1 /*
   2  * This file and its contents are supplied under the terms of the
   3  * Common Development and Distribution License ("CDDL"), version 1.0.
   4  * You may only use this file in accordance with the terms of version
   5  * 1.0 of the CDDL.
   6  *
   7  * A full copy of the text of the CDDL should have accompanied this
   8  * source.  A copy of the CDDL is also available via the Internet at
   9  * http://www.illumos.org/license/CDDL.
  10  */
  11 
  12 /*
  13  * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
  14  */
  15 
  16 /*
  17  * SPNEGO back-end for NTLMSSP.  See [MS-NLMP]
  18  */
  19 
  20 #include <sys/types.h>
  21 #include <sys/byteorder.h>
  22 #include <strings.h>
  23 #include "smbd.h"
  24 #include "smbd_authsvc.h"
  25 #include "netsmb/ntlmssp.h"
  26 #include <assert.h>
  27 
  28 /* A shorter alias for a crazy long name from [MS-NLMP] */
  29 #define NTLMSSP_NEGOTIATE_NTLM2 \
  30         NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  31 
  32 /* Need this in a header somewhere */
  33 #ifdef _LITTLE_ENDIAN

 472          * It's: MD5(concat(ServerChallenge,ClientChallenge))
 473          * where the ClientChallenge is in the LM resp. field.
 474          */
 475         if (user_info.lg_nt_password.len == SMBAUTH_LM_RESP_SZ &&
 476             user_info.lg_lm_password.len >= SMBAUTH_CHAL_SZ &&
 477             (be->clnt_flags & NTLMSSP_NEGOTIATE_NTLM2) != 0) {
 478                 smb_auth_ntlm2_mkchallenge(combined_challenge,
 479                     be->srv_challenge, lm_resp);
 480                 user_info.lg_challenge_key.val =
 481                     (uint8_t *)combined_challenge;
 482                 user_info.lg_lm_password.len = 0;
 483                 ntlm_v1x = B_TRUE;
 484         }
 485 
 486         /*
 487          * This (indirectly) calls smb_auth_validate() to
 488          * check that the client gave us a valid hash.
 489          */
 490         token = smbd_user_auth_logon(&user_info);
 491         if (token == NULL) {
 492                 status = NT_STATUS_ACCESS_DENIED;


 493                 goto errout;
 494         }
 495 
 496         if (token->tkn_ssnkey.val != NULL &&
 497             token->tkn_ssnkey.len == SMBAUTH_HASH_SZ) {
 498 
 499                 /*
 500                  * At this point, token->tkn_session_key is the
 501                  * "Session Base Key" [MS-NLMP] 3.2.5.1.2
 502                  * Compute the final session key.  First need the
 503                  * "Key Exchange Key" [MS-NLMP] 3.4.5.1
 504                  */
 505                 if (ntlm_v1x) {
 506                         smb_auth_ntlm2_kxkey(kxkey,
 507                             be->srv_challenge, lm_resp,
 508                             token->tkn_ssnkey.val);
 509                 } else {
 510                         /* KXKEY is the Session Base Key. */
 511                         (void) memcpy(kxkey, token->tkn_ssnkey.val,
 512                             SMBAUTH_HASH_SZ);

   1 /*
   2  * This file and its contents are supplied under the terms of the
   3  * Common Development and Distribution License ("CDDL"), version 1.0.
   4  * You may only use this file in accordance with the terms of version
   5  * 1.0 of the CDDL.
   6  *
   7  * A full copy of the text of the CDDL should have accompanied this
   8  * source.  A copy of the CDDL is also available via the Internet at
   9  * http://www.illumos.org/license/CDDL.
  10  */
  11 
  12 /*
  13  * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
  14  */
  15 
  16 /*
  17  * SPNEGO back-end for NTLMSSP.  See [MS-NLMP]
  18  */
  19 
  20 #include <sys/types.h>
  21 #include <sys/byteorder.h>
  22 #include <strings.h>
  23 #include "smbd.h"
  24 #include "smbd_authsvc.h"
  25 #include "netsmb/ntlmssp.h"
  26 #include <assert.h>
  27 
  28 /* A shorter alias for a crazy long name from [MS-NLMP] */
  29 #define NTLMSSP_NEGOTIATE_NTLM2 \
  30         NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  31 
  32 /* Need this in a header somewhere */
  33 #ifdef _LITTLE_ENDIAN

 472          * It's: MD5(concat(ServerChallenge,ClientChallenge))
 473          * where the ClientChallenge is in the LM resp. field.
 474          */
 475         if (user_info.lg_nt_password.len == SMBAUTH_LM_RESP_SZ &&
 476             user_info.lg_lm_password.len >= SMBAUTH_CHAL_SZ &&
 477             (be->clnt_flags & NTLMSSP_NEGOTIATE_NTLM2) != 0) {
 478                 smb_auth_ntlm2_mkchallenge(combined_challenge,
 479                     be->srv_challenge, lm_resp);
 480                 user_info.lg_challenge_key.val =
 481                     (uint8_t *)combined_challenge;
 482                 user_info.lg_lm_password.len = 0;
 483                 ntlm_v1x = B_TRUE;
 484         }
 485 
 486         /*
 487          * This (indirectly) calls smb_auth_validate() to
 488          * check that the client gave us a valid hash.
 489          */
 490         token = smbd_user_auth_logon(&user_info);
 491         if (token == NULL) {
 492                 status = user_info.lg_status;
 493                 if (status == 0) /* should not happen */
 494                         status = NT_STATUS_INTERNAL_ERROR;
 495                 goto errout;
 496         }
 497 
 498         if (token->tkn_ssnkey.val != NULL &&
 499             token->tkn_ssnkey.len == SMBAUTH_HASH_SZ) {
 500 
 501                 /*
 502                  * At this point, token->tkn_session_key is the
 503                  * "Session Base Key" [MS-NLMP] 3.2.5.1.2
 504                  * Compute the final session key.  First need the
 505                  * "Key Exchange Key" [MS-NLMP] 3.4.5.1
 506                  */
 507                 if (ntlm_v1x) {
 508                         smb_auth_ntlm2_kxkey(kxkey,
 509                             be->srv_challenge, lm_resp,
 510                             token->tkn_ssnkey.val);
 511                 } else {
 512                         /* KXKEY is the Session Base Key. */
 513                         (void) memcpy(kxkey, token->tkn_ssnkey.val,
 514                             SMBAUTH_HASH_SZ);