The branch, v3-6-test has been updated
via c6673d9 Fix bug #9037 - Name clash in MD5 cause...
from ce8dfb6 s3-winbind: Fix bug #9052 resolving our own "Domain Local"
groups.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit c6673d9d2161ff1d8491f6cbc0b6ea0be03cdf4d
Author: Jura Sasek <jiri.sa...@oracle.com>
Date: Tue Jul 24 20:58:58 2012 +0200
Fix bug #9037 - Name clash in MD5 cause...
... the "net ads join" fails on T4 (sun4v) systems on Solaris 10.
-----------------------------------------------------------------------
Summary of changes:
lib/crypto/hmacmd5.c | 4 ++--
lib/crypto/hmacmd5.h | 2 +-
lib/crypto/md5.h | 12 ++++++++++++
lib/crypto/md5test.c | 2 +-
libcli/auth/credentials.c | 2 +-
libcli/auth/ntlmssp_server.c | 2 +-
libcli/auth/ntlmssp_sign.c | 2 +-
libcli/auth/schannel_sign.c | 2 +-
libcli/auth/smbencrypt.c | 8 ++++----
libcli/drsuapi/repl_decrypt.c | 4 ++--
source3/Makefile.in | 2 +-
source3/configure.in | 19 +++++++++++++++++++
source3/libsmb/ntlmssp.c | 2 +-
source3/libsmb/smb_signing.c | 2 +-
source3/modules/vfs_streams_xattr.c | 2 +-
source3/rpc_client/init_samr.c | 2 +-
source3/web/swat.c | 2 +-
source4/auth/credentials/credentials_ntlm.c | 2 +-
source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +-
source4/libcli/raw/smb_signing.c | 4 ++--
source4/libnet/libnet_passwd.c | 4 ++--
source4/ntp_signd/ntp_signd.c | 2 +-
source4/rpc_server/samr/samr_password.c | 2 +-
source4/torture/ntp/ntp_signd.c | 2 +-
source4/torture/rpc/samba3rpc.c | 2 +-
source4/torture/rpc/samlogon.c | 2 +-
source4/torture/rpc/samr.c | 8 ++++----
27 files changed, 66 insertions(+), 35 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/crypto/hmacmd5.c b/lib/crypto/hmacmd5.c
index cfbd428..2419bdb 100644
--- a/lib/crypto/hmacmd5.c
+++ b/lib/crypto/hmacmd5.c
@@ -36,7 +36,7 @@ _PUBLIC_ void hmac_md5_init_rfc2104(const uint8_t *key, int
key_len, HMACMD5Cont
/* if key is longer than 64 bytes reset it to key=MD5(key) */
if (key_len > 64)
{
- struct MD5Context tctx;
+ MD5_CTX tctx;
MD5Init(&tctx);
MD5Update(&tctx, key, key_len);
@@ -91,7 +91,7 @@ _PUBLIC_ void hmac_md5_update(const uint8_t *text, int
text_len, HMACMD5Context
***********************************************************************/
_PUBLIC_ void hmac_md5_final(uint8_t *digest, HMACMD5Context *ctx)
{
- struct MD5Context ctx_o;
+ MD5_CTX ctx_o;
MD5Final(digest, &ctx->ctx);
diff --git a/lib/crypto/hmacmd5.h b/lib/crypto/hmacmd5.h
index 91b8ca5..1fc2750 100644
--- a/lib/crypto/hmacmd5.h
+++ b/lib/crypto/hmacmd5.h
@@ -25,7 +25,7 @@
typedef struct
{
- struct MD5Context ctx;
+ MD5_CTX ctx;
uint8_t k_ipad[65];
uint8_t k_opad[65];
diff --git a/lib/crypto/md5.h b/lib/crypto/md5.h
index 4064d6f..edddbac 100644
--- a/lib/crypto/md5.h
+++ b/lib/crypto/md5.h
@@ -5,15 +5,27 @@
#define HEADER_MD5_H
#endif
+#ifdef HAVE_MD5_H
+/*
+ * Try to avoid clashes with Solaris MD5 implementation.
