUG(1, ("ntlmssp_server_negotiate: failed to parse "
+				"NTLMSSP Negotiate of length %u:\n",
+				(unsigned int)in.length ));
+			dump_data(2, in.data, in.length);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		debug_ntlmssp_flags(neg_flags);
+	}
+	
+	ntlmssp_handle_neg_flags(gensec_ntlmssp_state, neg_flags, gensec_ntlmssp_state->allow_lm_key);
+
+	/* Ask our caller what challenge they would like in the packet */
+	cryptkey = gensec_ntlmssp_state->get_challenge(gensec_ntlmssp_state);
+
+	/* Check if we may set the challenge */
+	if (!gensec_ntlmssp_state->may_set_challenge(gensec_ntlmssp_state)) {
+		gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
+	}
+
+	/* The flags we send back are not just the negotiated flags,
+	 * they are also 'what is in this packet'.  Therfore, we
+	 * operate on 'chal_flags' from here on 
+	 */
+
+	chal_flags = gensec_ntlmssp_state->neg_flags;
+
+	/* get the right name to fill in as 'target' */
+	target_name = ntlmssp_target_name(gensec_ntlmssp_state, 
+					  neg_flags, &chal_flags); 
+	if (target_name == NULL) 
+		return NT_STATUS_INVALID_PARAMETER;
+
+	gensec_ntlmssp_state->chal = data_blob_talloc(gensec_ntlmssp_state, cryptkey, 8);
+	gensec_ntlmssp_state->internal_chal = data_blob_talloc(gensec_ntlmssp_state, cryptkey, 8);
+
+	/* This should be a 'netbios domain -> DNS domain' mapping */
+	dnsdomname[0] = '\0';
+	get_mydomname(dnsdomname);
+	strlower_m(dnsdomname);
+	
+	dnsname[0] = '\0';
+	get_myfullname(dnsname);
+	
+	/* This creates the 'blob' of names that appears at the end of the packet */
+	if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) 
+	{
+		const char *target_name_dns = "";
+		if (chal_flags |= NTLMSSP_TARGET_TYPE_DOMAIN) {
+			target_name_dns = dnsdomname;
+		} else if (chal_flags |= NTLMSSP_TARGET_TYPE_SERVER) {
+			target_name_dns = dnsname;
+		}
+
+		msrpc_gen(out_mem_ctx, 
+			  &struct_blob, "aaaaa",
+			  NTLMSSP_NAME_TYPE_DOMAIN, target_name,
+			  NTLMSSP_NAME_TYPE_SERVER, gensec_ntlmssp_state->server_name,
+			  NTLMSSP_NAME_TYPE_DOMAIN_DNS, dnsdomname,
+			  NTLMSSP_NAME_TYPE_SERVER_DNS, dnsname,
+			  0, "");
+	} else {
+		struct_blob = data_blob(NULL, 0);
+	}
+
+	{
+		/* Marshel the packet in the right format, be it unicode or ASCII */
+		const char *gen_string;
+		if (gensec_ntlmssp_state->unicode) {
+			gen_string = "CdUdbddB";
+		} else {
+			gen_string = "CdAdbddB";
+		}
+		
+		msrpc_gen(out_mem_ctx, 
+			  out, gen_string,
+			  "NTLMSSP", 
+			  NTLMSSP_CHALLENGE,
+			  target_name,
+			  chal_flags,
+			  cryptkey, 8,
+			  0, 0,
+			  struct_blob.data, struct_blob.length);
+	}
+		
+	gensec_ntlmssp_state->expected_state = NTLMSSP_AUTH;
+
+	return NT_STATUS_MORE_PROCESSING_REQUIRED;
+}
+
+/**
+ * Next state function for the Authenticate packet
+ * 
+ * @param gensec_ntlmssp_state NTLMSSP State
+ * @param request The request, as a DATA_BLOB
+ * @return Errors or NT_STATUS_OK. 
+ */
+
+static NTSTATUS ntlmssp_server_preauth(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
+				       const DATA_BLOB request) 
+{
+	uint32_t ntlmssp_command, auth_flags;
+	NTSTATUS nt_status;
+
+	uint8_t session_nonce_hash[16];
+
+	const char *parse_string;
+	char *domain = NULL;
+	char *user = NULL;
+	char *workstation = NULL;
+
+#if 0
+	file_save("ntlmssp_auth.dat", request.data, request.length);
+#endif
+
+	if (gensec_ntlmssp_state->unicode) {
+		parse_string = "CdBBUUUBd";
+	} else {
+		parse_string = "CdBBAAABd";
+	}
+
+	/* zero these out */
+	data_blob_free(&gensec_ntlmssp_state->lm_resp);
+	data_blob_free(&gensec_ntlmssp_state->nt_resp);
+	data_blob_free(&gensec_ntlmssp_state->encrypted_session_key);
+
+	gensec_ntlmssp_state->user = NULL;
+	gensec_ntlmssp_state->domain = NULL;
+	gensec_ntlmssp_state->workstation = NULL;
+
+	/* now the NTLMSSP encoded auth hashes */
+	if (!msrpc_parse(gensec_ntlmssp_state, 
+			 &request, parse_string,
+			 "NTLMSSP", 
+			 &ntlmssp_command, 
+			 &gensec_ntlmssp_state->lm_resp,
+			 &gensec_ntlmssp_state->nt_resp,
+			 &domain, 
+			 &user, 
+			 &workstation,
