xref: /illumos-gate/usr/src/lib/libsmbfs/smb/ntlmssp.c (revision 5328fc53d11d7151861fa272e4fb0248b8f0e145)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
24  * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
25  */
26 
27 /*
28  * NT Lan Manager Security Support Provider (NTLMSSP)
29  *
30  * Based on information from the "Davenport NTLM" page:
31  * http://davenport.sourceforge.net/ntlm.html
32  */
33 
34 
35 #include <errno.h>
36 #include <stdio.h>
37 #include <stddef.h>
38 #include <stdlib.h>
39 #include <unistd.h>
40 #include <strings.h>
41 #include <netdb.h>
42 #include <libintl.h>
43 #include <xti.h>
44 #include <assert.h>
45 
46 #include <sys/types.h>
47 #include <sys/time.h>
48 #include <sys/byteorder.h>
49 #include <sys/socket.h>
50 #include <sys/fcntl.h>
51 
52 #include <netinet/in.h>
53 #include <netinet/tcp.h>
54 #include <arpa/inet.h>
55 
56 #include <netsmb/smb.h>
57 #include <netsmb/smb_lib.h>
58 #include <netsmb/mchain.h>
59 
60 #include "private.h"
61 #include "charsets.h"
62 #include "smb_crypt.h"
63 #include "spnego.h"
64 #include "derparse.h"
65 #include "ssp.h"
66 #include "ntlm.h"
67 #include "ntlmssp.h"
68 
69 /* A shorter alias for a crazy long name from [MS-NLMP] */
70 #define	NTLMSSP_NEGOTIATE_ESS \
71 	NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
72 
73 typedef struct ntlmssp_state {
74 	uint32_t ss_flags;
75 	char *ss_target_name;	/* Primary domain or server name */
76 	struct mbuf *ss_target_info;
77 	uchar_t	ss_ssnkey[NTLM_HASH_SZ];
78 	uchar_t	ss_kxkey[NTLM_HASH_SZ];
79 } ntlmssp_state_t;
80 
81 /*
82  * So called "security buffer".
83  * A lot like an RPC string.
84  */
85 struct sec_buf {
86 	uint16_t sb_length;
87 	uint16_t sb_maxlen;
88 	uint32_t sb_offset;
89 };
90 #define	ID_SZ 8
91 static const char ntlmssp_id[ID_SZ] = "NTLMSSP";
92 
93 static int
94 ntlm_rand_ssn_key(ntlmssp_state_t *ssp_st, struct mbdata *ek_mbp);
95 
96 /*
97  * Get a "security buffer" (header part)
98  */
99 static int
100 md_get_sb_hdr(struct mbdata *mbp, struct sec_buf *sb)
101 {
102 	int err;
103 
104 	(void) md_get_uint16le(mbp, &sb->sb_length);
105 	(void) md_get_uint16le(mbp, &sb->sb_maxlen);
106 	err = md_get_uint32le(mbp, &sb->sb_offset);
107 
108 	return (err);
109 }
110 
111 /*
112  * Get a "security buffer" (data part), where
113  * the data is delivered as an mbuf.
114  */
115 static int
116 md_get_sb_data(struct mbdata *mbp, struct sec_buf *sb, struct mbuf **mp)
117 {
118 	struct mbdata tmp_mb;
119 	int err;
120 
121 	/*
122 	 * Setup tmp_mb to point to the start of the header.
123 	 * This is a dup ref - do NOT free it.
124 	 */
125 	mb_initm(&tmp_mb, mbp->mb_top);
126 
127 	/* Skip data up to the offset. */
128 	err = md_get_mem(&tmp_mb, NULL, sb->sb_offset, MB_MSYSTEM);
129 	if (err)
130 		return (err);
131 
132 	/* Get the data (as an mbuf). */
133 	err = md_get_mbuf(&tmp_mb, sb->sb_maxlen, mp);
134 
135 	return (err);
136 }
137 
138 /*
139  * Put a "security buffer" (header part)
140  */
141 static int
142 mb_put_sb_hdr(struct mbdata *mbp, struct sec_buf *sb)
143 {
144 	int err;
145 
146 	(void) mb_put_uint16le(mbp, sb->sb_length);
147 	(void) mb_put_uint16le(mbp, sb->sb_maxlen);
148 	err = mb_put_uint32le(mbp, sb->sb_offset);
149 
150 	return (err);
151 }
152 
153 /*
154  * Put a "security buffer" (data part), where
155  * the data is an mbuf.  Note: consumes m.
