Samba: libsmb/ntlmssp

列挙型の値:

NTLMSSP_SEND
NTLMSSP_RECEIVE

ntlmssp_sign.c の 50 行で定義されています。

00050                        {
00051         NTLMSSP_SEND,
00052         NTLMSSP_RECEIVE
00053 };

static void calc_ntlmv2_key	(	unsigned char	subkey[16],
		DATA_BLOB	session_key,
		const char *	constant
	)			`[static]`

Some notes on then NTLM2 code:

NTLM2 is a AEAD system. This means that the data encrypted is not all the data that is signed. In DCE-RPC case, the headers of the DCE-RPC packets are also signed. This prevents some of the fun-and-games one might have by changing them.

ntlmssp_sign.c の 39 行で定義されています。

参照先 data_blob_::data・data_blob_::length・MD5Final()・MD5Init()・MD5Update().

参照元 ntlmssp_sign_init().

00042 {
00043         struct MD5Context ctx3;
00044         MD5Init(&ctx3);
00045         MD5Update(&ctx3, session_key.data, session_key.length);
00046         MD5Update(&ctx3, (const unsigned char *)constant, strlen(constant)+1);
00047         MD5Final(subkey, &ctx3);
00048 }

static NTSTATUS ntlmssp_make_packet_signature	(	NTLMSSP_STATE *	ntlmssp_state,
		const uchar *	data,
		size_t	length,
		const uchar *	whole_pdu,
		size_t	pdu_length,
		enum ntlmssp_direction	direction,
		DATA_BLOB *	sig,
		BOOL	encrypt_sig
	)			`[static]`

ntlmssp_sign.c の 55 行で定義されています。

参照先 crc32_calc_buffer()・ctx・data_blob_::data・data_blob()・dump_data_pw()・hmac_md5_final()・hmac_md5_init_limK_to_64()・hmac_md5_update()・data_blob_::length・msrpc_gen()・ntlmssp_state::neg_flags・ntlmssp_state::ntlm2_recv_seq_num・ntlmssp_state::ntlm2_send_seq_num・NTLMSSP_RECEIVE・NTLMSSP_SEND・ntlmssp_state::ntlmv1_arc4_state・ntlmssp_state::ntlmv1_seq_num・ntlmssp_state::recv_seal_arc4_state・ntlmssp_state::recv_sign_key・ntlmssp_state::send_seal_arc4_state・ntlmssp_state::send_sign_key・smb_arc4_crypt().

参照元 ntlmssp_check_packet()・ntlmssp_seal_packet()・ntlmssp_sign_packet().