+			 &gensec_ntlmssp_state->encrypted_session_key,
+			 &auth_flags)) {
+		DEBUG(10, ("ntlmssp_server_auth: failed to parse NTLMSSP (nonfatal):\n"));
+		dump_data(10, request.data, request.length);
+
+		/* zero this out */
+		data_blob_free(&gensec_ntlmssp_state->encrypted_session_key);
+		auth_flags = 0;
+		
+		/* Try again with a shorter string (Win9X truncates this packet) */
+		if (gensec_ntlmssp_state->unicode) {
+			parse_string = "CdBBUUU";
+		} else {
+			parse_string = "CdBBAAA";
+		}
+
+		/* now the NTLMSSP encoded auth hashes */
+		if (!msrpc_parse(gensec_ntlmssp_state, 
+				 &request, parse_string,
+				 "NTLMSSP", 
+				 &ntlmssp_command, 
+				 &gensec_ntlmssp_state->lm_resp,
+				 &gensec_ntlmssp_state->nt_resp,
+				 &domain, 
+				 &user, 
+				 &workstation)) {
+			DEBUG(1, ("ntlmssp_server_auth: failed to parse NTLMSSP:\n"));
+			dump_data(2, request.data, request.length);
+
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+	}
+
+	if (auth_flags)
+		ntlmssp_handle_neg_flags(gensec_ntlmssp_state, auth_flags, gensec_ntlmssp_state->allow_lm_key);
+
+	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(gensec_ntlmssp_state, domain))) {
+		/* zero this out */
+		data_blob_free(&gensec_ntlmssp_state->encrypted_session_key);
+		return nt_status;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(gensec_ntlmssp_state, user))) {
+		/* zero this out */
+		data_blob_free(&gensec_ntlmssp_state->encrypted_session_key);
+		return nt_status;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_workstation(gensec_ntlmssp_state, workstation))) {
+		/* zero this out */
+		data_blob_free(&gensec_ntlmssp_state->encrypted_session_key);
+		return nt_status;
+	}
+
+	DEBUG(3,("Got user=[%s] domain=[%s] workstation=[%s] len1=%lu len2=%lu\n",
+		 gensec_ntlmssp_state->user, gensec_ntlmssp_state->domain, gensec_ntlmssp_state->workstation, (unsigned long)gensec_ntlmssp_state->lm_resp.length, (unsigned long)gensec_ntlmssp_state->nt_resp.length));
+
+#if 0
+	file_save("nthash1.dat",  &gensec_ntlmssp_state->nt_resp.data,  &gensec_ntlmssp_state->nt_resp.length);
+	file_save("lmhash1.dat",  &gensec_ntlmssp_state->lm_resp.data,  &gensec_ntlmssp_state->lm_resp.length);
+#endif
+
+	/* NTLM2 uses a 'challenge' that is made of up both the server challenge, and a 
+	   client challenge 
+	
+	   However, the NTLM2 flag may still be set for the real NTLMv2 logins, be careful.
+	*/
+	if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
+		if (gensec_ntlmssp_state->nt_resp.length == 24 && gensec_ntlmssp_state->lm_resp.length == 24) {
+			struct MD5Context md5_session_nonce_ctx;
+			SMB_ASSERT(gensec_ntlmssp_state->internal_chal.data 
+				   && gensec_ntlmssp_state->internal_chal.length == 8);
+			
+			gensec_ntlmssp_state->doing_ntlm2 = True;
+
+			memcpy(gensec_ntlmssp_state->crypt.ntlm2.session_nonce, gensec_ntlmssp_state->internal_chal.data, 8);
+			memcpy(&gensec_ntlmssp_state->crypt.ntlm2.session_nonce[8], gensec_ntlmssp_state->lm_resp.data, 8);
+			
+			MD5Init(&md5_session_nonce_ctx);
+			MD5Update(&md5_session_nonce_ctx, gensec_ntlmssp_state->crypt.ntlm2.session_nonce, 16);
+			MD5Final(session_nonce_hash, &md5_session_nonce_ctx);
+			
+			gensec_ntlmssp_state->chal = data_blob_talloc(gensec_ntlmssp_state, 
+							       session_nonce_hash, 8);
+
+			/* LM response is no longer useful, zero it out */
+			data_blob_free(&gensec_ntlmssp_state->lm_resp);
+
+			/* We changed the effective challenge - set it */
+			if (!NT_STATUS_IS_OK(nt_status = 
+					     gensec_ntlmssp_state->set_challenge(gensec_ntlmssp_state, 
+										 &gensec_ntlmssp_state->chal))) {
+				/* zero this out */
+				data_blob_free(&gensec_ntlmssp_state->encrypted_session_key);
+				return nt_status;
+			}
+
+			/* LM Key is incompatible... */
+			gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
+		}
+	}
+	return NT_STATUS_OK;
+}
+
+/**
+ * Next state function for the Authenticate packet 
+ * (after authentication - figures out the session keys etc)
+ * 
+ * @param gensec_ntlmssp_state NTLMSSP State
+ * @return Errors or NT_STATUS_OK. 