+ * ...where almost all implementations follows:
+ * "Schneier's Cryptography Classics Library"
+ */
+#include <md5.h>
+#else
+
struct MD5Context {
uint32_t buf[4];
uint32_t bits[2];
uint8_t in[64];
};
+typedef struct MD5Context MD5_CTX;
void MD5Init(struct MD5Context *context);
void MD5Update(struct MD5Context *context, const uint8_t *buf,
size_t len);
void MD5Final(uint8_t digest[16], struct MD5Context *context);
+#endif /* !HAVE_MD5_H */
+
#endif /* !MD5_H */
diff --git a/lib/crypto/md5test.c b/lib/crypto/md5test.c
index 0457d4d..256ddfa 100644
--- a/lib/crypto/md5test.c
+++ b/lib/crypto/md5test.c
@@ -63,7 +63,7 @@ bool torture_local_crypto_md5(struct torture_context *torture)
};
for (i=0; i < ARRAY_SIZE(testarray); i++) {
- struct MD5Context ctx;
+ MD5_CTX ctx;
uint8_t md5[16];
int e;
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 8130476..35158ca 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -69,7 +69,7 @@ static void netlogon_creds_init_128bit(struct
netlogon_creds_CredentialState *cr
{
unsigned char zero[4], tmp[16];
HMACMD5Context ctx;
- struct MD5Context md5;
+ MD5_CTX md5;
ZERO_STRUCT(creds->session_key);
diff --git a/libcli/auth/ntlmssp_server.c b/libcli/auth/ntlmssp_server.c
index 802ac40..0a759a8 100644
--- a/libcli/auth/ntlmssp_server.c
+++ b/libcli/auth/ntlmssp_server.c
@@ -359,7 +359,7 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state
*ntlmssp_state,
*/
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
if (ntlmssp_state->nt_resp.length == 24 &&
ntlmssp_state->lm_resp.length == 24) {
- struct MD5Context md5_session_nonce_ctx;
+ MD5_CTX md5_session_nonce_ctx;
state->doing_ntlm2 = true;
memcpy(state->session_nonce,
ntlmssp_state->internal_chal.data, 8);
diff --git a/libcli/auth/ntlmssp_sign.c b/libcli/auth/ntlmssp_sign.c
index 42b459c..454c448 100644
--- a/libcli/auth/ntlmssp_sign.c
+++ b/libcli/auth/ntlmssp_sign.c
@@ -51,7 +51,7 @@ static void calc_ntlmv2_key(uint8_t subkey[16],
DATA_BLOB session_key,
const char *constant)
{
- struct MD5Context ctx3;
+ MD5_CTX ctx3;
MD5Init(&ctx3);
MD5Update(&ctx3, session_key.data, session_key.length);
MD5Update(&ctx3, (const uint8_t *)constant, strlen(constant)+1);
diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign.c
index eb605f4..2d92283 100644
--- a/libcli/auth/schannel_sign.c
+++ b/libcli/auth/schannel_sign.c
@@ -110,7 +110,7 @@ static void netsec_do_sign(struct schannel_state *state,
{
uint8_t packet_digest[16];
static const uint8_t zeros[4];
- struct MD5Context ctx;
+ MD5_CTX ctx;
MD5Init(&ctx);
MD5Update(&ctx, zeros, 4);
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index f1451ea..ed1172b 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -99,7 +99,7 @@ bool E_md4hash(const char *passwd, uint8_t p16[16])
void E_md5hash(const uint8_t salt[16], const uint8_t nthash[16], uint8_t
hash_out[16])
{
- struct MD5Context tctx;
+ MD5_CTX tctx;
MD5Init(&tctx);
MD5Update(&tctx, salt, 16);
MD5Update(&tctx, nthash, 16);
@@ -623,7 +623,7 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
void encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532], const
DATA_BLOB *psession_key)
{
- struct MD5Context tctx;
+ MD5_CTX tctx;
unsigned char key_out[16];
/* Confounder is last 16 bytes. */
