The branch, master has been updated
       via  aca444c Remove useless bool "upper_case_domain" parameter from 
ntv2_owf_gen().
       via  cbdf6c5 Remove useless bool "upper_case_domain" parameter.
       via  43870fb Move uppercasing the domain out of smb_pwd_check_ntlmv2()
      from  ced27e1 s3:lib: make sure we don't try to send messages to 
server_id's marked as disconnected

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit aca444cbfc495831ab0a265214ed48be74560bf2
Author: Jeremy Allison <j...@samba.org>
Date:   Thu Aug 23 16:02:09 2012 -0700

    Remove useless bool "upper_case_domain" parameter from ntv2_owf_gen().
    
    The code in SMBNTLMv2encrypt_hash() should not be requesting case
    changes on the domain name.
    
    Autobuild-User(master): Jeremy Allison <j...@samba.org>
    Autobuild-Date(master): Fri Aug 24 21:39:42 CEST 2012 on sn-devel-104

commit cbdf6c5c5135ce7d14ceff5d12b99428f4285e13
Author: Jeremy Allison <j...@samba.org>
Date:   Thu Aug 23 15:59:54 2012 -0700

    Remove useless bool "upper_case_domain" parameter.

commit 43870fb2c83c0fc70fb84b48dffe8f93bacf43c9
Author: Jeremy Allison <j...@samba.org>
Date:   Thu Aug 23 15:46:16 2012 -0700

    Move uppercasing the domain out of smb_pwd_check_ntlmv2()
    
    Allows us to remove a silly bool parameter.
    
    Based on work done by "Blohm, Guntram (I/FP-37, extern)" 
<extern.guntram.bl...@audi.de>.

-----------------------------------------------------------------------

Summary of changes:
 libcli/auth/ntlm_check.c |   41 +++++++++++++++++++++--------------------
 libcli/auth/proto.h      |    1 -
 libcli/auth/smbencrypt.c |   11 +----------
 3 files changed, 22 insertions(+), 31 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c
index 9520d32..dc70957 100644
--- a/libcli/auth/ntlm_check.c
+++ b/libcli/auth/ntlm_check.c
@@ -87,7 +87,6 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
                                 const uint8_t *part_passwd,
                                 const DATA_BLOB *sec_blob,
                                 const char *user, const char *domain,
-                                bool upper_case_domain, /* should the domain 
be transformed into upper case? */
                                 DATA_BLOB *user_sess_key)
 {
        /* Finish the encryption of part_passwd. */
@@ -122,7 +121,7 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
           but for NTLMv2 it is meant to contain the current time etc.
        */
 
-       if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) {
+       if (!ntv2_owf_gen(part_passwd, user, domain, kr)) {
                return false;
        }
 
@@ -161,7 +160,6 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx,
                                const uint8_t *part_passwd,
                                const DATA_BLOB *sec_blob,
                                const char *user, const char *domain,
-                               bool upper_case_domain, /* should the domain be 
transformed into upper case? */
                                DATA_BLOB *user_sess_key)
 {
        /* Finish the encryption of part_passwd. */
@@ -192,7 +190,7 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx,
 
        client_key_data = data_blob_talloc(mem_ctx, ntv2_response->data+16, 
ntv2_response->length-16);
 
-       if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) {
+       if (!ntv2_owf_gen(part_passwd, user, domain, kr)) {
                return false;
        }
 
@@ -297,6 +295,14 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 {
        const static uint8_t zeros[8];
        DATA_BLOB tmp_sess_key;
+       const char *upper_client_domain = NULL;
+
+       if (client_domain != NULL) {
+               upper_client_domain = talloc_strdup_upper(mem_ctx, 
client_domain);
+               if (upper_client_domain == NULL) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+       }
 
        if (stored_nt == NULL) {
                DEBUG(3,("ntlm_password_check: NO NT password stored for user 
%s.\n", 
@@ -349,13 +355,13 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
                /* We have the NT MD4 hash challenge available - see if we can
                   use it 
                */
-               DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with 
domain [%s]\n", client_domain));
+               DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with 
domain [%s]\n",
+                       client_domain ? client_domain : "<NULL>"));
                if (smb_pwd_check_ntlmv2(mem_ctx,
                                         nt_response, 
                                         stored_nt->hash, challenge, 
                                         client_username, 
                                         client_domain,
-                                        false,
                                         user_sess_key)) {
                        if (user_sess_key->length) {
                                *lm_sess_key = data_blob_talloc(mem_ctx, 
user_sess_key->data, MIN(8, user_sess_key->length));
@@ -363,13 +369,13 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
                        return NT_STATUS_OK;
                }
 