00061 {
00062         if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
00063                 HMACMD5Context ctx;
00064                 uchar seq_num[4];
00065                 uchar digest[16];
00066 
00067                 *sig = data_blob(NULL, NTLMSSP_SIG_SIZE);
00068                 if (!sig->data) {
00069                         return NT_STATUS_NO_MEMORY;
00070                 }
00071 
00072                 switch (direction) {
00073                         case NTLMSSP_SEND:
00074                                 DEBUG(100,("ntlmssp_make_packet_signature: SEND seq = %u, len = %u, pdu_len = %u\n",
00075                                         ntlmssp_state->ntlm2_send_seq_num,
00076                                         (unsigned int)length,
00077                                         (unsigned int)pdu_length));
00078 
00079                                 SIVAL(seq_num, 0, ntlmssp_state->ntlm2_send_seq_num);
00080                                 ntlmssp_state->ntlm2_send_seq_num++;
00081                                 hmac_md5_init_limK_to_64(ntlmssp_state->send_sign_key, 16, &ctx);
00082                                 break;
00083                         case NTLMSSP_RECEIVE:
00084 
00085                                 DEBUG(100,("ntlmssp_make_packet_signature: RECV seq = %u, len = %u, pdu_len = %u\n",
00086                                         ntlmssp_state->ntlm2_recv_seq_num,
00087                                         (unsigned int)length,
00088                                         (unsigned int)pdu_length));
00089 
00090                                 SIVAL(seq_num, 0, ntlmssp_state->ntlm2_recv_seq_num);
00091                                 ntlmssp_state->ntlm2_recv_seq_num++;
00092                                 hmac_md5_init_limK_to_64(ntlmssp_state->recv_sign_key, 16, &ctx);
00093                                 break;
00094                 }
00095 
00096                 dump_data_pw("pdu data ", whole_pdu, pdu_length);
00097 
00098                 hmac_md5_update(seq_num, 4, &ctx);
00099                 hmac_md5_update(whole_pdu, pdu_length, &ctx);
00100                 hmac_md5_final(digest, &ctx);
00101 
00102                 if (encrypt_sig && (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) {
00103                         switch (direction) {
00104                         case NTLMSSP_SEND:
00105                                 smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state,  digest, 8);
00106                                 break;
00107                         case NTLMSSP_RECEIVE:
00108                                 smb_arc4_crypt(ntlmssp_state->recv_seal_arc4_state,  digest, 8);
00109                                 break;
00110                         }
00111                 }
00112 
00113                 SIVAL(sig->data, 0, NTLMSSP_SIGN_VERSION);
00114                 memcpy(sig->data + 4, digest, 8);
00115                 memcpy(sig->data + 12, seq_num, 4);
00116 
00117                 dump_data_pw("ntlmssp v2 sig ", sig->data, sig->length);
00118 
00119         } else {
00120                 uint32 crc;
00121                 crc = crc32_calc_buffer((const char *)data, length);
00122                 if (!msrpc_gen(sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlmv1_seq_num)) {
00123                         return NT_STATUS_NO_MEMORY;
00124                 }
00125                 
00126                 ntlmssp_state->ntlmv1_seq_num++;
00127 
00128                 dump_data_pw("ntlmssp hash:\n", ntlmssp_state->ntlmv1_arc4_state,
00129                              sizeof(ntlmssp_state->ntlmv1_arc4_state));
00130                 smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
00131         }
00132         return NT_STATUS_OK;
00133 }

NTSTATUS ntlmssp_sign_packet	(	NTLMSSP_STATE *	ntlmssp_state,
		const uchar *	data,
		size_t	length,
		const uchar *	whole_pdu,
		size_t	pdu_length,
		DATA_BLOB *	sig
	)

ntlmssp_sign.c の 135 行で定義されています。

参照先 data_blob_::length・ntlmssp_state::neg_flags・ntlmssp_make_packet_signature()・NTLMSSP_SEND・ntlmssp_state::session_key.

参照元 add_ntlmssp_auth_footer()・create_next_pdu_ntlmssp().

00139 {
00140         NTSTATUS nt_status;
00141 
00142         if (!(ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
00143                 DEBUG(3, ("NTLMSSP Signing not negotiated - cannot sign packet!\n"));
00144                 return NT_STATUS_INVALID_PARAMETER;
00145         }
00146 
00147         if (!ntlmssp_state->session_key.length) {
00148                 DEBUG(3, ("NO session key, cannot check sign packet\n"));
00149                 return NT_STATUS_NO_USER_SESSION_KEY;
00150         }
00151 
00152         nt_status = ntlmssp_make_packet_signature(ntlmssp_state,
00153                                                 data, length,
00154                                                 whole_pdu, pdu_length,
00155                                                 NTLMSSP_SEND, sig, True);
00156 
00157         return nt_status;
00158 }

NTSTATUS ntlmssp_check_packet	(	NTLMSSP_STATE *	ntlmssp_state,
		const uchar *	data,
		size_t	length,
		const uchar *	whole_pdu,
		size_t	pdu_length,
		const DATA_BLOB *	sig
	)

Check the signature of an incoming packet

覚え書き:: caller *must* check that the signature is the size it expects

ntlmssp_sign.c の 166 行で定義されています。

参照先 data_blob_::data・data_blob_free()・dump_data()・dump_data_pw()・data_blob_::length・ntlmssp_state::neg_flags・nt_errstr()・ntlmssp_make_packet_signature()・NTLMSSP_RECEIVE・ntlmssp_state::session_key.

参照元 api_pipe_ntlmssp_auth_process()・cli_pipe_verify_ntlmssp()・ntlmssp_unseal_packet().