156  */
157 static int
158 mb_put_sb_data(struct mbdata *mbp, struct sec_buf *sb, struct mbuf *m)
159 {
160 	int cnt0;
161 	int err = 0;
162 
163 	sb->sb_offset = cnt0 = mbp->mb_count;
164 	if (m != NULL)
165 		err = mb_put_mbuf(mbp, m);
166 	sb->sb_maxlen = sb->sb_length = mbp->mb_count - cnt0;
167 
168 	return (err);
169 }
170 
171 /*
172  * Put a "security buffer" (data part), where
173  * the data is a string (OEM or unicode).
174  *
175  * The string is NOT null terminated.
176  */
177 static int
178 mb_put_sb_string(struct mbdata *mbp, struct sec_buf *sb,
179 	const char *str, int unicode)
180 {
181 	int err, trim;
182 	struct mbdata tmp_mb;
183 
184 	bzero(&tmp_mb, sizeof (tmp_mb));
185 
186 	if (str != NULL && *str != '\0') {
187 		/*
188 		 * Put the string into a temp. mbuf,
189 		 * then chop off the null terminator
190 		 * before appending to caller's mbp.
191 		 */
192 		err = mb_init(&tmp_mb);
193 		if (err)
194 			return (err);
195 		err = mb_put_string(&tmp_mb, str, unicode);
196 		if (err)
197 			return (err);
198 
199 		trim = (unicode) ? 2 : 1;
200 		if (tmp_mb.mb_cur->m_len < trim)
201 			trim = 0;
202 		tmp_mb.mb_cur->m_len -= trim;
203 	}
204 
205 	err = mb_put_sb_data(mbp, sb, tmp_mb.mb_top);
206 	/*
207 	 * Note: tmp_mb.mb_top (if any) is consumed,
208 	 * so do NOT free it (no mb_done)
209 	 */
210 	return (err);
211 }
212 
213 /*
214  * Build a Type 1 message
215  *
216  * This message has a header section containing offsets to
217  * data later in the message.  We use the common trick of
218  * building it in two parts and then concatenatening.
219  */
220 int
221 ntlmssp_put_type1(struct ssp_ctx *sp, struct mbdata *out_mb)
222 {
223 	struct type1hdr {
224 		char h_id[ID_SZ];
225 		uint32_t h_type;
226 		uint32_t h_flags;
227 		struct sec_buf h_cldom;
228 		struct sec_buf h_wksta;
229 	} hdr;
230 	struct mbdata mb2;	/* 2nd part */
231 	int err;
232 	struct smb_ctx *ctx = sp->smb_ctx;
233 	ntlmssp_state_t *ssp_st = sp->sp_private;
234 
235 	if ((err = mb_init(&mb2)) != 0)
236 		return (err);
237 	mb2.mb_count = sizeof (hdr);
238 
239 	/*
240 	 * The initial negotiation flags represent the union of all
241 	 * options we support.  The server selects from these.
242 	 * See: [MS-NLMP 2.2.2.5 NEGOTIATE]
243 	 */
244 	ssp_st->ss_flags =
245 	    NTLMSSP_NEGOTIATE_UNICODE |
246 	    NTLMSSP_NEGOTIATE_OEM |
247 	    NTLMSSP_REQUEST_TARGET |
248 	    NTLMSSP_NEGOTIATE_SIGN |
249 	    NTLMSSP_NEGOTIATE_SEAL |
250 	    /* NTLMSSP_NEGOTIATE_LM_KEY (never) */
251 	    NTLMSSP_NEGOTIATE_NTLM |
252 	    NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
253 	    NTLMSSP_NEGOTIATE_ESS |
254 	    NTLMSSP_NEGOTIATE_128 |
255 	    NTLMSSP_NEGOTIATE_KEY_EXCH |
256 	    NTLMSSP_NEGOTIATE_56;
257 
258 	if ((ctx->ct_vopt & SMBVOPT_SIGNING_ENABLED) == 0)
259 		ssp_st->ss_flags &= ~NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
260 
261 	bcopy(ntlmssp_id, &hdr.h_id, ID_SZ);
262 	hdr.h_type = NTLMSSP_MSGTYPE_NEGOTIATE;
263 	hdr.h_flags = ssp_st->ss_flags;
264 
265 	/*
266 	 * We could put the client domain, client name strings
267 	 * here, (always in OEM format, upper-case), and set
268 	 * NTLMSSP_NEGOTIATE_OEM_..._SUPPLIED, but Windows
269 	 * leaves these NULL so let's do the same.