+ */
+
+static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security, 
+					DATA_BLOB *user_session_key, 
+					DATA_BLOB *lm_session_key) 
+{
+	struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+	NTSTATUS nt_status;
+	DATA_BLOB session_key = data_blob(NULL, 0);
+
+	if (user_session_key)
+		dump_data_pw("USER session key:\n", user_session_key->data, user_session_key->length);
+
+	if (lm_session_key) 
+		dump_data_pw("LM first-8:\n", lm_session_key->data, lm_session_key->length);
+
+	/* Handle the different session key derivation for NTLM2 */
+	if (gensec_ntlmssp_state->doing_ntlm2) {
+		if (user_session_key && user_session_key->data && user_session_key->length == 16) {
+			session_key = data_blob_talloc(gensec_ntlmssp_state, NULL, 16);
+			hmac_md5(user_session_key->data, gensec_ntlmssp_state->crypt.ntlm2.session_nonce, 
+				 sizeof(gensec_ntlmssp_state->crypt.ntlm2.session_nonce), session_key.data);
+			DEBUG(10,("ntlmssp_server_auth: Created NTLM2 session key.\n"));
+			dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length);
+			
+		} else {
+			DEBUG(10,("ntlmssp_server_auth: Failed to create NTLM2 session key.\n"));
+			session_key = data_blob(NULL, 0);
+		}
+	} else if ((gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) 
+		/* Ensure we can never get here on NTLMv2 */
+		&& (gensec_ntlmssp_state->nt_resp.length == 0 || gensec_ntlmssp_state->nt_resp.length == 24)) {
+
+		if (lm_session_key && lm_session_key->data && lm_session_key->length >= 8) {
+			if (gensec_ntlmssp_state->lm_resp.data && gensec_ntlmssp_state->lm_resp.length == 24) {
+				session_key = data_blob_talloc(gensec_ntlmssp_state, NULL, 16);
+				SMBsesskeygen_lm_sess_key(lm_session_key->data, gensec_ntlmssp_state->lm_resp.data, 
+							  session_key.data);
+				DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
+				dump_data_pw("LM session key:\n", session_key.data, session_key.length);
+  			} else {
+				
+				/* When there is no LM response, just use zeros */
+ 				static const uint8_t zeros[24];
+ 				session_key = data_blob_talloc(gensec_ntlmssp_state, NULL, 16);
+ 				SMBsesskeygen_lm_sess_key(zeros, zeros, 
+ 							  session_key.data);
+ 				DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
+ 				dump_data_pw("LM session key:\n", session_key.data, session_key.length);
+			}
+		} else {
+ 			/* LM Key not selected */
+ 			gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
+
+			DEBUG(10,("ntlmssp_server_auth: Failed to create NTLM session key.\n"));
+			session_key = data_blob(NULL, 0);
+		}
+
+	} else if (user_session_key && user_session_key->data) {
+		session_key = *user_session_key;
+		DEBUG(10,("ntlmssp_server_auth: Using unmodified nt session key.\n"));
+		dump_data_pw("unmodified session key:\n", session_key.data, session_key.length);
+
+		/* LM Key not selected */
+		gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
+
+	} else if (lm_session_key && lm_session_key->data) {
+		/* Very weird to have LM key, but no user session key, but anyway.. */
+		session_key = *lm_session_key;
+		DEBUG(10,("ntlmssp_server_auth: Using unmodified lm session key.\n"));
+		dump_data_pw("unmodified session key:\n", session_key.data, session_key.length);
+
+		/* LM Key not selected */
+		gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
+
+	} else {
+		DEBUG(10,("ntlmssp_server_auth: Failed to create unmodified session key.\n"));
+		session_key = data_blob(NULL, 0);
+
+		/* LM Key not selected */
+		gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
+	}
+
+	/* With KEY_EXCH, the client supplies the proposed session key, 
+	   but encrypts it with the long-term key */
+	if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
+		if (!gensec_ntlmssp_state->encrypted_session_key.data 
+		    || gensec_ntlmssp_state->encrypted_session_key.length != 16) {
+			data_blob_free(&gensec_ntlmssp_state->encrypted_session_key);
+			DEBUG(1, ("Client-supplied KEY_EXCH session key was of invalid length (%u)!\n", 
+				  (unsigned)gensec_ntlmssp_state->encrypted_session_key.length));
+			return NT_STATUS_INVALID_PARAMETER;
+		} else if (!session_key.data || session_key.length != 16) {
+			DEBUG(5, ("server session key is invalid (len == %u), cannot do KEY_EXCH!\n", 
+				  (unsigned)session_key.length));
+			gensec_ntlmssp_state->session_key = session_key;
+		} else {
+			dump_data_pw("KEY_EXCH session key (enc):\n", 
+				     gensec_ntlmssp_state->encrypted_session_key.data, 
+				     gensec_ntlmssp_state->encrypted_session_key.length);
+			arcfour_crypt(gensec_ntlmssp_state->encrypted_session_key.data, 
+				      session_key.data, 
+				      gensec_ntlmssp_state->encrypted_session_key.length);
+			gensec_ntlmssp_state->session_key = data_blob_talloc(gensec_ntlmssp_state, 
+								      gensec_ntlmssp_state->encrypted_session_key.data, 
+								      gensec_ntlmssp_state->encrypted_session_key.length);
+			dump_data_pw("KEY_EXCH session key:\n", gensec_ntlmssp_state->encrypted_session_key.data, 
+				     gensec_ntlmssp_state->encrypted_session_key.length);
+		}
+	} else {
+		gensec_ntlmssp_state->session_key = session_key;
+	}
+
+	/* keep the session key around on the new context */
+	talloc_steal(gensec_ntlmssp_state, session_key.data);
+
+	if ((gensec_security->want_features & GENSEC_FEATURE_SIGN)
+	    || (gensec_security->want_features & GENSEC_FEATURE_SEAL)) {
+		nt_status = ntlmssp_sign_init(gensec_ntlmssp_state);
+	} else {
+		nt_status = NT_STATUS_OK;
+	}
+
+	data_blob_free(&gensec_ntlmssp_state->encrypted_session_key);
+	
+	/* allow arbitarily many authentications, but watch that this will cause a 
+	   memory leak, until the gensec_ntlmssp_state is shutdown 
+	*/
+
+	if (gensec_ntlmssp_state->server_multiple_authentications) {
+		gensec_ntlmssp_state->expected_state = NTLMSSP_AUTH;
+	} else {
+		gensec_ntlmssp_state->expected_state = NTLMSSP_DONE;
+	}
+
+	return nt_status;
+}
+
+
+/**
+ * Next state function for the Authenticate packet
+ * 
+ * @param gensec_security GENSEC state
+ * @param out_mem_ctx Memory context for *out
+ * @param in The request, as a DATA_BLOB.  reply.data must be NULL
+ * @param out The reply, as an allocated DATA_BLOB, caller to free.