00170 {
00171         DATA_BLOB local_sig;
00172         NTSTATUS nt_status;
00173 
00174         if (!ntlmssp_state->session_key.length) {
00175                 DEBUG(3, ("NO session key, cannot check packet signature\n"));
00176                 return NT_STATUS_NO_USER_SESSION_KEY;
00177         }
00178 
00179         if (sig->length < 8) {
00180                 DEBUG(0, ("NTLMSSP packet check failed due to short signature (%lu bytes)!\n", 
00181                           (unsigned long)sig->length));
00182         }
00183 
00184         nt_status = ntlmssp_make_packet_signature(ntlmssp_state,
00185                                                 data, length,
00186                                                 whole_pdu, pdu_length,
00187                                                 NTLMSSP_RECEIVE, &local_sig, True);
00188         
00189         if (!NT_STATUS_IS_OK(nt_status)) {
00190                 DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status)));
00191                 data_blob_free(&local_sig);
00192                 return nt_status;
00193         }
00194         
00195         if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
00196                 if (local_sig.length != sig->length ||
00197                                 memcmp(local_sig.data, sig->data, sig->length) != 0) {
00198                         DEBUG(5, ("BAD SIG NTLM2: wanted signature of\n"));
00199                         dump_data(5, (const char *)local_sig.data, local_sig.length);
00200 
00201                         DEBUG(5, ("BAD SIG: got signature of\n"));
00202                         dump_data(5, (const char *)sig->data, sig->length);
00203 
00204                         DEBUG(0, ("NTLMSSP NTLM2 packet check failed due to invalid signature!\n"));
00205                         data_blob_free(&local_sig);
00206                         return NT_STATUS_ACCESS_DENIED;
00207                 }
00208         } else {
00209                 if (local_sig.length != sig->length ||
00210                                 memcmp(local_sig.data + 8, sig->data + 8, sig->length - 8) != 0) {
00211                         DEBUG(5, ("BAD SIG NTLM1: wanted signature of\n"));
00212                         dump_data(5, (const char *)local_sig.data, local_sig.length);
00213 
00214                         DEBUG(5, ("BAD SIG: got signature of\n"));
00215                         dump_data(5, (const char *)sig->data, sig->length);
00216 
00217                         DEBUG(0, ("NTLMSSP NTLM1 packet check failed due to invalid signature!\n"));
00218                         data_blob_free(&local_sig);
00219                         return NT_STATUS_ACCESS_DENIED;
00220                 }
00221         }
00222         dump_data_pw("checked ntlmssp signature\n", sig->data, sig->length);
00223         DEBUG(10,("ntlmssp_check_packet: NTLMSSP signature OK !\n"));
00224 
00225         data_blob_free(&local_sig);
00226         return NT_STATUS_OK;
00227 }

NTSTATUS ntlmssp_seal_packet	(	NTLMSSP_STATE *	ntlmssp_state,
		uchar *	data,
		size_t	length,
		uchar *	whole_pdu,
		size_t	pdu_length,
		DATA_BLOB *	sig
	)

Seal data with the NTLMSSP algorithm

ntlmssp_sign.c の 234 行で定義されています。

参照先 crc32_calc_buffer()・data_blob_::data・dump_data_pw()・data_blob_::length・msrpc_gen()・ntlmssp_state::neg_flags・ntlmssp_make_packet_signature()・NTLMSSP_SEND・ntlmssp_state::ntlmv1_arc4_state・ntlmssp_state::ntlmv1_seq_num・ntlmssp_state::send_seal_arc4_state・ntlmssp_state::session_key・smb_arc4_crypt().

参照元 add_ntlmssp_auth_footer()・create_next_pdu_ntlmssp().