270 	 */
271 	(void) mb_put_sb_string(&mb2, &hdr.h_cldom, NULL, 0);
272 	(void) mb_put_sb_string(&mb2, &hdr.h_wksta, NULL, 0);
273 
274 	/*
275 	 * Marshal the header (in LE order)
276 	 * then concatenate the 2nd part.
277 	 */
278 	(void) mb_put_mem(out_mb, &hdr.h_id, ID_SZ, MB_MSYSTEM);
279 	(void) mb_put_uint32le(out_mb, hdr.h_type);
280 	(void) mb_put_uint32le(out_mb, hdr.h_flags);
281 	(void) mb_put_sb_hdr(out_mb, &hdr.h_cldom);
282 	(void) mb_put_sb_hdr(out_mb, &hdr.h_wksta);
283 
284 	err = mb_put_mbuf(out_mb, mb2.mb_top);
285 
286 	return (err);
287 }
288 
289 /*
290  * Parse a Type 2 message
291  */
292 int
293 ntlmssp_get_type2(struct ssp_ctx *sp, struct mbdata *in_mb)
294 {
295 	struct type2hdr {
296 		char h_id[ID_SZ];
297 		uint32_t h_type;
298 		struct sec_buf h_target_name;
299 		uint32_t h_flags;
300 		uint8_t h_challenge[8];
301 		uint32_t h_context[2];		/* optional */
302 		struct sec_buf h_target_info;	/* optional */
303 	} hdr;
304 	struct mbdata top_mb, tmp_mb;
305 	struct mbuf *m;
306 	int err, uc;
307 	int min_hdr_sz = offsetof(struct type2hdr, h_context);
308 	struct smb_ctx *ctx = sp->smb_ctx;
309 	ntlmssp_state_t *ssp_st = sp->sp_private;
310 	char *buf = NULL;
311 
312 	if (m_totlen(in_mb->mb_top) < min_hdr_sz) {
313 		err = EBADRPC;
314 		goto out;
315 	}
316 
317 	/*
318 	 * Save the mbdata pointers before we consume anything.
319 	 * Careful to NOT free this (would be dup. free)
320 	 * We use this below to find data based on offsets
321 	 * from the start of the header.
322 	 */
323 	top_mb = *in_mb;
324 
325 	/* Parse the fixed size header stuff. */
326 	bzero(&hdr, sizeof (hdr));
327 	(void) md_get_mem(in_mb, &hdr.h_id, ID_SZ, MB_MSYSTEM);
328 	(void) md_get_uint32le(in_mb, &hdr.h_type);
329 	if (hdr.h_type != NTLMSSP_MSGTYPE_CHALLENGE) {
330 		err = EPROTO;
331 		goto out;
332 	}
333 	(void) md_get_sb_hdr(in_mb, &hdr.h_target_name);
334 	(void) md_get_uint32le(in_mb, &hdr.h_flags);
335 	(void) md_get_mem(in_mb, &hdr.h_challenge, NTLM_CHAL_SZ, MB_MSYSTEM);
336 
337 	/*
338 	 * Save flags, server challenge for later.
339 	 */
340 	ssp_st->ss_flags = hdr.h_flags;
341 	bcopy(&hdr.h_challenge, ctx->ct_srv_chal, NTLM_CHAL_SZ);
342 
343 	/*
344 	 * Turn off flags that might have been given but
345 	 * that we don't want to send with authenticate.