+ * @return Errors or NT_STATUS_OK if authentication sucessful
+ */
+
+NTSTATUS ntlmssp_server_auth(struct gensec_security *gensec_security, 
+			     TALLOC_CTX *out_mem_ctx, 
+			     const DATA_BLOB in, DATA_BLOB *out) 
+{	
+	struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+	DATA_BLOB user_session_key = data_blob(NULL, 0);
+	DATA_BLOB lm_session_key = data_blob(NULL, 0);
+	NTSTATUS nt_status;
+
+	TALLOC_CTX *mem_ctx = talloc_new(out_mem_ctx);
+	if (!mem_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* zero the outbound NTLMSSP packet */
+	*out = data_blob_talloc(out_mem_ctx, NULL, 0);
+
+	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_server_preauth(gensec_ntlmssp_state, in))) {
+		talloc_free(mem_ctx);
+		return nt_status;
+	}
+
+	/*
+	 * Note we don't check here for NTLMv2 auth settings. If NTLMv2 auth
+	 * is required (by "ntlm auth = no" and "lm auth = no" being set in the
+	 * smb.conf file) and no NTLMv2 response was sent then the password check
+	 * will fail here. JRA.
+	 */
+
+	/* Finally, actually ask if the password is OK */
+
+	if (!NT_STATUS_IS_OK(nt_status = gensec_ntlmssp_state->check_password(gensec_ntlmssp_state, mem_ctx,
+									      &user_session_key, &lm_session_key))) {
+		talloc_free(mem_ctx);
+		return nt_status;
+	}
+	
+	if (gensec_security->want_features
+	    & (GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL|GENSEC_FEATURE_SESSION_KEY)) {
+		nt_status = ntlmssp_server_postauth(gensec_security, &user_session_key, &lm_session_key);
+		talloc_free(mem_ctx);
+		return nt_status;
+	} else {
+		gensec_ntlmssp_state->session_key = data_blob(NULL, 0);
+		talloc_free(mem_ctx);
+		return NT_STATUS_OK;
+	}
+}
+
+/**
+ * Return the challenge as determined by the authentication subsystem 
+ * @return an 8 byte random challenge
+ */
+
+static const uint8_t *auth_ntlmssp_get_challenge(const struct gensec_ntlmssp_state *gensec_ntlmssp_state)
+{
+	NTSTATUS status;
+	const uint8_t *chal;
+
+	status = auth_get_challenge(gensec_ntlmssp_state->auth_context, &chal);
+	if (!NT_STATUS_IS_OK(status)) {
+		return NULL;
+	}
+
+	return chal;
+}
+
+/**
+ * Some authentication methods 'fix' the challenge, so we may not be able to set it
+ *
+ * @return If the effective challenge used by the auth subsystem may be modified
+ */
+static BOOL auth_ntlmssp_may_set_challenge(const struct gensec_ntlmssp_state *gensec_ntlmssp_state)
+{
+	return auth_challenge_may_be_modified(gensec_ntlmssp_state->auth_context);
+}
+
+/**
+ * NTLM2 authentication modifies the effective challenge, 
+ * @param challenge The new challenge value
+ */
+static NTSTATUS auth_ntlmssp_set_challenge(struct gensec_ntlmssp_state *gensec_ntlmssp_state, DATA_BLOB *challenge)
+{
+	NTSTATUS nt_status;
+	struct auth_context *auth_context = gensec_ntlmssp_state->auth_context;
+	const uint8_t *chal;
+
+	if (challenge->length != 8) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	chal = challenge->data;
+
+	nt_status = auth_context_set_challenge(auth_context, chal, "NTLMSSP callback (NTLM2)");
+
+	return nt_status;
+}
+
+/**
+ * Check the password on an NTLMSSP login.  
+ *
+ * Return the session keys used on the connection.
+ */
+
+static NTSTATUS auth_ntlmssp_check_password(struct gensec_ntlmssp_state *gensec_ntlmssp_state, 
+					    TALLOC_CTX *mem_ctx, 
+					    DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) 
+{
+	NTSTATUS nt_status;
+	struct auth_usersupplied_info *user_info = talloc(mem_ctx, struct auth_usersupplied_info);
+	if (!user_info) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
+	user_info->flags = 0;
+	user_info->mapped_state = False;
+	user_info->client.account_name = gensec_ntlmssp_state->user;
+	user_info->client.domain_name = gensec_ntlmssp_state->domain;
+	user_info->workstation_name = gensec_ntlmssp_state->workstation;
+	user_info->remote_host = gensec_get_peer_addr(gensec_ntlmssp_state->gensec_security);
+
+	user_info->password_state = AUTH_PASSWORD_RESPONSE;
+	user_info->password.response.lanman = gensec_ntlmssp_state->lm_resp;
+	user_info->password.response.lanman.data = talloc_steal(user_info, gensec_ntlmssp_state->lm_resp.data);
+	user_info->password.response.nt = gensec_ntlmssp_state->nt_resp;
+	user_info->password.response.nt.data = talloc_steal(user_info, gensec_ntlmssp_state->nt_resp.data);
+
+	nt_status = auth_check_password(gensec_ntlmssp_state->auth_context, mem_ctx,
+					user_info, &gensec_ntlmssp_state->server_info);
+	talloc_free(user_info);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
+
+	talloc_steal(gensec_ntlmssp_state, gensec_ntlmssp_state->server_info);
+
+	if (gensec_ntlmssp_state->server_info->user_session_key.length) {
+		DEBUG(10, ("Got NT session key of length %u\n", 
+			   (unsigned)gensec_ntlmssp_state->server_info->user_session_key.length));
+		if (!talloc_reference(mem_ctx, gensec_ntlmssp_state->server_info->user_session_key.data)) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		*user_session_key = gensec_ntlmssp_state->server_info->user_session_key;
+	}
+	if (gensec_ntlmssp_state->server_info->lm_session_key.length) {
+		DEBUG(10, ("Got LM session key of length %u\n", 
+			   (unsigned)gensec_ntlmssp_state->server_info->lm_session_key.length));
+		if (!talloc_reference(mem_ctx, gensec_ntlmssp_state->server_info->lm_session_key.data)) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		*lm_session_key = gensec_ntlmssp_state->server_info->lm_session_key;
+	}
+	return nt_status;
+}
+
+/** 
+ * Return the credentials of a logged on user, including session keys
+ * etc.