-               DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with 
uppercased version of domain [%s]\n", client_domain));
+               DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with 
uppercased version of domain [%s]\n",
+                       upper_client_domain ? upper_client_domain : "<NULL>"));
                if (smb_pwd_check_ntlmv2(mem_ctx,
                                         nt_response, 
                                         stored_nt->hash, challenge, 
                                         client_username, 
-                                        client_domain,
-                                        true,
+                                        upper_client_domain,
                                         user_sess_key)) {
                        if (user_sess_key->length) {
                                *lm_sess_key = data_blob_talloc(mem_ctx, 
user_sess_key->data, MIN(8, user_sess_key->length));
@@ -383,7 +389,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
                                         stored_nt->hash, challenge, 
                                         client_username, 
                                         "",
-                                        false,
                                         user_sess_key)) {
                        if (user_sess_key->length) {
                                *lm_sess_key = data_blob_talloc(mem_ctx, 
user_sess_key->data, MIN(8, user_sess_key->length));
@@ -471,13 +476,13 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
        /* This is for 'LMv2' authentication.  almost NTLMv2 but limited to 24 
bytes.
           - related to Win9X, legacy NAS pass-though authentication
        */
-       DEBUG(4,("ntlm_password_check: Checking LMv2 password with domain 
%s\n", client_domain));
+       DEBUG(4,("ntlm_password_check: Checking LMv2 password with domain %s\n",
+               client_domain ? client_domain : "<NULL>"));
        if (smb_pwd_check_ntlmv2(mem_ctx,
                                 lm_response, 
                                 stored_nt->hash, challenge, 
                                 client_username,
                                 client_domain,
-                                false,
                                 &tmp_sess_key)) {
                if (nt_response->length > 24) {
                        /* If NTLMv2 authentication has preceeded us
@@ -489,7 +494,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
                                            stored_nt->hash, challenge, 
                                            client_username,
                                            client_domain,
-                                           false,
                                            user_sess_key);
                } else {
                        /* Otherwise, use the LMv2 session key */
@@ -501,13 +505,13 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
                return NT_STATUS_OK;
        }
 
-       DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased 
version of domain %s\n", client_domain));
+       DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased 
version of domain %s\n",
+               upper_client_domain ? upper_client_domain : "<NULL>"));
        if (smb_pwd_check_ntlmv2(mem_ctx,
                                 lm_response, 
                                 stored_nt->hash, challenge, 
                                 client_username,
-                                client_domain,
-                                true,
+                                upper_client_domain,
                                 &tmp_sess_key)) {
                if (nt_response->length > 24) {
                        /* If NTLMv2 authentication has preceeded us
@@ -518,8 +522,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
                                            nt_response, 
                                            stored_nt->hash, challenge, 
                                            client_username,
-                                           client_domain,
-                                           true,
+                                           upper_client_domain,
                                            user_sess_key);
                } else {
                        /* Otherwise, use the LMv2 session key */
@@ -537,7 +540,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
                                 stored_nt->hash, challenge, 
                                 client_username,
                                 "",
-                                false,
                                 &tmp_sess_key)) {
                if (nt_response->length > 24) {
                        /* If NTLMv2 authentication has preceeded us
@@ -549,7 +551,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
                                            stored_nt->hash, challenge, 
                                            client_username,
                                            "",
-                                           false,
                                            user_sess_key);
                } else {
                        /* Otherwise, use the LMv2 session key */
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 3d05474..37c87b4 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -109,7 +109,6 @@ bool E_deshash(const char *passwd, uint8_t p16[16]);
 void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], uint8_t p16[16]);
 bool ntv2_owf_gen(const uint8_t owf[16],
                  const char *user_in, const char *domain_in,
-                 bool upper_case_domain, /* Transform the domain into UPPER 
case */
                  uint8_t kr_buf[16]);
 void SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t 
p24[24]);
 void SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t 
*p24);
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index 37d5672..372ef01 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -185,7 +185,6 @@ void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], 
uint8_t p16[16])
 /* Does both the NTLMv2 owfs of a user's password */
 bool ntv2_owf_gen(const uint8_t owf[16],
                  const char *user_in, const char *domain_in,
-                 bool upper_case_domain, /* Transform the domain into UPPER 
case */
                  uint8_t kr_buf[16])
 {
        smb_ucs2_t *user;
@@ -215,14 +214,6 @@ bool ntv2_owf_gen(const uint8_t owf[16],
                return false;
        }
 
-       if (upper_case_domain) {
-               domain_in = strupper_talloc(mem_ctx, domain_in);
-               if (domain_in == NULL) {
-                       talloc_free(mem_ctx);
-                       return false;
-               }
-       }
-
        ret = push_ucs2_talloc(mem_ctx, &user, user_in, &user_byte_len );
        if (!ret) {
                DEBUG(0, ("push_uss2_talloc() for user failed)\n"));
@@ -498,7 +489,7 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx,
           the username and domain.
           This prevents username swapping during the auth exchange
        */
-       if (!ntv2_owf_gen(nt_hash, user, domain, true, ntlm_v2_hash)) {
+       if (!ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash)) {
                return false;
        }
 


-- 
Samba Shared Repository

Reply via email to