The branch, master has been updated via 4afb211... s3:ntlmssp: remove unused p24 variable from ntlmssp_sign_init() via 9d5f41c... s3:ntlmssp: move some indentation in ntlmssp_sign.c via 05f7a86... s3:ntlmssp: remove unused ntlmssp_stored_response() via 7cff7d9... s3:ntlmssp: remove unused ref_count from ntlmssp_state via e78558a... s3:ntlmssp: fix whitespace in ntlmssp.h via 5541a91... s3:ntlmssp: fix spelling via 5ff127b... s3:ntlmssp: rename NTLM_MESSAGE_TYPE into ntlmssp_message_type via 8ab6279... s4:ntlmssp: fix whitespaces in ntlmssp.h from e5fbff0... s3: Check for lp_winbind_trusted_domains_only in wb_gettoken()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 4afb211f4ff8e74965451dd89d6d85b41f5aec52 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Dec 24 22:42:03 2009 +0100 s3:ntlmssp: remove unused p24 variable from ntlmssp_sign_init() metze commit 9d5f41ca010650875de8c992a55939bf530144ab Author: Stefan Metzmacher <me...@samba.org> Date: Thu Dec 24 22:30:42 2009 +0100 s3:ntlmssp: move some indentation in ntlmssp_sign.c metze commit 05f7a86a997be45eb23ffc349f79572d570f10ab Author: Stefan Metzmacher <me...@samba.org> Date: Thu Dec 24 22:07:19 2009 +0100 s3:ntlmssp: remove unused ntlmssp_stored_response() metze commit 7cff7d937e067642f76a1785696653ec07a5495c Author: Stefan Metzmacher <me...@samba.org> Date: Thu Dec 24 22:00:08 2009 +0100 s3:ntlmssp: remove unused ref_count from ntlmssp_state metze commit e78558a45b5f149603ac97139f1a1e421833969f Author: Stefan Metzmacher <me...@samba.org> Date: Thu Dec 24 21:55:50 2009 +0100 s3:ntlmssp: fix whitespace in ntlmssp.h metze commit 5541a91dfffa9b615e22bd06b2e0848e484a0fa2 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Dec 24 21:52:42 2009 +0100 s3:ntlmssp: fix spelling metze commit 5ff127b64102d4d240fafcb92de44e1aaf994a82 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Dec 24 21:51:11 2009 +0100 s3:ntlmssp: rename NTLM_MESSAGE_TYPE into ntlmssp_message_type metze commit 8ab62799edc0f445350de73f0e8c9e2ee9ebe168 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Dec 24 21:47:53 2009 +0100 s4:ntlmssp: fix whitespaces in ntlmssp.h metze ----------------------------------------------------------------------- Summary of changes: source3/include/ntlmssp.h | 12 ++-------- source3/include/proto.h | 2 - source3/libsmb/ntlmssp.c | 44 +++++---------------------------------- source3/libsmb/ntlmssp_sign.c | 44 +++++++++++++++++++-------------------- source4/auth/ntlmssp/ntlmssp.h | 32 ++++++++++++++-------------- 5 files changed, 46 insertions(+), 88 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h index 6c91250..f30b53f 100644 --- a/source3/include/ntlmssp.h +++ b/source3/include/ntlmssp.h @@ -27,7 +27,7 @@ enum ntlmssp_role }; /* NTLMSSP message types */ -enum NTLM_MESSAGE_TYPE +enum ntlmssp_message_type { NTLMSSP_INITIAL = 0 /* samba internal state */, NTLMSSP_NEGOTIATE = 1, @@ -43,7 +43,6 @@ enum NTLM_MESSAGE_TYPE struct ntlmssp_state { - unsigned int ref_count; enum ntlmssp_role role; enum server_types server_role; uint32_t expected_state; @@ -60,7 +59,7 @@ struct ntlmssp_state DATA_BLOB internal_chal; /* Random challenge as supplied to the client for NTLM authentication */ DATA_BLOB chal; /* Random challenge as input into the actual NTLM (or NTLM2) authentication */ - DATA_BLOB lm_resp; + DATA_BLOB lm_resp; DATA_BLOB nt_resp; DATA_BLOB session_key; @@ -72,7 +71,7 @@ struct ntlmssp_state * Callback to get the 'challenge' used for NTLM authentication. * * @param ntlmssp_state This structure - * @return 8 bytes of challnege data, determined by the server to be the challenge for NTLM authentication + * @return 8 bytes of challenge data, determined by the server to be the challenge for NTLM authentication * */ void (*get_challenge)(const struct ntlmssp_state *ntlmssp_state, @@ -132,9 +131,4 @@ struct ntlmssp_state /* ntlmv1 */ struct arcfour_state ntlmv1_arc4_state; uint32_t ntlmv1_seq_num; - - /* it turns out that we don't always get the - response in at the time we want to process it. - Store it here, until we need it */ - DATA_BLOB stored_response; }; diff --git a/source3/include/proto.h b/source3/include/proto.h index f81ab91..87701bf 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3218,8 +3218,6 @@ NTSTATUS ntlmssp_set_hashes(struct ntlmssp_state *ntlmssp_state, NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *password) ; NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *domain) ; NTSTATUS