346 	 */
347 	uc = hdr.h_flags & NTLMSSP_NEGOTIATE_UNICODE;
348 	ssp_st->ss_flags &= ~NTLMSSP_NEGOTIATE_VERSION;
349 
350 	/*
351 	 * Now find out if the optional parts are there.
352 	 */
353 	if ((m_totlen(top_mb.mb_top) > sizeof (hdr)) &&
354 	    (hdr.h_target_name.sb_offset >= sizeof (hdr))) {
355 		(void) md_get_uint32le(in_mb, &hdr.h_context[0]);
356 		(void) md_get_uint32le(in_mb, &hdr.h_context[1]);
357 		(void) md_get_sb_hdr(in_mb, &hdr.h_target_info);
358 	}
359 
360 	/*
361 	 * Get the target name string.  (Server name or
362 	 * Primary domain name.)  First get a copy of the
363 	 * data from the offset/length indicated in the
364 	 * security buffer header; then parse the string.
365 	 */
366 	err = md_get_sb_data(&top_mb, &hdr.h_target_name, &m);
367 	if (err)
368 		goto out;
369 	mb_initm(&tmp_mb, m);
370 	err = md_get_string(&tmp_mb, &ssp_st->ss_target_name, uc);
371 	mb_done(&tmp_mb);
372 
373 	/*
374 	 * Get the target info blob, if present.
375 	 */
376 	if (hdr.h_target_info.sb_offset >= sizeof (hdr)) {
377 		err = md_get_sb_data(&top_mb, &hdr.h_target_info,
378 		    &ssp_st->ss_target_info);
379 	}
380 
381 out:
382 	if (buf != NULL)
383 		free(buf);
384 
385 	return (err);
386 }
387 
388 /*
389  * Build a Type 3 message
390  *
391  * This message has a header section containing offsets to
392  * data later in the message.  We use the common trick of
393  * building it in two parts and then concatenatening.
394  */
395 int
396 ntlmssp_put_type3(struct ssp_ctx *sp, struct mbdata *out_mb)
397 {
398 	struct type3hdr {
399 		char h_id[ID_SZ];
400 		uint32_t h_type;
401 		struct sec_buf h_lm_resp;
402 		struct sec_buf h_nt_resp;
403 		struct sec_buf h_domain;
404 		struct sec_buf h_user;
405 		struct sec_buf h_wksta;
406 		struct sec_buf h_ssn_key;
407 		uint32_t h_flags;
408 		/* Version struct (ommitted) */
409 		uchar_t h_mic[NTLM_HASH_SZ];
410 	} hdr;
411 	struct mbdata lm_mbc;	/* LM response */
412 	struct mbdata nt_mbc;	/* NT response */
413 	struct mbdata ti_mbc;	/* target info */
414 	struct mbdata ek_mbc;	/* encrypted session key */
415 	struct mbdata mb2;	/* payload */
416 	int err, uc;
417 	struct smb_ctx *ctx = sp->smb_ctx;
418 	ntlmssp_state_t *ssp_st = sp->sp_private;
419 	uchar_t *pmic;
420 
421 	bzero(&hdr, sizeof (hdr));
422 	bzero(&lm_mbc, sizeof (lm_mbc));
423 	bzero(&nt_mbc, sizeof (nt_mbc));
424 	bzero(&ti_mbc, sizeof (ti_mbc));
425 	bzero(&ek_mbc, sizeof (ek_mbc));
426 	bzero(&mb2, sizeof (mb2));
427 
428 	/*
429 	 * Fill in the NTLMSSP header, etc.
430 	 */
431 	if ((err = mb_init(&mb2)) != 0)
432 		goto out;
433 	mb2.mb_count = sizeof (hdr);
434 	uc = ssp_st->ss_flags & NTLMSSP_NEGOTIATE_UNICODE;
435 
436 	bcopy(ntlmssp_id, &hdr.h_id, ID_SZ);
437 	hdr.h_type = NTLMSSP_MSGTYPE_AUTHENTICATE;
438 	hdr.h_flags = ssp_st->ss_flags;
439 
440 	/*
441 	 * Put the NTLMv2/LMv2 or NTLM/LM (v1) responses,
442 	 * and compute the session key, etc.
