The branch, v3-6-test has been updated via c6673d9 Fix bug #9037 - Name clash in MD5 cause... from ce8dfb6 s3-winbind: Fix bug #9052 resolving our own "Domain Local" groups.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log ----------------------------------------------------------------- commit c6673d9d2161ff1d8491f6cbc0b6ea0be03cdf4d Author: Jura Sasek <jiri.sa...@oracle.com> Date: Tue Jul 24 20:58:58 2012 +0200 Fix bug #9037 - Name clash in MD5 cause... ... the "net ads join" fails on T4 (sun4v) systems on Solaris 10. ----------------------------------------------------------------------- Summary of changes: lib/crypto/hmacmd5.c | 4 ++-- lib/crypto/hmacmd5.h | 2 +- lib/crypto/md5.h | 12 ++++++++++++ lib/crypto/md5test.c | 2 +- libcli/auth/credentials.c | 2 +- libcli/auth/ntlmssp_server.c | 2 +- libcli/auth/ntlmssp_sign.c | 2 +- libcli/auth/schannel_sign.c | 2 +- libcli/auth/smbencrypt.c | 8 ++++---- libcli/drsuapi/repl_decrypt.c | 4 ++-- source3/Makefile.in | 2 +- source3/configure.in | 19 +++++++++++++++++++ source3/libsmb/ntlmssp.c | 2 +- source3/libsmb/smb_signing.c | 2 +- source3/modules/vfs_streams_xattr.c | 2 +- source3/rpc_client/init_samr.c | 2 +- source3/web/swat.c | 2 +- source4/auth/credentials/credentials_ntlm.c | 2 +- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- source4/libcli/raw/smb_signing.c | 4 ++-- source4/libnet/libnet_passwd.c | 4 ++-- source4/ntp_signd/ntp_signd.c | 2 +- source4/rpc_server/samr/samr_password.c | 2 +- source4/torture/ntp/ntp_signd.c | 2 +- source4/torture/rpc/samba3rpc.c | 2 +- source4/torture/rpc/samlogon.c | 2 +- source4/torture/rpc/samr.c | 8 ++++---- 27 files changed, 66 insertions(+), 35 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/crypto/hmacmd5.c b/lib/crypto/hmacmd5.c index cfbd428..2419bdb 100644 --- a/lib/crypto/hmacmd5.c +++ b/lib/crypto/hmacmd5.c @@ -36,7 +36,7 @@ _PUBLIC_ void hmac_md5_init_rfc2104(const uint8_t *key, int key_len, HMACMD5Cont /* if key is longer than 64 bytes reset it to key=MD5(key) */ if (key_len > 64) { - struct MD5Context tctx; + MD5_CTX tctx; MD5Init(&tctx); MD5Update(&tctx, key, key_len); @@ -91,7 +91,7 @@ _PUBLIC_ void hmac_md5_update(const uint8_t *text, int text_len, HMACMD5Context ***********************************************************************/ _PUBLIC_ void hmac_md5_final(uint8_t *digest, HMACMD5Context *ctx) { - struct MD5Context ctx_o; + MD5_CTX ctx_o; MD5Final(digest, &ctx->ctx); diff --git a/lib/crypto/hmacmd5.h b/lib/crypto/hmacmd5.h index 91b8ca5..1fc2750 100644 --- a/lib/crypto/hmacmd5.h +++ b/lib/crypto/hmacmd5.h @@ -25,7 +25,7 @@ typedef struct { - struct MD5Context ctx; + MD5_CTX ctx; uint8_t k_ipad[65]; uint8_t k_opad[65]; diff --git a/lib/crypto/md5.h b/lib/crypto/md5.h index 4064d6f..edddbac 100644 --- a/lib/crypto/md5.h +++ b/lib/crypto/md5.h @@ -5,15 +5,27 @@ #define HEADER_MD5_H #endif +#ifdef HAVE_MD5_H +/* + * Try to avoid clashes with Solaris MD5 implementation. + * ...where almost all implementations follows: + * "Schneier's Cryptography Classics Library" + */ +#include <md5.h> +#else + struct MD5Context { uint32_t buf[4]; uint32_t bits[2]; uint8_t in[64]; }; +typedef struct MD5Context MD5_CTX; void MD5Init(struct MD5Context *context); void MD5Update(struct MD5Context *context, const