+ *
+ * Only valid after a successful authentication
+ *
+ * May only be called once per authentication.
+ *
+ */
+
+NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
+				     struct auth_session_info **session_info) 
+{
+	NTSTATUS nt_status;
+	struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+
+	nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_ntlmssp_state->server_info, session_info);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
+
+	(*session_info)->session_key = data_blob_talloc(*session_info, 
+							gensec_ntlmssp_state->session_key.data,
+							gensec_ntlmssp_state->session_key.length);
+
+	return NT_STATUS_OK;
+}
+
+/**
+ * Start NTLMSSP on the server side 
+ *
+ */
+NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
+{
+	NTSTATUS nt_status;
+	struct gensec_ntlmssp_state *gensec_ntlmssp_state;
+
+	nt_status = gensec_ntlmssp_start(gensec_security);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
+
+	gensec_ntlmssp_state = gensec_security->private_data;
+
+	gensec_ntlmssp_state->role = NTLMSSP_SERVER;
+
+	gensec_ntlmssp_state->workstation = NULL;
+	gensec_ntlmssp_state->server_name = lp_netbios_name();
+
+	gensec_ntlmssp_state->get_domain = lp_workgroup;
+
+	gensec_ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE;
+
+	gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth() 
+					  && lp_parm_bool(-1, "ntlmssp_server", "allow_lm_key", False));
+
+	gensec_ntlmssp_state->server_multiple_authentications = False;
+	
+	gensec_ntlmssp_state->neg_flags = 
+		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_UNKNOWN_02000000;
+
+	gensec_ntlmssp_state->lm_resp = data_blob(NULL, 0);
+	gensec_ntlmssp_state->nt_resp = data_blob(NULL, 0);
+	gensec_ntlmssp_state->encrypted_session_key = data_blob(NULL, 0);
+
+	if (lp_parm_bool(-1, "ntlmssp_server", "128bit", True)) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;		
+	}
+
+	if (lp_parm_bool(-1, "ntlmssp_server", "56bit", True)) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;		
+	}
+
+	if (lp_parm_bool(-1, "ntlmssp_server", "keyexchange", True)) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;		
+	}
+
+	if (lp_parm_bool(-1, "ntlmssp_server", "alwayssign", True)) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;		
+	}
+
+	if (lp_parm_bool(-1, "ntlmssp_server", "ntlm2", True)) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;		
+	}
+
+	if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+	}
+	if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
+		gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
+	}
+
+	nt_status = auth_context_create(gensec_ntlmssp_state, lp_auth_methods(), 
+					gensec_security->event_ctx,
+					gensec_security->msg_ctx,
+					&gensec_ntlmssp_state->auth_context);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
+
+	gensec_ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge;
+	gensec_ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;
+	gensec_ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge;
+	gensec_ntlmssp_state->check_password = auth_ntlmssp_check_password;
+	gensec_ntlmssp_state->server_role = lp_server_role();
+
+	return NT_STATUS_OK;
+}
+

Samba/source/auth/ntlmssp/ntlmssp_sign.c

@@ -0,0 +1,549 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  Version 3.0
+ *  NTLMSSP Signing routines
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-2001
+ *  Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2005
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software Foundation,
+ *  Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#include "includes.h"
+#include "auth/auth.h"
+#include "auth/ntlmssp/ntlmssp.h"
+#include "auth/ntlmssp/msrpc_parse.h"
+#include "lib/crypto/crypto.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+
+#define CLI_SIGN "session key to client-to-server signing key magic constant"
+#define CLI_SEAL "session key to client-to-server sealing key magic constant"
+#define SRV_SIGN "session key to server-to-client signing key magic constant"
+#define SRV_SEAL "session key to server-to-client sealing key magic constant"
+
+/**
+ * Some notes on the NTLM2 code:
+ *
+ * NTLM2 is a AEAD system.  This means that the data encrypted is not
+ * all the data that is signed.  In DCE-RPC case, the headers of the
+ * DCE-RPC packets are also signed.  This prevents some of the
+ * fun-and-games one might have by changing them.
+ *
+ */
+
+static void calc_ntlmv2_key(TALLOC_CTX *mem_ctx, 
+			    DATA_BLOB *subkey,
+			    DATA_BLOB session_key, 
+			    const char *constant)
+{
+	struct MD5Context ctx3;
+	*subkey = data_blob_talloc(mem_ctx, NULL, 16);
+	MD5Init(&ctx3);
+	MD5Update(&ctx3, session_key.data, session_key.length);
+	MD5Update(&ctx3, (const uint8_t *)constant, strlen(constant)+1);
+	MD5Final(subkey->data, &ctx3);
+}
+
+enum ntlmssp_direction {
+	NTLMSSP_SEND,
+	NTLMSSP_RECEIVE
+};
+
+static NTSTATUS ntlmssp_make_packet_signature(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
+					      TALLOC_CTX *sig_mem_ctx, 
+					      const uint8_t *data, size_t length, 
+					      const uint8_t *whole_pdu, size_t pdu_length, 
+					      enum ntlmssp_direction direction,
+					      DATA_BLOB *sig, BOOL encrypt_sig)
+{
+	if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
+
+		HMACMD5Context ctx;