ntlmssp_set_workstation(struct ntlmssp_state *ntlmssp_state, const char *workstation) ; -NTSTATUS ntlmssp_store_response(struct ntlmssp_state *ntlmssp_state, - DATA_BLOB response) ; void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *feature_list); void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32 feature); NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state, diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index 065d3b9..aaa5031 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -43,7 +43,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, static const struct ntlmssp_callbacks { enum ntlmssp_role role; - enum NTLM_MESSAGE_TYPE ntlmssp_command; + enum ntlmssp_message_type ntlmssp_command; NTSTATUS (*fn)(struct ntlmssp_state *ntlmssp_state, DATA_BLOB in, DATA_BLOB *out); } ntlmssp_callbacks[] = { @@ -223,20 +223,6 @@ NTSTATUS ntlmssp_set_workstation(struct ntlmssp_state *ntlmssp_state, const char } /** - * Store a DATA_BLOB containing an NTLMSSP response, for use later. - * This copies the data blob - */ - -NTSTATUS ntlmssp_store_response(struct ntlmssp_state *ntlmssp_state, - DATA_BLOB response) -{ - ntlmssp_state->stored_response = data_blob_talloc(ntlmssp_state, - response.data, - response.length); - return NT_STATUS_OK; -} - -/** * Request features for the NTLMSSP negotiation * * @param ntlmssp_state NTLMSSP state @@ -290,9 +276,8 @@ void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32 feature) */ NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state, - const DATA_BLOB in, DATA_BLOB *out) + const DATA_BLOB input, DATA_BLOB *out) { - DATA_BLOB input; uint32 ntlmssp_command; int i; @@ -304,15 +289,6 @@ NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state, *out = data_blob_null; - if (!in.length && ntlmssp_state->stored_response.length) { - input = ntlmssp_state->stored_response; - - /* we only want to read the stored response once - overwrite it */ - ntlmssp_state->stored_response = data_blob_null; - } else { - input = in; - } - if (!input.length) { switch (ntlmssp_state->role) { case NTLMSSP_CLIENT: @@ -359,14 +335,10 @@ NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state, void ntlmssp_end(struct ntlmssp_state **ntlmssp_state) { - (*ntlmssp_state)->ref_count--; - - if ((*ntlmssp_state)->ref_count == 0) { - data_blob_free(&(*ntlmssp_state)->chal); - data_blob_free(&(*ntlmssp_state)->lm_resp); - data_blob_free(&(*ntlmssp_state)->nt_resp); - TALLOC_FREE(*ntlmssp_state); - } + data_blob_free(&(*ntlmssp_state)->chal); + data_blob_free(&(*ntlmssp_state)->lm_resp); + data_blob_free(&(*ntlmssp_state)->nt_resp); + TALLOC_FREE(*ntlmssp_state); *ntlmssp_state = NULL; return; @@ -924,8 +896,6 @@ NTSTATUS ntlmssp_server_start(struct ntlmssp_state **ntlmssp_state) (*ntlmssp_state)->expected_state = NTLMSSP_NEGOTIATE; - (*ntlmssp_state)->ref_count = 1; - (*ntlmssp_state)->neg_flags = NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_56 | @@ -1260,8 +1230,6 @@ NTSTATUS ntlmssp_client_start(struct ntlmssp_state **ntlmssp_state) (*ntlmssp_state)->expected_state = NTLMSSP_INITIAL; - (*ntlmssp_state)->ref_count = 1; - (*ntlmssp_state)->neg_flags = NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_ALWAYS_SIGN | diff --git a/source3/libsmb/ntlmssp_sign.c b/source3/libsmb/ntlmssp_sign.c index f27cac3..3fd22ce 100644 --- a/source3/libsmb/ntlmssp_sign.c +++ b/source3/libsmb/ntlmssp_sign.c @@ -77,27 +77,27 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat } switch (direction) { - case NTLMSSP_SEND: - DEBUG(100,("ntlmssp_make_packet_signature: SEND seq = %u, len = %u, pdu_len = %u\n", - ntlmssp_state->ntlm2_send_seq_num, - (unsigned int)length, - (unsigned int)pdu_length)); - - SIVAL(seq_num, 0, ntlmssp_state->ntlm2_send_seq_num); - ntlmssp_state->ntlm2_send_seq_num++; - hmac_md5_init_limK_to_64(ntlmssp_state->send_sign_key, 16, &ctx); - break; - case NTLMSSP_RECEIVE: + case NTLMSSP_SEND: + DEBUG(100,("ntlmssp_make_packet_signature: SEND seq = %u, len = %u, pdu_len = %u\n", + ntlmssp_state->ntlm2_send_seq_num, + (unsigned int)length, + (unsigned int)pdu_length)); + + SIVAL(seq_num, 0, ntlmssp_state->ntlm2_send_seq_num); + ntlmssp_state->ntlm2_send_seq_num++; + hmac_md5_init_limK_to_64(ntlmssp_state->send_sign_key, 16, &ctx); + break; + case NTLMSSP_RECEIVE: - DEBUG(100,("ntlmssp_make_packet_signature: RECV