@@ -703,7 +703,7 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
struct wkssvc_PasswordBuffer **pwd_buf)
{
uint8_t buffer[516];
- struct MD5Context ctx;
+ MD5_CTX ctx;
struct wkssvc_PasswordBuffer *my_pwd_buf = NULL;
DATA_BLOB confounded_session_key;
int confounder_len = 8;
@@ -741,7 +741,7 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX
*mem_ctx,
char **pwd)
{
uint8_t buffer[516];
- struct MD5Context ctx;
+ MD5_CTX ctx;
size_t pwd_len;
DATA_BLOB confounded_session_key;
diff --git a/libcli/drsuapi/repl_decrypt.c b/libcli/drsuapi/repl_decrypt.c
index 6fff2fe..00b8db8 100644
--- a/libcli/drsuapi/repl_decrypt.c
+++ b/libcli/drsuapi/repl_decrypt.c
@@ -39,7 +39,7 @@ WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx,
DATA_BLOB confounder;
DATA_BLOB enc_buffer;
- struct MD5Context md5;
+ MD5_CTX md5;
uint8_t _enc_key[16];
DATA_BLOB enc_key;
@@ -198,7 +198,7 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX
*mem_ctx,
DATA_BLOB rid_crypt_out = data_blob(NULL, 0);
DATA_BLOB confounder;
- struct MD5Context md5;
+ MD5_CTX md5;
uint8_t _enc_key[16];
DATA_BLOB enc_key;
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 1a7ad8a..f4e8579 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -430,7 +430,7 @@ UTIL_OBJ = ../lib/util/rbtree.o ../lib/util/signal.o
../lib/util/time.o \
../lib/util/blocking.o ../lib/util/rfc1738.o \
../lib/util/select.o ../lib/util/util_pw.o
-CRYPTO_OBJ = ../lib/crypto/crc32.o ../lib/crypto/md5.o \
+CRYPTO_OBJ = ../lib/crypto/crc32.o @CRYPTO_MD5_OBJ@ \
../lib/crypto/hmacmd5.o ../lib/crypto/arcfour.o \
../lib/crypto/md4.o \
../lib/crypto/sha256.o ../lib/crypto/hmacsha256.o \
diff --git a/source3/configure.in b/source3/configure.in
index d8d3a1f..373396a 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -751,6 +751,25 @@ AC_CHECK_HEADERS(xfs/libxfs.h)
AC_CHECK_HEADERS(netgroup.h)
AC_CHECK_HEADERS(linux/falloc.h)
+dnl check for OS implementation of md5 conformant to rfc1321
+AC_CHECK_HEADERS(md5.h)
+if test x"$ac_cv_header_md5_h" = x"yes"; then
+ AC_DEFINE(HAVE_MD5_H, 1,
+ [Whether md5.h is available.])
+ AC_CHECK_LIB(md5, MD5Update,
+ [
+ LIBS="${LIBS} -lmd5"
+ CRYPTO_MD5_OBJ=
+ AC_DEFINE(HAVE_LIBMD5, 1,
+ [Whether libmd5 conformant to rfc1321 is available.])],
+ [
+ CRYPTO_MD5_OBJ="../lib/crypto/md5.o"])
+else
+ CRYPTO_MD5_OBJ="../lib/crypto/md5.o"
+fi
+AC_SUBST(CRYPTO_MD5_OBJ)
+
+
AC_CHECK_HEADERS(rpcsvc/yp_prot.h,,,[[
#if HAVE_RPC_RPC_H
#include <rpc/rpc.h>
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index d000ed5..1de6189 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -612,7 +612,7 @@ noccache:
return NT_STATUS_NO_MEMORY;
}
} else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
- struct MD5Context md5_session_nonce_ctx;
+ MD5_CTX md5_session_nonce_ctx;
uint8_t session_nonce[16];
uint8_t session_nonce_hash[16];
uint8_t user_session_key[16];
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index c926b48..3b89418 100644
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -137,7 +137,7 @@ static void smb_signing_md5(const DATA_BLOB *mac_key,
{
const size_t offset_end_of_sig = (smb_ss_field + 8);
uint8_t sequence_buf[8];
- struct MD5Context md5_ctx;
+ MD5_CTX md5_ctx;
/*
* Firstly put the sequence number into the first 4 bytes.