00238 {       
00239         if (!(ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
00240                 DEBUG(3, ("NTLMSSP Sealing not negotiated - cannot seal packet!\n"));
00241                 return NT_STATUS_INVALID_PARAMETER;
00242         }
00243 
00244         if (!ntlmssp_state->session_key.length) {
00245                 DEBUG(3, ("NO session key, cannot seal packet\n"));
00246                 return NT_STATUS_NO_USER_SESSION_KEY;
00247         }
00248 
00249         DEBUG(10,("ntlmssp_seal_data: seal\n"));
00250         dump_data_pw("ntlmssp clear data\n", data, length);
00251         if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
00252                 /* The order of these two operations matters - we must first seal the packet,
00253                    then seal the sequence number - this is becouse the send_seal_hash is not
00254                    constant, but is is rather updated with each iteration */
00255                 NTSTATUS nt_status = ntlmssp_make_packet_signature(ntlmssp_state,
00256                                                         data, length,
00257                                                         whole_pdu, pdu_length,
00258                                                         NTLMSSP_SEND, sig, False);
00259                 if (!NT_STATUS_IS_OK(nt_status)) {
00260                         return nt_status;
00261                 }
00262 
00263                 smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, data, length);
00264                 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
00265                         smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, sig->data+4, 8);
00266                 }
00267         } else {
00268                 uint32 crc;
00269                 crc = crc32_calc_buffer((const char *)data, length);
00270                 if (!msrpc_gen(sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlmv1_seq_num)) {
00271                         return NT_STATUS_NO_MEMORY;
00272                 }
00273 
00274                 /* The order of these two operations matters - we must first seal the packet,
00275                    then seal the sequence number - this is becouse the ntlmv1_arc4_state is not
00276                    constant, but is is rather updated with each iteration */
00277                 
00278                 dump_data_pw("ntlmv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state,
00279                              sizeof(ntlmssp_state->ntlmv1_arc4_state));
00280                 smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, data, length);
00281 
00282                 dump_data_pw("ntlmv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state,
00283                              sizeof(ntlmssp_state->ntlmv1_arc4_state));
00284 
00285                 smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
00286 
00287                 ntlmssp_state->ntlmv1_seq_num++;
00288         }
00289         dump_data_pw("ntlmssp signature\n", sig->data, sig->length);
00290         dump_data_pw("ntlmssp sealed data\n", data, length);
00291 
00292         return NT_STATUS_OK;
00293 }

NTSTATUS ntlmssp_unseal_packet	(	NTLMSSP_STATE *	ntlmssp_state,
		uchar *	data,
		size_t	length,
		uchar *	whole_pdu,
		size_t	pdu_length,
		DATA_BLOB *	sig
	)

Unseal data with the NTLMSSP algorithm

ntlmssp_sign.c の 300 行で定義されています。

参照先 dump_data_pw()・data_blob_::length・ntlmssp_state::neg_flags・ntlmssp_check_packet()・ntlmssp_state::ntlmv1_arc4_state・ntlmssp_state::recv_seal_arc4_state・ntlmssp_state::session_key・smb_arc4_crypt().

参照元 api_pipe_ntlmssp_auth_process()・cli_pipe_verify_ntlmssp().

00304 {
00305         if (!ntlmssp_state->session_key.length) {
00306                 DEBUG(3, ("NO session key, cannot unseal packet\n"));
00307                 return NT_STATUS_NO_USER_SESSION_KEY;
00308         }
00309 
00310         DEBUG(10,("ntlmssp_unseal_packet: seal\n"));
00311         dump_data_pw("ntlmssp sealed data\n", data, length);
00312 
00313         if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
00314                 /* First unseal the data. */
00315                 smb_arc4_crypt(ntlmssp_state->recv_seal_arc4_state, data, length);
00316                 dump_data_pw("ntlmv2 clear data\n", data, length);
00317         } else {
00318                 smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, data, length);
00319                 dump_data_pw("ntlmv1 clear data\n", data, length);
00320         }
00321         return ntlmssp_check_packet(ntlmssp_state, data, length, whole_pdu, pdu_length, sig);
00322 }

NTSTATUS ntlmssp_sign_init ( NTLMSSP_STATE * ntlmssp_state )

Initialise the state for NTLMSSP signing.

Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions. We probably should have some parameters to control this, once we get NTLM2 working.

ntlmssp_sign.c の 327 行で定義されています。

参照先 calc_ntlmv2_key()・data_blob_::data・debug_ntlmssp_flags()・dump_data_pw()・data_blob_::length・ntlmssp_state::neg_flags・ntlmssp_state::ntlm2_recv_seq_num・ntlmssp_state::ntlm2_send_seq_num・NTLMSSP_CLIENT・NTLMSSP_SERVER・ntlmssp_weaken_keys()・ntlmssp_state::ntlmv1_arc4_state・ntlmssp_state::ntlmv1_seq_num・ntlmssp_state::recv_seal_arc4_state・ntlmssp_state::recv_seal_key・ntlmssp_state::recv_sign_key・ntlmssp_state::role・ntlmssp_state::send_seal_arc4_state・ntlmssp_state::send_seal_key・ntlmssp_state::send_sign_key・ntlmssp_state::session_key・smb_arc4_init()・talloc_init().