uint8_t *buf, size_t len); void MD5Final(uint8_t digest[16], struct MD5Context *context); +#endif /* !HAVE_MD5_H */ + #endif /* !MD5_H */ diff --git a/lib/crypto/md5test.c b/lib/crypto/md5test.c index 0457d4d..256ddfa 100644 --- a/lib/crypto/md5test.c +++ b/lib/crypto/md5test.c @@ -63,7 +63,7 @@ bool torture_local_crypto_md5(struct torture_context *torture) }; for (i=0; i < ARRAY_SIZE(testarray); i++) { - struct MD5Context ctx; + MD5_CTX ctx; uint8_t md5[16]; int e; diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index 8130476..35158ca 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -69,7 +69,7 @@ static void netlogon_creds_init_128bit(struct netlogon_creds_CredentialState *cr { unsigned char zero[4], tmp[16]; HMACMD5Context ctx; - struct MD5Context md5; + MD5_CTX md5; ZERO_STRUCT(creds->session_key); diff --git a/libcli/auth/ntlmssp_server.c b/libcli/auth/ntlmssp_server.c index 802ac40..0a759a8 100644 --- a/libcli/auth/ntlmssp_server.c +++ b/libcli/auth/ntlmssp_server.c @@ -359,7 +359,7 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state, */ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { if (ntlmssp_state->nt_resp.length == 24 && ntlmssp_state->lm_resp.length == 24) { - struct MD5Context md5_session_nonce_ctx; + MD5_CTX md5_session_nonce_ctx; state->doing_ntlm2 = true; memcpy(state->session_nonce, ntlmssp_state->internal_chal.data, 8); diff --git a/libcli/auth/ntlmssp_sign.c b/libcli/auth/ntlmssp_sign.c index 42b459c..454c448 100644 --- a/libcli/auth/ntlmssp_sign.c +++ b/libcli/auth/ntlmssp_sign.c @@ -51,7 +51,7 @@ static void calc_ntlmv2_key(uint8_t subkey[16], DATA_BLOB session_key, const char *constant) { - struct MD5Context ctx3; + MD5_CTX ctx3; MD5Init(&ctx3); MD5Update(&ctx3, session_key.data, session_key.length); MD5Update(&ctx3, (const uint8_t *)constant, strlen(constant)+1); diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign.c index eb605f4..2d92283 100644 --- a/libcli/auth/schannel_sign.c +++ b/libcli/auth/schannel_sign.c @@ -110,7 +110,7 @@ static void netsec_do_sign(struct schannel_state *state, { uint8_t packet_digest[16]; static const uint8_t zeros[4]; - struct MD5Context ctx; + MD5_CTX ctx; MD5Init(&ctx); MD5Update(&ctx, zeros, 4); diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c index f1451ea..ed1172b 100644 --- a/libcli/auth/smbencrypt.c +++ b/libcli/auth/smbencrypt.c @@ -99,7 +99,7 @@ bool E_md4hash(const char *passwd, uint8_t p16[16]) void E_md5hash(const uint8_t salt[16], const uint8_t nthash[16], uint8_t hash_out[16]) { - struct MD5Context tctx; + MD5_CTX tctx; MD5Init(&tctx); MD5Update(&tctx, salt, 16); MD5Update(&tctx, nthash, 16); @@ -623,7 +623,7 @@ bool decode_pw_buffer(TALLOC_CTX *ctx, void encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532], const DATA_BLOB *psession_key) { - struct MD5Context tctx; + MD5_CTX tctx; unsigned char key_out[16]; /* Confounder is last 16 bytes. */ @@ -703,7 +703,7 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, struct wkssvc_PasswordBuffer **pwd_buf) { uint8_t buffer[516]; - struct MD5Context ctx; + MD5_CTX ctx; struct wkssvc_PasswordBuffer *my_pwd_buf = NULL; DATA_BLOB confounded_session_key; int confounder_len = 8; @@ -741,7 +741,7 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, char **pwd) { uint8_t buffer[516]; - struct MD5Context ctx; + MD5_CTX ctx; size_t pwd_len; DATA_BLOB confounded_session_key; diff --git a/libcli/drsuapi/repl_decrypt.c b/libcli/drsuapi/repl_decrypt.c index 6fff2fe..00b8db8 100644 --- a/libcli/drsuapi/repl_decrypt.c +++ b/libcli/drsuapi/repl_decrypt.c @@ -39,7 +39,7 @@ WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx, DATA_BLOB confounder; DATA_BLOB enc_buffer; - struct MD5Context md5; + MD5_CTX md5; uint8_t _enc_key[16]; DATA_BLOB enc_key; @@ -198,7 +198,7 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx, DATA_BLOB rid_crypt_out = data_blob(NULL, 0); DATA_BLOB confounder; - struct MD5Context md5; + MD5_CTX md5; uint8_t _enc_key[16]; DATA_BLOB enc_key; diff --git a/source3/Makefile.in b/source3/Makefile.in index 1a7ad8a..f4e8579 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -430,7 +430,7 @@ UTIL_OBJ = ../lib/util/rbtree.o ../lib/util/signal.o ../lib/util/time.o \ ../lib/util/blocking.o ../lib/util/rfc1738.o \ ../lib/util/select.o ../lib/util/util_pw.o -CRYPTO_OBJ = ../lib/crypto/crc32.o ../lib/crypto/md5.o \ +CRYPTO_OBJ = ../lib/crypto/crc32.o @CRYPTO_MD5_OBJ@ \ ../lib/crypto/hmacmd5.o ../lib/crypto/arcfour.o \ ../lib/crypto/md4.o \ ../lib/crypto/sha256.o ../lib/crypto/hmacsha256.o \ diff --git a/source3/configure.in b/source3/configure.in index d8d3a1f..373396a 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -751,6 +751,25 @@ AC_CHECK_HEADERS(xfs/libxfs.h) AC_CHECK_HEADERS(netgroup.h) AC_CHECK_HEADERS(linux/falloc.h) +dnl check for OS implementation of md5 conformant to rfc1321 +AC_CHECK_HEADERS(md5.h) +if test x"$ac_cv_header_md5_h" = x"yes"; then + AC_DEFINE(HAVE_MD5_H, 1, + [Whether md5.h is available.]) + AC_CHECK_LIB(md5, MD5Update, + [ + LIBS="${LIBS} -lmd5" + CRYPTO_MD5_OBJ= + AC_DEFINE(HAVE_LIBMD5, 1, + [Whether libmd5 conformant to rfc1321 is available.])], + [ + CRYPTO_MD5_OBJ="../lib/crypto/md5.o"]) +else + CRYPTO_MD5_OBJ="../lib/crypto/md5.o" +fi +AC_SUBST(CRYPTO_MD5_OBJ) + + AC_CHECK_HEADERS(rpcsvc/yp_prot.h,,,[[ #if HAVE_RPC_RPC_H #include <rpc/rpc.h> diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index d000ed5..1de6189 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -612,7 +612,7 @@ noccache: return NT_STATUS_NO_MEMORY; } } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { - struct MD5Context md5_session_nonce_ctx; + MD5_CTX md5_session_nonce_ctx; uint8_t session_nonce[16]; uint8_t session_nonce_hash[16]; uint8_t user_session_key[16]; diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c index c926b48..3b89418 100644 --- a/source3/libsmb/smb_signing.c +++ b/source3/libsmb/smb_signing.c @@ -137,7 +137,7 @@ static void smb_signing_md5(const DATA_BLOB *mac_key, { const size_t offset_end_of_sig = (smb_ss_field + 8); uint8_t sequence_buf[8]; - struct MD5Context md5_ctx; + MD5_CTX md5_ctx; /* * Firstly put the sequence number into the first 4 bytes. diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index 08d8d14..731c813 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -39,7 +39,7 @@ struct stream_io { static SMB_INO_T stream_inode(const SMB_STRUCT_STAT *sbuf, const char *sname) { - struct MD5Context ctx; + MD5_CTX ctx; unsigned char hash[16]; SMB_INO_T result; char *upper_sname; diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c