diff --git a/source3/modules/vfs_streams_xattr.c
b/source3/modules/vfs_streams_xattr.c
index 08d8d14..731c813 100644
--- a/source3/modules/vfs_streams_xattr.c
+++ b/source3/modules/vfs_streams_xattr.c
@@ -39,7 +39,7 @@ struct stream_io {
static SMB_INO_T stream_inode(const SMB_STRUCT_STAT *sbuf, const char *sname)
{
- struct MD5Context ctx;
+ MD5_CTX ctx;
unsigned char hash[16];
SMB_INO_T result;
char *upper_sname;
diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c
index e3bb301..7f1a229 100644
--- a/source3/rpc_client/init_samr.c
+++ b/source3/rpc_client/init_samr.c
@@ -34,7 +34,7 @@ void init_samr_CryptPasswordEx(const char *pwd,
/* samr_CryptPasswordEx */
uchar pwbuf[532];
- struct MD5Context md5_ctx;
+ MD5_CTX md5_ctx;
uint8_t confounder[16];
DATA_BLOB confounded_session_key = data_blob(NULL, 16);
diff --git a/source3/web/swat.c b/source3/web/swat.c
index e7c0378..1f6eb6c 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -151,7 +151,7 @@ static char *make_parm_name(const char *label)
void get_xsrf_token(const char *username, const char *pass,
const char *formname, time_t xsrf_time, char token_str[33])
{
- struct MD5Context md5_ctx;
+ MD5_CTX md5_ctx;
uint8_t token[16];
int i;
diff --git a/source4/auth/credentials/credentials_ntlm.c
b/source4/auth/credentials/credentials_ntlm.c
index 7f4af4f..78de8cd 100644
--- a/source4/auth/credentials/credentials_ntlm.c
+++ b/source4/auth/credentials/credentials_ntlm.c
@@ -110,7 +110,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct
cli_credentials *cred
/* LM Key is incompatible... */
*flags &= ~CLI_CRED_LANMAN_AUTH;
} else if (*flags & CLI_CRED_NTLM2) {
- struct MD5Context md5_session_nonce_ctx;
+ MD5_CTX md5_session_nonce_ctx;
uint8_t session_nonce[16];
uint8_t session_nonce_hash[16];
uint8_t user_session_key[16];
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c
b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 53d12d9..8d584a5 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1351,7 +1351,7 @@ static int setup_primary_wdigest(struct
setup_password_fields_io *io,
}
for (i=0; i < ARRAY_SIZE(wdigest); i++) {
- struct MD5Context md5;
+ MD5_CTX md5;
MD5Init(&md5);
if (wdigest[i].nt4dom) {
MD5Update(&md5, wdigest[i].nt4dom->data,
wdigest[i].nt4dom->length);
diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c
index d6d53db..baa64d4 100644
--- a/source4/libcli/raw/smb_signing.c
+++ b/source4/libcli/raw/smb_signing.c
@@ -103,7 +103,7 @@ bool signing_good(struct smb_signing_context *sign_info,
void sign_outgoing_message(struct smb_request_buffer *out, DATA_BLOB *mac_key,
unsigned int seq_num)
{
uint8_t calc_md5_mac[16];
- struct MD5Context md5_ctx;
+ MD5_CTX md5_ctx;
/*
* Firstly put the sequence number into the first 4 bytes.