443 	 */
444 	if (ctx->ct_authflags & SMB_AT_ANON) {
445 		/*
446 		 * We're setting up a NULL session, meaning
447 		 * the lm_mbc, nt_mbc parts remain empty.
448 		 * Let's add the "anon" flag (hint), and
449 		 * as we have no OWF hashes, we can't use
450 		 * "extended session security" (_ESS).
451 		 * The SessionBaseKey is all zeros, so
452 		 * the KeyExchangeKey is too.  Otherwise
453 		 * this is like NTLMv2/LMv2
454 		 */
455 		ssp_st->ss_flags |= NTLMSSP_NEGOTIATE_NULL_SESSION;
456 		ssp_st->ss_flags &= ~NTLMSSP_NEGOTIATE_ESS;
457 		hdr.h_flags = ssp_st->ss_flags;
458 		err = 0;
459 		/* KeyExchangeKey = SessionBaseKey = (zeros) */
460 		memset(ssp_st->ss_ssnkey, 0, NTLM_HASH_SZ);
461 		memset(ssp_st->ss_kxkey, 0, NTLM_HASH_SZ);
462 	} else if (ctx->ct_authflags & SMB_AT_NTLM2) {
463 		/*
464 		 * Doing NTLMv2/LMv2
465 		 */
466 		err = ntlm_build_target_info(ctx,
467 		    ssp_st->ss_target_info, &ti_mbc);
468 		if (err)
469 			goto out;
470 		err = ntlm_put_v2_responses(ctx, &ti_mbc,
471 		    &lm_mbc, &nt_mbc, ssp_st->ss_ssnkey);
472 		if (err)
473 			goto out;
474 		/* KeyExchangeKey = SessionBaseKey (v2) */
475 		memcpy(ssp_st->ss_kxkey, ssp_st->ss_ssnkey, NTLM_HASH_SZ);
476 	} else if (ssp_st->ss_flags & NTLMSSP_NEGOTIATE_ESS) {
477 		/*
478 		 * Doing NTLM ("v1x") which is NTLM with
479 		 * "Extended Session Security"
480 		 */
481 		err = ntlm_put_v1x_responses(ctx,
482 		    &lm_mbc, &nt_mbc, ssp_st->ss_ssnkey);
483 		if (err)
484 			goto out;
485 		/*
486 		 * "v1x computes the KeyExchangeKey from both the
487 		 * server and client nonce and (v1) SessionBaseKey.
488 		 */
489 		ntlm2_kxkey(ctx, &lm_mbc, ssp_st->ss_ssnkey,
490 		    ssp_st->ss_kxkey);
491 	} else {
492 		/*
493 		 * Doing plain old NTLM (and LM if enabled)
494 		 */
495 		err = ntlm_put_v1_responses(ctx,
496 		    &lm_mbc, &nt_mbc, ssp_st->ss_ssnkey);
497 		if (err)
498 			goto out;
499 		/* KeyExchangeKey = SessionBaseKey (v1) */
500 		memcpy(ssp_st->ss_kxkey, ssp_st->ss_ssnkey, NTLM_HASH_SZ);
501 	}
502 
503 	/*
504 	 * Compute the "ExportedSessionKey" and (possibly) the
505 	 * "EncryptedRandomSesionKey". [MS-NLMP 3.1.5.1.2]
506 	 */
507 	if (ssp_st->ss_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
508 		err = ntlm_rand_ssn_key(ssp_st, &ek_mbc);
509 		if (err)
510 			goto out;
511 	} else {
512 		/* ExportedSessionKey is the KeyExchangeKey */
513 		memcpy(ssp_st->ss_ssnkey, ssp_st->ss_kxkey, NTLM_HASH_SZ);
514 		/* EncryptedRandomSessionKey remains NULL */
515 	}
516 
517 	err = mb_put_sb_data(&mb2, &hdr.h_lm_resp, lm_mbc.mb_top);
518 	lm_mbc.mb_top = NULL; /* consumed */
519 	if (err)
520 		goto out;
521 	err = mb_put_sb_data(&mb2, &hdr.h_nt_resp, nt_mbc.mb_top);
522 	nt_mbc.mb_top = NULL; /* consumed */
523 	if (err)
524 		goto out;
525 
526 	/*
527 	 * Put the "target" (domain), user, workstation
528 	 */
529 	err = mb_put_sb_string(&mb2, &hdr.h_domain, ctx->ct_domain, uc);
530 	if (err)
531 		goto out;
532 	err = mb_put_sb_string(&mb2, &hdr.h_user, ctx->ct_user, uc);
533 	if (err)
534 		goto out;
535 	err = mb_put_sb_string(&mb2, &hdr.h_wksta, ctx->ct_locname, uc);
536 	if (err)
537 		goto out;
538 
539 	/*
540 	 * Put the "Encrypted Random Session Key", if any.