+		uint8_t digest[16];
+		uint8_t seq_num[4];
+
+		*sig = data_blob_talloc(sig_mem_ctx, NULL, NTLMSSP_SIG_SIZE);
+		if (!sig->data) {
+			return NT_STATUS_NO_MEMORY;
+		}
+			
+		switch (direction) {
+		case NTLMSSP_SEND:
+			SIVAL(seq_num, 0, gensec_ntlmssp_state->crypt.ntlm2.send_seq_num);
+			gensec_ntlmssp_state->crypt.ntlm2.send_seq_num++;
+			hmac_md5_init_limK_to_64(gensec_ntlmssp_state->crypt.ntlm2.send_sign_key.data, 
+						 gensec_ntlmssp_state->crypt.ntlm2.send_sign_key.length, &ctx);
+			break;
+		case NTLMSSP_RECEIVE:
+			SIVAL(seq_num, 0, gensec_ntlmssp_state->crypt.ntlm2.recv_seq_num);
+			gensec_ntlmssp_state->crypt.ntlm2.recv_seq_num++;
+			hmac_md5_init_limK_to_64(gensec_ntlmssp_state->crypt.ntlm2.recv_sign_key.data, 
+						 gensec_ntlmssp_state->crypt.ntlm2.recv_sign_key.length, &ctx);
+			break;
+		}
+		hmac_md5_update(seq_num, sizeof(seq_num), &ctx);
+		hmac_md5_update(whole_pdu, pdu_length, &ctx);
+		hmac_md5_final(digest, &ctx);
+
+		if (encrypt_sig && gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
+			switch (direction) {
+			case NTLMSSP_SEND:
+				arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state, digest, 8);
+				break;
+			case NTLMSSP_RECEIVE:
+				arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state, digest, 8);
+				break;
+			}
+		}
+
+		SIVAL(sig->data, 0, NTLMSSP_SIGN_VERSION);
+		memcpy(sig->data + 4, digest, 8);
+		memcpy(sig->data + 12, seq_num, 4);
+
+		DEBUG(10, ("NTLM2: created signature over %llu bytes of input:\n", (unsigned long long)pdu_length));
+		dump_data(11, sig->data, sig->length);
+			
+	} else {
+		uint32_t crc;
+		crc = crc32_calc_buffer(data, length);
+		if (!msrpc_gen(sig_mem_ctx, sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, gensec_ntlmssp_state->crypt.ntlm.seq_num)) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		gensec_ntlmssp_state->crypt.ntlm.seq_num++;
+
+		arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm.arcfour_state, sig->data+4, sig->length-4);
+
+		DEBUG(10, ("NTLM1: created signature over %llu bytes of input:\n", (unsigned long long)length));
+		dump_data(11, sig->data, sig->length);
+	}
+	return NT_STATUS_OK;
+}
+
+/* TODO: make this non-public */
+_PUBLIC_ NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security, 
+				    TALLOC_CTX *sig_mem_ctx, 
+				    const uint8_t *data, size_t length, 
+				    const uint8_t *whole_pdu, size_t pdu_length, 
+				    DATA_BLOB *sig)
+{
+	struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+
+	return ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx, 
+					     data, length, 
+					     whole_pdu, pdu_length, 
+					     NTLMSSP_SEND, sig, True);
+}
+
+/**
+ * Check the signature of an incoming packet 
+ *
+ */
+
+NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security, 
+				     TALLOC_CTX *sig_mem_ctx, 
+				     const uint8_t *data, size_t length, 
+				     const uint8_t *whole_pdu, size_t pdu_length, 
+				     const DATA_BLOB *sig)
+{
+	struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+
+	DATA_BLOB local_sig;
+	NTSTATUS nt_status;
+
+	if (!gensec_ntlmssp_state->session_key.length) {
+		DEBUG(3, ("NO session key, cannot check packet signature\n"));
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+
+	if (sig->length < 8) {
+		DEBUG(0, ("NTLMSSP packet check failed due to short signature (%lu bytes)!\n", 
+			  (unsigned long)sig->length));
+	}
+
+	nt_status = ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx, 
+						  data, length, 
+						  whole_pdu, pdu_length, 
+						  NTLMSSP_RECEIVE, &local_sig, True);
+	
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status)));
+		return nt_status;
+	}
+
+	if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
+		if (local_sig.length != sig->length ||
+		    memcmp(local_sig.data, 
+			   sig->data, sig->length) != 0) {
+			DEBUG(5, ("BAD SIG NTLM2: wanted signature over %llu bytes of input:\n", (unsigned long long)pdu_length));
+			dump_data(5, local_sig.data, local_sig.length);
+			
+			DEBUG(5, ("BAD SIG: got signature over %llu bytes of input:\n", (unsigned long long)pdu_length));
+			dump_data(5, sig->data, sig->length);
+			
+			DEBUG(0, ("NTLMSSP NTLM2 packet check failed due to invalid signature on %llu bytes of input!\n", (unsigned long long)pdu_length));
+			return NT_STATUS_ACCESS_DENIED;
+		}
+	} else {
+		if (local_sig.length != sig->length ||
+		    memcmp(local_sig.data + 8, 
+			   sig->data + 8, sig->length - 8) != 0) {
+			DEBUG(5, ("BAD SIG NTLM1: wanted signature of %llu bytes of input:\n", (unsigned long long)length));
+			dump_data(5, local_sig.data, local_sig.length);
+			
+			DEBUG(5, ("BAD SIG: got signature of %llu bytes of input:\n", (unsigned long long)length));
+			dump_data(5, sig->data, sig->length);
+			
+			DEBUG(0, ("NTLMSSP NTLM1 packet check failed due to invalid signature on %llu bytes of input:\n", (unsigned long long)length));
+			return NT_STATUS_ACCESS_DENIED;
+		}
+	}
+	dump_data_pw("checked ntlmssp signature\n", sig->data, sig->length);
+
+	return NT_STATUS_OK;
+}
+
+
+/**
+ * Seal data with the NTLMSSP algorithm
+ *
+ */
+
+NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security, 
+				    TALLOC_CTX *sig_mem_ctx, 
+				    uint8_t *data, size_t length, 
+				    const uint8_t *whole_pdu, size_t pdu_length, 