index e3bb301..7f1a229 100644 --- a/source3/rpc_client/init_samr.c +++ b/source3/rpc_client/init_samr.c @@ -34,7 +34,7 @@ void init_samr_CryptPasswordEx(const char *pwd, /* samr_CryptPasswordEx */ uchar pwbuf[532]; - struct MD5Context md5_ctx; + MD5_CTX md5_ctx; uint8_t confounder[16]; DATA_BLOB confounded_session_key = data_blob(NULL, 16); diff --git a/source3/web/swat.c b/source3/web/swat.c index e7c0378..1f6eb6c 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -151,7 +151,7 @@ static char *make_parm_name(const char *label) void get_xsrf_token(const char *username, const char *pass, const char *formname, time_t xsrf_time, char token_str[33]) { - struct MD5Context md5_ctx; + MD5_CTX md5_ctx; uint8_t token[16]; int i; diff --git a/source4/auth/credentials/credentials_ntlm.c b/source4/auth/credentials/credentials_ntlm.c index 7f4af4f..78de8cd 100644 --- a/source4/auth/credentials/credentials_ntlm.c +++ b/source4/auth/credentials/credentials_ntlm.c @@ -110,7 +110,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred /* LM Key is incompatible... */ *flags &= ~CLI_CRED_LANMAN_AUTH; } else if (*flags & CLI_CRED_NTLM2) { - struct MD5Context md5_session_nonce_ctx; + MD5_CTX md5_session_nonce_ctx; uint8_t session_nonce[16]; uint8_t session_nonce_hash[16]; uint8_t user_session_key[16]; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 53d12d9..8d584a5 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1351,7 +1351,7 @@ static int setup_primary_wdigest(struct setup_password_fields_io *io, } for (i=0; i < ARRAY_SIZE(wdigest); i++) { - struct MD5Context md5; + MD5_CTX md5; MD5Init(&md5); if (wdigest[i].nt4dom) { MD5Update(&md5, wdigest[i].nt4dom->data, wdigest[i].nt4dom->length); diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c index d6d53db..baa64d4 100644 --- a/source4/libcli/raw/smb_signing.c +++ b/source4/libcli/raw/smb_signing.c @@ -103,7 +103,7 @@ bool signing_good(struct smb_signing_context *sign_info, void sign_outgoing_message(struct smb_request_buffer *out, DATA_BLOB *mac_key, unsigned int seq_num) { uint8_t calc_md5_mac[16]; - struct MD5Context md5_ctx; + MD5_CTX md5_ctx; /* * Firstly put the sequence number into the first 4 bytes. @@ -138,7 +138,7 @@ bool check_signed_incoming_message(struct smb_request_buffer *in, DATA_BLOB *mac uint8_t calc_md5_mac[16]; uint8_t *server_sent_mac; uint8_t sequence_buf[8]; - struct MD5Context md5_ctx; + MD5_CTX md5_ctx; const size_t offset_end_of_sig = (HDR_SS_FIELD + 8); int i; const int sign_range = 0; diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c index e1094f2..861d746 100644 --- a/source4/libnet/libnet_passwd.c +++ b/source4/libnet/libnet_passwd.c @@ -274,7 +274,7 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16); uint8_t confounder[16]; - struct MD5Context md5; + MD5_CTX md5; if (r->samr_handle.in.info21) { return NT_STATUS_INVALID_PARAMETER_MIX; @@ -330,7 +330,7 @@ static NTSTATUS libnet_SetPassword_samr_handle_25(struct libnet_context *ctx, TA DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16); uint8_t confounder[16]; - struct MD5Context md5; + MD5_CTX md5; if (!r->samr_handle.in.info21) { return NT_STATUS_INVALID_PARAMETER_MIX; diff --git a/source4/ntp_signd/ntp_signd.c b/source4/ntp_signd/ntp_signd.c