541 	 * (ek_mbc.mb_top may be NULL)
542 	 */
543 	err = mb_put_sb_data(&mb2, &hdr.h_ssn_key, ek_mbc.mb_top);
544 	ek_mbc.mb_top = NULL; /* consumed (if any) */
545 	if (err)
546 		goto out;
547 
548 	/*
549 	 * Marshal the header (in LE order)
550 	 * then concatenate the 2nd part.
551 	 */
552 	(void) mb_put_mem(out_mb, &hdr.h_id, ID_SZ, MB_MSYSTEM);
553 	(void) mb_put_uint32le(out_mb, hdr.h_type);
554 
555 	(void) mb_put_sb_hdr(out_mb, &hdr.h_lm_resp);
556 	(void) mb_put_sb_hdr(out_mb, &hdr.h_nt_resp);
557 
558 	(void) mb_put_sb_hdr(out_mb, &hdr.h_domain);
559 	(void) mb_put_sb_hdr(out_mb, &hdr.h_user);
560 	(void) mb_put_sb_hdr(out_mb, &hdr.h_wksta);
561 
562 	(void) mb_put_sb_hdr(out_mb, &hdr.h_ssn_key);
563 	(void) mb_put_uint32le(out_mb, hdr.h_flags);
564 
565 	/* Put zeros for the MIC - filled in later */
566 	pmic = mb_reserve(out_mb, NTLM_HASH_SZ);
567 
568 	/* Put the payload. */
569 	err = mb_put_mbuf(out_mb, mb2.mb_top);
570 	mb2.mb_top = NULL; /* consumed */
571 
572 	/*
573 	 * Compute the MIC and stuff that in...
574 	 * The MIC is apparently optional.
575 	 */
576 	(void) pmic;
577 
578 out:
579 	mb_done(&mb2);
580 	mb_done(&lm_mbc);
581 	mb_done(&nt_mbc);
582 	mb_done(&ti_mbc);
583 	mb_done(&ek_mbc);
584 
585 	return (err);
586 }
587 
588 /*
589  * Helper for ntlmssp_put_type3 when doing key exchange.
590  *
591  * "ExportedSessionKey" is what we give to the "application"
592  * layer, which in here means the MAC key for SMB signing.
593  * With "key exchange", we replace the ExportedSessionKey
594  * with random data and send that (encrypted) to the peer.
595  */
596 static int
597 ntlm_rand_ssn_key(
598 	ntlmssp_state_t *ssp_st,
599 	struct mbdata *ek_mbp)
600 {
601 
602 	uchar_t *encr_ssn_key;
603 	int err;
604 
605 	if ((err = mb_init(ek_mbp)) != 0)
606 		return (err);
607 	encr_ssn_key = mb_reserve(ek_mbp, NTLM_HASH_SZ);
608 
609 	/* Set "ExportedSessionKey to NONCE(16) */
610 	(void) smb_get_urandom(ssp_st->ss_ssnkey, NTLM_HASH_SZ);
611 
612 	/* Set "EncryptedRandomSessionKey" to RC4(...) */
613 	err = smb_encrypt_RC4(encr_ssn_key, NTLM_HASH_SZ,
614 	    ssp_st->ss_kxkey, NTLM_HASH_SZ,
615 	    ssp_st->ss_ssnkey, NTLM_HASH_SZ);
616 
617 	return (err);
618 }
619 
620 /*
621  * ntlmssp_final
622  *
623  * Called after successful authentication.