+				    DATA_BLOB *sig)
+{
+	struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+	NTSTATUS nt_status;
+	if (!gensec_ntlmssp_state->session_key.length) {
+		DEBUG(3, ("NO session key, cannot seal packet\n"));
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+
+	DEBUG(10,("ntlmssp_seal_data: seal\n"));
+	dump_data_pw("ntlmssp clear data\n", data, length);
+	if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
+		/* The order of these two operations matters - we must first seal the packet,
+		   then seal the sequence number - this is becouse the send_seal_hash is not
+		   constant, but is is rather updated with each iteration */
+		nt_status = ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx, 
+							  data, length, 
+							  whole_pdu, pdu_length, 
+							  NTLMSSP_SEND, sig, False);
+		arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state, data, length);
+		if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
+			arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state, sig->data+4, 8);
+		}
+	} else {
+		uint32_t crc;
+		crc = crc32_calc_buffer(data, length);
+		if (!msrpc_gen(sig_mem_ctx, sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, gensec_ntlmssp_state->crypt.ntlm.seq_num)) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		/* The order of these two operations matters - we must
+		   first seal the packet, then seal the sequence
+		   number - this is becouse the ntlmssp_hash is not
+		   constant, but is is rather updated with each
+		   iteration */
+
+		arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm.arcfour_state, data, length);
+		arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm.arcfour_state, sig->data+4, sig->length-4);
+		/* increment counter on send */
+		gensec_ntlmssp_state->crypt.ntlm.seq_num++;
+		nt_status = NT_STATUS_OK;
+	}
+	dump_data_pw("ntlmssp signature\n", sig->data, sig->length);
+	dump_data_pw("ntlmssp sealed data\n", data, length);
+
+
+	return nt_status;
+}
+
+/**
+ * Unseal data with the NTLMSSP algorithm
+ *
+ */
+
+/*
+  wrappers for the ntlmssp_*() functions
+*/
+NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security, 
+				      TALLOC_CTX *sig_mem_ctx, 
+				      uint8_t *data, size_t length, 
+				      const uint8_t *whole_pdu, size_t pdu_length, 
+				      const DATA_BLOB *sig)
+{
+	struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+	if (!gensec_ntlmssp_state->session_key.length) {
+		DEBUG(3, ("NO session key, cannot unseal packet\n"));
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+
+	dump_data_pw("ntlmssp sealed data\n", data, length);
+	if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
+		arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state, data, length);
+	} else {
+		arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm.arcfour_state, data, length);
+	}
+	dump_data_pw("ntlmssp clear data\n", data, length);
+	return gensec_ntlmssp_check_packet(gensec_security, sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
+}
+
+/**
+   Initialise the state for NTLMSSP signing.
+*/
+/* TODO: make this non-public */
+_PUBLIC_ NTSTATUS ntlmssp_sign_init(struct gensec_ntlmssp_state *gensec_ntlmssp_state)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(gensec_ntlmssp_state);
+
+	if (!mem_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	DEBUG(3, ("NTLMSSP Sign/Seal - Initialising with flags:\n"));
+	debug_ntlmssp_flags(gensec_ntlmssp_state->neg_flags);
+
+	if (gensec_ntlmssp_state->session_key.length < 8) {
+		talloc_free(mem_ctx);
+		DEBUG(3, ("NO session key, cannot intialise signing\n"));
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+
+	if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
+	{
+		DATA_BLOB weak_session_key = gensec_ntlmssp_state->session_key;
+		const char *send_sign_const;
+		const char *send_seal_const;
+		const char *recv_sign_const;
+		const char *recv_seal_const;
+
+		DATA_BLOB send_seal_key;
+		DATA_BLOB recv_seal_key;
+
+		switch (gensec_ntlmssp_state->role) {
+		case NTLMSSP_CLIENT:
+			send_sign_const = CLI_SIGN;
+			send_seal_const = CLI_SEAL;
+			recv_sign_const = SRV_SIGN;
+			recv_seal_const = SRV_SEAL;
+			break;
+		case NTLMSSP_SERVER:
+			send_sign_const = SRV_SIGN;
+			send_seal_const = SRV_SEAL;
+			recv_sign_const = CLI_SIGN;
+			recv_seal_const = CLI_SEAL;
+			break;
+		default:
+			talloc_free(mem_ctx);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		
+		gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state = talloc(gensec_ntlmssp_state, struct arcfour_state);
+		NT_STATUS_HAVE_NO_MEMORY(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state);
+		gensec_ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state = talloc(gensec_ntlmssp_state, struct arcfour_state);
+		NT_STATUS_HAVE_NO_MEMORY(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state);
+
+		/**
+		   Weaken NTLMSSP keys to cope with down-level
+		   clients, servers and export restrictions.
+		   
+		   We probably should have some parameters to control
+		   this, once we get NTLM2 working.
+		*/
+
+		/* Key weakening was not performed on the master key
+		 * for NTLM2 (in ntlmssp_weaken_keys()), but must be
+		 * done on the encryption subkeys only.  That is why
+		 * we don't have this code for the ntlmv1 case.
