The branch, master has been updated via aca444c Remove useless bool "upper_case_domain" parameter from ntv2_owf_gen(). via cbdf6c5 Remove useless bool "upper_case_domain" parameter. via 43870fb Move uppercasing the domain out of smb_pwd_check_ntlmv2() from ced27e1 s3:lib: make sure we don't try to send messages to server_id's marked as disconnected
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit aca444cbfc495831ab0a265214ed48be74560bf2 Author: Jeremy Allison <j...@samba.org> Date: Thu Aug 23 16:02:09 2012 -0700 Remove useless bool "upper_case_domain" parameter from ntv2_owf_gen(). The code in SMBNTLMv2encrypt_hash() should not be requesting case changes on the domain name. Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Fri Aug 24 21:39:42 CEST 2012 on sn-devel-104 commit cbdf6c5c5135ce7d14ceff5d12b99428f4285e13 Author: Jeremy Allison <j...@samba.org> Date: Thu Aug 23 15:59:54 2012 -0700 Remove useless bool "upper_case_domain" parameter. commit 43870fb2c83c0fc70fb84b48dffe8f93bacf43c9 Author: Jeremy Allison <j...@samba.org> Date: Thu Aug 23 15:46:16 2012 -0700 Move uppercasing the domain out of smb_pwd_check_ntlmv2() Allows us to remove a silly bool parameter. Based on work done by "Blohm, Guntram (I/FP-37, extern)" <extern.guntram.bl...@audi.de>. ----------------------------------------------------------------------- Summary of changes: libcli/auth/ntlm_check.c | 41 +++++++++++++++++++++-------------------- libcli/auth/proto.h | 1 - libcli/auth/smbencrypt.c | 11 +---------- 3 files changed, 22 insertions(+), 31 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c index 9520d32..dc70957 100644 --- a/libcli/auth/ntlm_check.c +++ b/libcli/auth/ntlm_check.c @@ -87,7 +87,6 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, const uint8_t *part_passwd, const DATA_BLOB *sec_blob, const char *user, const char *domain, - bool upper_case_domain, /* should the domain be transformed into upper case? */ DATA_BLOB *user_sess_key) { /* Finish the encryption of part_passwd. */ @@ -122,7 +121,7 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, but for NTLMv2 it is meant to contain the current time etc. */ - if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) { + if (!ntv2_owf_gen(part_passwd, user, domain, kr)) { return false; } @@ -161,7 +160,6 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx, const uint8_t *part_passwd, const DATA_BLOB *sec_blob, const char *user, const char *domain, - bool upper_case_domain, /* should the domain be transformed into upper case? */ DATA_BLOB *user_sess_key) { /* Finish the encryption of part_passwd. */ @@ -192,7 +190,7 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx, client_key_data = data_blob_talloc(mem_ctx, ntv2_response->data+16, ntv2_response->length-16); - if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) { + if (!ntv2_owf_gen(part_passwd, user, domain, kr)) { return false; } @@ -297,6 +295,14 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, { const static uint8_t zeros[8]; DATA_BLOB tmp_sess_key; + const char *upper_client_domain = NULL; + + if (client_domain != NULL) { + upper_client_domain = talloc_strdup_upper(mem_ctx, client_domain); + if (upper_client_domain == NULL) { + return NT_STATUS_NO_MEMORY; + } + } if (stored_nt == NULL) { DEBUG(3,("ntlm_password_check: NO NT password stored for user %s.\n", @@ -349,13 +355,13 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, /* We have the NT MD4 hash challenge available - see if we can use it */ - DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n", client_domain)); + DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n", + client_domain ? client_domain : "<NULL>")); if (smb_pwd_check_ntlmv2(mem_ctx, nt_response, stored_nt->hash, challenge, client_username, client_domain, - false, user_sess_key)) { if (user_sess_key->length) { *lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length)); @@ -363,13 +369,13 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } - DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", client_domain)); + DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", + upper_client_domain ? upper_client_domain : "<NULL>")); if (smb_pwd_check_ntlmv2(mem_ctx, nt_response, stored_nt->hash, challenge, client_username, - client_domain, - true, + upper_client_domain, user_sess_key)) { if (user_sess_key->length) { *lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length)); @@ -383,7 +389,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, "", - false, user_sess_key)) { if (user_sess_key->length) { *lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length)); @@ -471,13 +476,13 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, /* This is for 'LMv2' authentication. almost NTLMv2 but limited to 24 bytes. - related to Win9X, legacy NAS pass-though authentication */ - DEBUG(4,("ntlm_password_check: Checking LMv2 password with domain %s\n", client_domain)); + DEBUG(4,("ntlm_password_check: Checking LMv2 password with domain %s\n", + client_domain ? client_domain : "<NULL>")); if (smb_pwd_check_ntlmv2(mem_ctx, lm_response, stored_nt->hash, challenge, client_username, client_domain, - false, &tmp_sess_key)) { if (nt_response->length > 24) { /* If NTLMv2 authentication has preceeded us @@ -489,7 +494,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, client_domain, - false, user_sess_key); } else { /* Otherwise, use the LMv2 session key */ @@ -501,13 +505,13 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } - DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n", client_domain)); + DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n", + upper_client_domain ? upper_client_domain : "<NULL>")); if (smb_pwd_check_ntlmv2(mem_ctx, lm_response, stored_nt->hash, challenge, client_username, - client_domain, - true, + upper_client_domain, &tmp_sess_key)) { if (nt_response->length > 24) { /* If NTLMv2 authentication has preceeded us @@ -518,8 +522,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, nt_response, stored_nt->hash, challenge, client_username, - client_domain, - true, + upper_client_domain, user_sess_key); } else { /* Otherwise, use the LMv2 session key */ @@ -537,7 +540,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, "", - false, &tmp_sess_key)) { if (nt_response->length > 24) { /* If NTLMv2 authentication has preceeded us @@ -549,7 +551,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, "", - false, user_sess_key); } else { /* Otherwise, use the LMv2 session key */ diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index 3d05474..37c87b4 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -109,7 +109,6 @@ bool E_deshash(const char *passwd, uint8_t p16[16]); void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], uint8_t p16[16]); bool ntv2_owf_gen(const uint8_t owf[16], const char *user_in, const char *domain_in, - bool upper_case_domain, /* Transform the domain into UPPER case */ uint8_t kr_buf[16]); void SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]); void SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p24); diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c index 37d5672..372ef01 100644 --- a/libcli/auth/smbencrypt.c +++ b/libcli/auth/smbencrypt.c @@ -185,7 +185,6 @@ void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], uint8_t p16[16]) /* Does both the NTLMv2 owfs of a user's password */ bool ntv2_owf_gen(const uint8_t owf[16], const char *user_in, const char *domain_in, - bool upper_case_domain, /* Transform the domain into UPPER case */ uint8_t kr_buf[16]) { smb_ucs2_t *user; @@ -215,14 +214,6 @@ bool ntv2_owf_gen(const uint8_t owf[16], return false; } - if (upper_case_domain) { - domain_in = strupper_talloc(mem_ctx, domain_in); - if (domain_in == NULL) { - talloc_free(mem_ctx); - return false; - } - } - ret = push_ucs2_talloc(mem_ctx, &user, user_in, &user_byte_len ); if (!ret) { DEBUG(0, ("push_uss2_talloc() for user failed)\n")); @@ -498,7 +489,7 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx, the username and domain. This prevents username swapping during the auth exchange */ - if (!ntv2_owf_gen(nt_hash, user, domain, true, ntlm_v2_hash)) { + if (!ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash)) { return false; } -- Samba Shared Repository