参照元 ntlmssp_client_challenge()・ntlmssp_server_auth().

00328 {
00329         unsigned char p24[24];
00330         TALLOC_CTX *mem_ctx;
00331         ZERO_STRUCT(p24);
00332 
00333         mem_ctx = talloc_init("weak_keys");
00334         if (!mem_ctx) {
00335                 return NT_STATUS_NO_MEMORY;
00336         }
00337 
00338         DEBUG(3, ("NTLMSSP Sign/Seal - Initialising with flags:\n"));
00339         debug_ntlmssp_flags(ntlmssp_state->neg_flags);
00340 
00341         if (ntlmssp_state->session_key.length < 8) {
00342                 TALLOC_FREE(mem_ctx);
00343                 DEBUG(3, ("NO session key, cannot intialise signing\n"));
00344                 return NT_STATUS_NO_USER_SESSION_KEY;
00345         }
00346 
00347         if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
00348                 DATA_BLOB weak_session_key = ntlmssp_state->session_key;
00349                 const char *send_sign_const;
00350                 const char *send_seal_const;
00351                 const char *recv_sign_const;
00352                 const char *recv_seal_const;
00353 
00354                 switch (ntlmssp_state->role) {
00355                 case NTLMSSP_CLIENT:
00356                         send_sign_const = CLI_SIGN;
00357                         send_seal_const = CLI_SEAL;
00358                         recv_sign_const = SRV_SIGN;
00359                         recv_seal_const = SRV_SEAL;
00360                         break;
00361                 case NTLMSSP_SERVER:
00362                         send_sign_const = SRV_SIGN;
00363                         send_seal_const = SRV_SEAL;
00364                         recv_sign_const = CLI_SIGN;
00365                         recv_seal_const = CLI_SEAL;
00366                         break;
00367                 default:
00368                         TALLOC_FREE(mem_ctx);
00369                         return NT_STATUS_INTERNAL_ERROR;
00370                 }
00371 
00372                 /**
00373                   Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions.
00374                   We probably should have some parameters to control this, once we get NTLM2 working.
00375                 */
00376 
00377                 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) {
00378                         ;
00379                 } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {
00380                         weak_session_key.length = 7;
00381                 } else { /* forty bits */
00382                         weak_session_key.length = 5;
00383                 }
00384 
00385                 dump_data_pw("NTLMSSP weakend master key:\n",
00386                                 weak_session_key.data,
00387                                 weak_session_key.length);
00388 
00389                 /* SEND: sign key */
00390                 calc_ntlmv2_key(ntlmssp_state->send_sign_key,
00391                                 ntlmssp_state->session_key, send_sign_const);
00392                 dump_data_pw("NTLMSSP send sign key:\n",
00393                                 ntlmssp_state->send_sign_key, 16);
00394 
00395                 /* SEND: seal ARCFOUR pad */
00396                 calc_ntlmv2_key(ntlmssp_state->send_seal_key,
00397                                 weak_session_key, send_seal_const);
00398                 dump_data_pw("NTLMSSP send seal key:\n",
00399                                 ntlmssp_state->send_seal_key, 16);
00400 
00401                 smb_arc4_init(ntlmssp_state->send_seal_arc4_state,
00402                                 ntlmssp_state->send_seal_key, 16);
00403 
00404                 dump_data_pw("NTLMSSP send seal arc4 state:\n", 
00405                              ntlmssp_state->send_seal_arc4_state, 
00406                              sizeof(ntlmssp_state->send_seal_arc4_state));
00407 
00408                 /* RECV: sign key */
00409                 calc_ntlmv2_key(ntlmssp_state->recv_sign_key,
00410                                 ntlmssp_state->session_key, recv_sign_const);
00411                 dump_data_pw("NTLMSSP recv send sign key:\n",
00412                                 ntlmssp_state->recv_sign_key, 16);
00413 
00414                 /* RECV: seal ARCFOUR pad */
00415                 calc_ntlmv2_key(ntlmssp_state->recv_seal_key,
00416                                 weak_session_key, recv_seal_const);
00417                 
00418                 dump_data_pw("NTLMSSP recv seal key:\n",
00419                                 ntlmssp_state->recv_seal_key, 16);
00420                                 
00421                 smb_arc4_init(ntlmssp_state->recv_seal_arc4_state,
00422                                 ntlmssp_state->recv_seal_key, 16);
00423 
00424                 dump_data_pw("NTLMSSP recv seal arc4 state:\n", 
00425                              ntlmssp_state->recv_seal_arc4_state, 
00426                              sizeof(ntlmssp_state->recv_seal_arc4_state));
00427 
00428                 ntlmssp_state->ntlm2_send_seq_num = 0;
00429                 ntlmssp_state->ntlm2_recv_seq_num = 0;
00430 
00431 
00432         } else {
00433 #if 0
00434                 /* Hmmm. Shouldn't we also weaken keys for ntlmv1 ? JRA. */
00435 
00436                 DATA_BLOB weak_session_key = ntlmssp_state->session_key;
00437                 /**
00438                   Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions.
00439                   We probably should have some parameters to control this, once we get NTLM2 working.
00440                 */
00441 
00442                 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) {
00443                         ;
00444                 } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {
00445                         weak_session_key.length = 6;
00446                 } else { /* forty bits */
00447                         weak_session_key.length = 5;
00448                 }
00449                 dump_data_pw("NTLMSSP weakend master key:\n",
00450                                 weak_session_key.data,
00451                                 weak_session_key.length);
00452 #endif
00453 
00454                 DATA_BLOB weak_session_key = ntlmssp_weaken_keys(ntlmssp_state, mem_ctx);
00455 
00456                 DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n"));
00457 
00458                 smb_arc4_init(ntlmssp_state->ntlmv1_arc4_state,
00459                              weak_session_key.data, weak_session_key.length);
00460 
00461                 dump_data_pw("NTLMv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state,
00462                                 sizeof(ntlmssp_state->ntlmv1_arc4_state));
00463 
00464                 ntlmssp_state->ntlmv1_seq_num = 0;
00465         }
00466 
00467         TALLOC_FREE(mem_ctx);
00468         return NT_STATUS_OK;
00469 }