+		 */
+
+		if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) {
+			
+		} else if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {
+			weak_session_key.length = 7;
+		} else { /* forty bits */
+			weak_session_key.length = 5;
+		}
+		dump_data_pw("NTLMSSP weakend master key:\n",
+			     weak_session_key.data, 
+			     weak_session_key.length);
+
+		/* SEND: sign key */
+		calc_ntlmv2_key(gensec_ntlmssp_state, 
+				&gensec_ntlmssp_state->crypt.ntlm2.send_sign_key, 
+				gensec_ntlmssp_state->session_key, send_sign_const);
+		dump_data_pw("NTLMSSP send sign key:\n",
+			     gensec_ntlmssp_state->crypt.ntlm2.send_sign_key.data, 
+			     gensec_ntlmssp_state->crypt.ntlm2.send_sign_key.length);
+		
+		/* SEND: seal ARCFOUR pad */
+		calc_ntlmv2_key(mem_ctx, 
+				&send_seal_key, 
+				weak_session_key, send_seal_const);
+		dump_data_pw("NTLMSSP send seal key:\n",
+			     send_seal_key.data, 
+			     send_seal_key.length);
+		arcfour_init(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state, 
+			     &send_seal_key);
+		dump_data_pw("NTLMSSP send sesl hash:\n", 
+			     gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state->sbox, 
+			     sizeof(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state->sbox));
+
+		/* RECV: sign key */
+		calc_ntlmv2_key(gensec_ntlmssp_state, 
+				&gensec_ntlmssp_state->crypt.ntlm2.recv_sign_key, 
+				gensec_ntlmssp_state->session_key, recv_sign_const);
+		dump_data_pw("NTLMSSP recv sign key:\n",
+			     gensec_ntlmssp_state->crypt.ntlm2.recv_sign_key.data, 
+			     gensec_ntlmssp_state->crypt.ntlm2.recv_sign_key.length);
+
+		/* RECV: seal ARCFOUR pad */
+		calc_ntlmv2_key(mem_ctx, 
+				&recv_seal_key, 
+				weak_session_key, recv_seal_const);
+		dump_data_pw("NTLMSSP recv seal key:\n",
+			     recv_seal_key.data, 
+			     recv_seal_key.length);
+		arcfour_init(gensec_ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state, 
+			     &recv_seal_key);
+		dump_data_pw("NTLMSSP receive seal hash:\n", 
+			     gensec_ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state->sbox, 
+			     sizeof(gensec_ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state->sbox));
+
+		gensec_ntlmssp_state->crypt.ntlm2.send_seq_num = 0;
+		gensec_ntlmssp_state->crypt.ntlm2.recv_seq_num = 0;
+
+	} else {
+		DATA_BLOB weak_session_key = ntlmssp_weakend_key(gensec_ntlmssp_state, mem_ctx);
+		DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n"));
+
+		gensec_ntlmssp_state->crypt.ntlm.arcfour_state = talloc(gensec_ntlmssp_state, struct arcfour_state);
+		NT_STATUS_HAVE_NO_MEMORY(gensec_ntlmssp_state->crypt.ntlm.arcfour_state);
+
+		arcfour_init(gensec_ntlmssp_state->crypt.ntlm.arcfour_state, 
+			     &weak_session_key);
+		dump_data_pw("NTLMSSP hash:\n", gensec_ntlmssp_state->crypt.ntlm.arcfour_state->sbox,
+			     sizeof(gensec_ntlmssp_state->crypt.ntlm.arcfour_state->sbox));
+
+		gensec_ntlmssp_state->crypt.ntlm.seq_num = 0;
+	}
+
+	talloc_free(mem_ctx);
+	return NT_STATUS_OK;
+}
+
+size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security, size_t data_size) 
+{
+	return NTLMSSP_SIG_SIZE;
+}
+
+NTSTATUS gensec_ntlmssp_wrap(struct gensec_security *gensec_security, 
+			     TALLOC_CTX *sig_mem_ctx, 
+			     const DATA_BLOB *in, 
+			     DATA_BLOB *out)
+{
+	DATA_BLOB sig;
+	NTSTATUS nt_status;
+
+	if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+
+		*out = data_blob_talloc(sig_mem_ctx, NULL, in->length + NTLMSSP_SIG_SIZE);
+		if (!out->data) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		memcpy(out->data + NTLMSSP_SIG_SIZE, in->data, in->length);
+		
+	        nt_status = gensec_ntlmssp_seal_packet(gensec_security, sig_mem_ctx, 
+						       out->data + NTLMSSP_SIG_SIZE, 
+						       out->length - NTLMSSP_SIG_SIZE, 
+						       out->data + NTLMSSP_SIG_SIZE, 
+						       out->length - NTLMSSP_SIG_SIZE, 
+						       &sig);
+		
+		if (NT_STATUS_IS_OK(nt_status)) {
+			memcpy(out->data, sig.data, NTLMSSP_SIG_SIZE);
+		}
+		return nt_status;
+
+	} else if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+
+		*out = data_blob_talloc(sig_mem_ctx, NULL, in->length + NTLMSSP_SIG_SIZE);
+		if (!out->data) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		memcpy(out->data + NTLMSSP_SIG_SIZE, in->data, in->length);
+
+	        nt_status = gensec_ntlmssp_sign_packet(gensec_security, sig_mem_ctx, 
+						       out->data + NTLMSSP_SIG_SIZE, 
+						       out->length - NTLMSSP_SIG_SIZE, 
+						       out->data + NTLMSSP_SIG_SIZE, 
+						       out->length - NTLMSSP_SIG_SIZE, 
+						       &sig);
+
+		if (NT_STATUS_IS_OK(nt_status)) {
+			memcpy(out->data, sig.data, NTLMSSP_SIG_SIZE);
+		}
+		return nt_status;
+
+	} else {
+		*out = *in;
+		return NT_STATUS_OK;
+	}
+}
+
+
+NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security, 
+			       TALLOC_CTX *sig_mem_ctx, 
+			       const DATA_BLOB *in, 
+			       DATA_BLOB *out)
+{
+	DATA_BLOB sig;
+
+	if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+		if (in->length < NTLMSSP_SIG_SIZE) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		sig.data = in->data;
+		sig.length = NTLMSSP_SIG_SIZE;
+
+		*out = data_blob_talloc(sig_mem_ctx, in->data + NTLMSSP_SIG_SIZE, in->length - NTLMSSP_SIG_SIZE);
+		
+	        return gensec_ntlmssp_unseal_packet(gensec_security, sig_mem_ctx, 
+						    out->data, out->length, 
+						    out->data, out->length, 
+						    &sig);
+						  
+	} else if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+		if (in->length < NTLMSSP_SIG_SIZE) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		sig.data = in->data;
+		sig.length = NTLMSSP_SIG_SIZE;
+
+		*out = data_blob_talloc(sig_mem_ctx, in->data + NTLMSSP_SIG_SIZE, in->length - NTLMSSP_SIG_SIZE);
+		
+	        return gensec_ntlmssp_check_packet(gensec_security, sig_mem_ctx, 
+						   out->data, out->length, 
+						   out->data, out->length, 
+						   &sig);
+	} else {
+		*out = *in;
+		return NT_STATUS_OK;
+	}
+}
+