624  * Save the session key.
625  */
626 int
627 ntlmssp_final(struct ssp_ctx *sp)
628 {
629 	struct smb_ctx *ctx = sp->smb_ctx;
630 	ntlmssp_state_t *ssp_st = sp->sp_private;
631 	int err = 0;
632 
633 	/*
634 	 * Update/save the session key.
635 	 */
636 	if (ctx->ct_ssnkey_buf != NULL) {
637 		free(ctx->ct_ssnkey_buf);
638 		ctx->ct_ssnkey_buf = NULL;
639 	}
640 	ctx->ct_ssnkey_buf = malloc(NTLM_HASH_SZ);
641 	if (ctx->ct_ssnkey_buf == NULL) {
642 		err = ENOMEM;
643 		goto out;
644 	}
645 	ctx->ct_ssnkey_len = NTLM_HASH_SZ;
646 	memcpy(ctx->ct_ssnkey_buf, ssp_st->ss_ssnkey, NTLM_HASH_SZ);
647 
648 out:
649 	return (err);
650 }
651 
652 /*
653  * ntlmssp_next_token
654  *
655  * See ssp.c: ssp_ctx_next_token
656  */
657 int
658 ntlmssp_next_token(struct ssp_ctx *sp, struct mbdata *in_mb,
659 	struct mbdata *out_mb)
660 {
661 	int err;
662 
663 	if (out_mb == NULL) {
664 		/* final call on successful auth. */
665 		err = ntlmssp_final(sp);
666 		goto out;
667 	}
668 
669 	/* Will build an ouptut token. */
670 	err = mb_init(out_mb);
671 	if (err)
672 		goto out;
673 
674 	/*
675 	 * When called with in_mb == NULL, it means
676 	 * this is the first call for this session,
677 	 * so put a Type 1 (initialize) token.
678 	 */
679 	if (in_mb == NULL) {
680 		err = ntlmssp_put_type1(sp, out_mb);
681 		goto out;
682 	}
683 
684 	/*
685 	 * This is not the first call, so
686 	 * parse the response token we received.
687 	 * It should be a Type 2 (challenge).
688 	 * Then put a Type 3 (authenticate)
689 	 */
690 	err = ntlmssp_get_type2(sp, in_mb);
691 	if (err)
692 		goto out;
693 
694 	err = ntlmssp_put_type3(sp, out_mb);
695 
696 out:
697 	if (err)
698 		DPRINT("ret: %d", err);
699 	return (err);
700 }
701 
702 /*
703  * ntlmssp_ctx_destroy
704  *
705  * Destroy mechanism-specific data.
706  */
707 void
708 ntlmssp_destroy(struct ssp_ctx *sp)
709 {
710 	ntlmssp_state_t *ssp_st;
711 
712 	ssp_st = sp->sp_private;
713 	if (ssp_st != NULL) {
714 		sp->sp_private = NULL;
715 		free(ssp_st->ss_target_name);
716 		m_freem(ssp_st->ss_target_info);
717 		free(ssp_st);
718 	}
719 }
720 
721 /*
722  * ntlmssp_init_clnt
723  *
724  * Initialize a new NTLMSSP client context.
725  */
726 int
727 ntlmssp_init_client(struct ssp_ctx *sp)
728 {
729 	ntlmssp_state_t *ssp_st;
730 	smb_ctx_t *ctx = sp->smb_ctx;
731 
732 	if ((ctx->ct_authflags &
733 	    (SMB_AT_NTLM2 | SMB_AT_NTLM1 | SMB_AT_ANON)) == 0) {
734 		DPRINT("No NTLM authflags");
735 		return (EINVAL);
736 	}
737 
738 	/* Get the client nonce. */
739 	(void) smb_get_urandom(ctx->ct_clnonce, NTLM_CHAL_SZ);
740 
741 	ssp_st = calloc(1, sizeof (*ssp_st));
742 	if (ssp_st == NULL)
743 		return (ENOMEM);
744 
745 	sp->sp_nexttok = ntlmssp_next_token;
746 	sp->sp_destroy = ntlmssp_destroy;
747 	sp->sp_private = ssp_st;
748 
749 	return (0);
750 }
751