index 969d698..55e1767 100644 --- a/source4/ntp_signd/ntp_signd.c +++ b/source4/ntp_signd/ntp_signd.c @@ -107,7 +107,7 @@ static NTSTATUS ntp_signd_process(struct ntp_signd_connection *ntp_signd_conn, enum ndr_err_code ndr_err; struct ldb_result *res; const char *attrs[] = { "unicodePwd", "userAccountControl", "cn", NULL }; - struct MD5Context ctx; + MD5_CTX ctx; struct samr_Password *nt_hash; uint32_t user_account_control; int ret; diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index f2dcd05..ee13a11 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -544,7 +544,7 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call, DATA_BLOB new_password; DATA_BLOB co_session_key; DATA_BLOB session_key = data_blob(NULL, 0); - struct MD5Context ctx; + MD5_CTX ctx; nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key); if (!NT_STATUS_IS_OK(nt_status)) { diff --git a/source4/torture/ntp/ntp_signd.c b/source4/torture/ntp/ntp_signd.c index ce49d4f..89eb1a0 100644 --- a/source4/torture/ntp/ntp_signd.c +++ b/source4/torture/ntp/ntp_signd.c @@ -78,7 +78,7 @@ static bool test_ntp_signd(struct torture_context *tctx, char *unix_address; int sys_errno; - struct MD5Context ctx; + MD5_CTX ctx; uint8_t sig[16]; enum ndr_err_code ndr_err; bool ok; diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index d0de309..26bed19 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -774,7 +774,7 @@ static bool join3(struct torture_context *tctx, DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc( mem_ctx, NULL, 16); - struct MD5Context ctx; + MD5_CTX ctx; uint8_t confounder[16]; ZERO_STRUCT(u_info); diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c index 0ba0d26..0b3dcd4 100644 --- a/source4/torture/rpc/samlogon.c +++ b/source4/torture/rpc/samlogon.c @@ -1075,7 +1075,7 @@ static bool test_ntlm2(struct samlogon_state *samlogon_state, char **error_strin uint8_t session_nonce_hash[16]; uint8_t client_chall[8]; - struct MD5Context md5_session_nonce_ctx; + MD5_CTX md5_session_nonce_ctx; HMACMD5Context hmac_ctx; ZERO_STRUCT(user_session_key); diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 53cb10a..7d9a1e2 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -771,7 +771,7 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc uint8_t confounder[16]; char *newpass; struct dcerpc_binding_handle *b = p->binding_handle; - struct MD5Context ctx; + MD5_CTX ctx; struct samr_GetUserPwInfo pwp; struct samr_PwInfo info; int policy_min_pw_len = 0; @@ -856,7 +856,7 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t bool ret = true; DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16); - struct MD5Context ctx; + MD5_CTX ctx; uint8_t confounder[16]; char *newpass; struct dcerpc_binding_handle *b = p->binding_handle; @@ -1140,7 +1140,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, bool ret = true; DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16); - struct MD5Context ctx; + MD5_CTX ctx; uint8_t confounder[16]; char *newpass; struct dcerpc_binding_handle *b = p->binding_handle; @@ -2458,7 +2458,7 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16); uint8_t confounder[16]; - struct MD5Context ctx; + MD5_CTX ctx; bool ret = true; struct lsa_String server, account; -- Samba Shared Repository