@@ -138,7 +138,7 @@ bool check_signed_incoming_message(struct
smb_request_buffer *in, DATA_BLOB *mac
uint8_t calc_md5_mac[16];
uint8_t *server_sent_mac;
uint8_t sequence_buf[8];
- struct MD5Context md5_ctx;
+ MD5_CTX md5_ctx;
const size_t offset_end_of_sig = (HDR_SS_FIELD + 8);
int i;
const int sign_range = 0;
diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
index e1094f2..861d746 100644
--- a/source4/libnet/libnet_passwd.c
+++ b/source4/libnet/libnet_passwd.c
@@ -274,7 +274,7 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct
libnet_context *ctx, TA
DATA_BLOB session_key;
DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
uint8_t confounder[16];
- struct MD5Context md5;
+ MD5_CTX md5;
if (r->samr_handle.in.info21) {
return NT_STATUS_INVALID_PARAMETER_MIX;
@@ -330,7 +330,7 @@ static NTSTATUS libnet_SetPassword_samr_handle_25(struct
libnet_context *ctx, TA
DATA_BLOB session_key;
DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
uint8_t confounder[16];
- struct MD5Context md5;
+ MD5_CTX md5;
if (!r->samr_handle.in.info21) {
return NT_STATUS_INVALID_PARAMETER_MIX;
diff --git a/source4/ntp_signd/ntp_signd.c b/source4/ntp_signd/ntp_signd.c
index 969d698..55e1767 100644
--- a/source4/ntp_signd/ntp_signd.c
+++ b/source4/ntp_signd/ntp_signd.c
@@ -107,7 +107,7 @@ static NTSTATUS ntp_signd_process(struct
ntp_signd_connection *ntp_signd_conn,
enum ndr_err_code ndr_err;
struct ldb_result *res;
const char *attrs[] = { "unicodePwd", "userAccountControl", "cn", NULL
};
- struct MD5Context ctx;
+ MD5_CTX ctx;
struct samr_Password *nt_hash;
uint32_t user_account_control;
int ret;
diff --git a/source4/rpc_server/samr/samr_password.c
b/source4/rpc_server/samr/samr_password.c
index f2dcd05..ee13a11 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -544,7 +544,7 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state
*dce_call,
DATA_BLOB new_password;
DATA_BLOB co_session_key;
DATA_BLOB session_key = data_blob(NULL, 0);
- struct MD5Context ctx;
+ MD5_CTX ctx;
nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key);
if (!NT_STATUS_IS_OK(nt_status)) {
diff --git a/source4/torture/ntp/ntp_signd.c b/source4/torture/ntp/ntp_signd.c
index ce49d4f..89eb1a0 100644
--- a/source4/torture/ntp/ntp_signd.c
+++ b/source4/torture/ntp/ntp_signd.c
@@ -78,7 +78,7 @@ static bool test_ntp_signd(struct torture_context *tctx,
char *unix_address;
int sys_errno;
- struct MD5Context ctx;
+ MD5_CTX ctx;
uint8_t sig[16];
enum ndr_err_code ndr_err;
bool ok;
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index d0de309..26bed19 100644
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -774,7 +774,7 @@ static bool join3(struct torture_context *tctx,
DATA_BLOB session_key;
DATA_BLOB confounded_session_key = data_blob_talloc(
mem_ctx, NULL, 16);
- struct MD5Context ctx;
+ MD5_CTX ctx;
uint8_t confounder[16];
ZERO_STRUCT(u_info);
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index 0ba0d26..0b3dcd4 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -1075,7 +1075,7 @@ static bool test_ntlm2(struct samlogon_state
*samlogon_state, char **error_strin
uint8_t session_nonce_hash[16];
uint8_t client_chall[8];
- struct MD5Context md5_session_nonce_ctx;
+ MD5_CTX md5_session_nonce_ctx;
HMACMD5Context hmac_ctx;
ZERO_STRUCT(user_session_key);
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 53cb10a..7d9a1e2 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -771,7 +771,7 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p,
struct torture_context *tc
uint8_t confounder[16];
char *newpass;
struct dcerpc_binding_handle *b = p->binding_handle;
- struct MD5Context ctx;
+ MD5_CTX ctx;
struct samr_GetUserPwInfo pwp;
struct samr_PwInfo info;
int policy_min_pw_len = 0;
@@ -856,7 +856,7 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p,
struct torture_context *t
bool ret = true;
DATA_BLOB session_key;
DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
- struct MD5Context ctx;
+ MD5_CTX ctx;
uint8_t confounder[16];
char *newpass;
struct dcerpc_binding_handle *b = p->binding_handle;
@@ -1140,7 +1140,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe
*p,
bool ret = true;
DATA_BLOB session_key;
DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
- struct MD5Context ctx;
+ MD5_CTX ctx;
uint8_t confounder[16];
char *newpass;
struct dcerpc_binding_handle *b = p->binding_handle;
@@ -2458,7 +2458,7 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe
*p, struct torture_contex
DATA_BLOB session_key;
DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
uint8_t confounder[16];
- struct MD5Context ctx;
+ MD5_CTX ctx;
bool ret = true;
struct lsa_String server, account;
--
Samba Shared Repository