libsmb/ntlmssp_sign.c

列挙型

関数

列挙型

関数


列挙型
enum	ntlmssp_direction { NTLMSSP_SEND, NTLMSSP_RECEIVE }
関数
static void	calc_ntlmv2_key (unsigned char subkey[16], DATA_BLOB session_key, const char *constant)
	Some notes on then NTLM2 code:
static NTSTATUS	ntlmssp_make_packet_signature (NTLMSSP_STATE ntlmssp_state, const uchar data, size_t length, const uchar whole_pdu, size_t pdu_length, enum ntlmssp_direction direction, DATA_BLOB sig, BOOL encrypt_sig)
NTSTATUS	ntlmssp_sign_packet (NTLMSSP_STATE ntlmssp_state, const uchar data, size_t length, const uchar whole_pdu, size_t pdu_length, DATA_BLOB sig)
NTSTATUS	ntlmssp_check_packet (NTLMSSP_STATE ntlmssp_state, const uchar data, size_t length, const uchar whole_pdu, size_t pdu_length, const DATA_BLOB sig)
	Check the signature of an incoming packet
NTSTATUS	ntlmssp_seal_packet (NTLMSSP_STATE ntlmssp_state, uchar data, size_t length, uchar whole_pdu, size_t pdu_length, DATA_BLOB sig)
	Seal data with the NTLMSSP algorithm
NTSTATUS	ntlmssp_unseal_packet (NTLMSSP_STATE ntlmssp_state, uchar data, size_t length, uchar whole_pdu, size_t pdu_length, DATA_BLOB sig)
	Unseal data with the NTLMSSP algorithm
NTSTATUS	ntlmssp_sign_init (NTLMSSP_STATE *ntlmssp_state)
	Initialise the state for NTLMSSP signing.