seq = %u, len = %u, pdu_len = %u\n", - ntlmssp_state->ntlm2_recv_seq_num, - (unsigned int)length, - (unsigned int)pdu_length)); + DEBUG(100,("ntlmssp_make_packet_signature: RECV seq = %u, len = %u, pdu_len = %u\n", + ntlmssp_state->ntlm2_recv_seq_num, + (unsigned int)length, + (unsigned int)pdu_length)); - SIVAL(seq_num, 0, ntlmssp_state->ntlm2_recv_seq_num); - ntlmssp_state->ntlm2_recv_seq_num++; - hmac_md5_init_limK_to_64(ntlmssp_state->recv_sign_key, 16, &ctx); - break; + SIVAL(seq_num, 0, ntlmssp_state->ntlm2_recv_seq_num); + ntlmssp_state->ntlm2_recv_seq_num++; + hmac_md5_init_limK_to_64(ntlmssp_state->recv_sign_key, 16, &ctx); + break; } dump_data_pw("pdu data ", whole_pdu, pdu_length); @@ -332,9 +332,7 @@ NTSTATUS ntlmssp_unseal_packet(struct ntlmssp_state *ntlmssp_state, */ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) { - unsigned char p24[24]; TALLOC_CTX *mem_ctx; - ZERO_STRUCT(p24); mem_ctx = talloc_init("weak_keys"); if (!mem_ctx) { diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h index 7743e76..f596cb8 100644 --- a/source4/auth/ntlmssp/ntlmssp.h +++ b/source4/auth/ntlmssp/ntlmssp.h @@ -1,20 +1,20 @@ -/* +/* Unix SMB/CIFS implementation. SMB parameters and setup Copyright (C) Andrew Tridgell 1992-1997 Copyright (C) Luke Kenneth Casson Leighton 1996-1997 Copyright (C) Paul Ashton 1997 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -37,7 +37,7 @@ enum ntlmssp_message_type NTLMSSP_CHALLENGE = 2, NTLMSSP_AUTH = 3, NTLMSSP_UNKNOWN = 4, - NTLMSSP_DONE = 5 /* samba final state */ + NTLMSSP_DONE = 5 /* samba final state */ }; struct gensec_ntlmssp_state @@ -65,17 +65,17 @@ struct gensec_ntlmssp_state DATA_BLOB internal_chal; /* Random challenge as supplied to the client for NTLM authentication */ DATA_BLOB chal; /* Random challenge as input into the actual NTLM (or NTLM2) authentication */ - DATA_BLOB lm_resp; + DATA_BLOB lm_resp; DATA_BLOB nt_resp; DATA_BLOB session_key; - + uint32_t neg_flags; /* the current state of negotiation with the NTLMSSP partner */ /* internal variables used by KEY_EXCH (client-supplied user session key */ DATA_BLOB encrypted_session_key; /** - * Callback to get the 'challenge' used for NTLM authentication. + * Callback to get the 'challenge' used for NTLM authentication. * * @param ntlmssp_state This structure * @return 8 bytes of challenge data, determined by the server to be the challenge for NTLM authentication @@ -84,10 +84,10 @@ struct gensec_ntlmssp_state const uint8_t *(*get_challenge)(const struct gensec_ntlmssp_state *); /** - * Callback to find if the challenge used by NTLM authentication may be modified + * Callback to find if the challenge used by NTLM authentication may be modified * * The NTLM2 authentication scheme modifies the effective challenge, but this is not compatiable with the - * current 'security=server' implementation.. + * current 'security=server' implementation.. * * @param ntlmssp_state This structure * @return Can the challenge be set to arbitary values? @@ -96,7 +96,7 @@ struct gensec_ntlmssp_state bool (*may_set_challenge)(const struct gensec_ntlmssp_state *); /** - * Callback to set the 'challenge' used for NTLM authentication. + * Callback to set the 'challenge' used for NTLM authentication. * * The callback may use the void *auth_context to store state information, but the same value is always available * from the DATA_BLOB chal on this structure. @@ -108,21 +108,21 @@ struct gensec_ntlmssp_state NTSTATUS (*set_challenge)(struct gensec_ntlmssp_state *, DATA_BLOB *challenge); /** - * Callback to check the user's password. + * Callback to check the user's password. * - * The callback must reads the feilds of this structure for the information it needs on the user + * The callback must reads the feilds of this structure for the information it needs on the user * @param ntlmssp_state This structure * @param nt_session_key If an NT session key is returned by the authentication process, return it here * @param lm_session_key If an LM session key is returned by the authentication process, return it here * */ - NTSTATUS (*check_password)(struct gensec_ntlmssp_state *, - TALLOC_CTX *mem_ctx, + NTSTATUS (*check_password)(struct gensec_ntlmssp_state *, + TALLOC_CTX *mem_ctx, DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key); const char *server_name; - bool doing_ntlm2; + bool doing_ntlm2; union { /* NTLM */ -- Samba Shared Repository