The branch, master has been updated via 98bcdca torture-netlogon: Use "all_zero" where appropriate via 015a41a torture-samlogon: Avoid static zeros via b3d5fe9 torture-samlogon: Use "all_zero" where appropriate via 6eeb3ec torture-dfs: Use "all_zero" where appropriate via efb5f38 auth4: Use "all_zero" where appropriate via a4bc275 kdc: Use "all_zero" where appropriate via 80bb18d samr3: Use "all_zero" where appropriate via c9955da libads: Use "all_zero" where appropriate via 214abc9 lib: Use "all_zero" where appropriate via 25465b1 librpc: Use "all_zero" where appropriate via 20c56e2 libnet: Use "all_zero" where appropriate via f5847b6 auth: Use "all_zero" where appropriate via f46932a librpc: Use "all_zero" where appropriate via 577418c libcli: Use "all_zero" where appropriate via ac389ee passdb: Use "all_zero" where appropriate via d3322cd auth3: Avoid some zeros footprint via 9c72823 ntlm_auth: Use "all_zero" where appropriate via 0eea65d libcli: Use "all_zero" where appropriate via 38884b2 libcli: Use "all_zero" where appropriate via f50b6e7 auth3: Use "all_zero" where appropriate via 3d9b1bd libcli: Use "all_zero" where appropriate via 66e4026 lib: Remove a duplicate prototype via ebdce3c libsmb: Add name_status_lmhosts from 5bcf3f1 WHATSNEW: Some small formal fixes.
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 98bcdca632c7e508af2ecb3e8d6e005d04523c83 Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 torture-netlogon: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> Autobuild-User(master): Ralph Böhme <s...@samba.org> Autobuild-Date(master): Tue Jan 3 19:56:17 CET 2017 on sn-devel-144 commit 015a41a5e358849bc5960f9bc7714f751ad0f7b7 Author: Volker Lendecke <v...@samba.org> Date: Sun Jan 1 16:28:36 2017 +0000 torture-samlogon: Avoid static zeros Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit b3d5fe9679a56ba20e9627fecda36c60a471a20c Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 torture-samlogon: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 6eeb3ec3ab19ddee11829f1d5ac2d13ef1c7b18c Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 torture-dfs: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit efb5f38f1f03d3f1326a8fa115d19101c41db95a Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 auth4: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit a4bc275d947932c0a72e4f6d395634224f903e1a Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 kdc: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 80bb18d896a5609adb526a39c8512a4bc94cb409 Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 samr3: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit c9955da65ad1befe51ad21dd884956c199b4c9b5 Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 libads: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 214abc98e667bfa529eec86e5f1ef7e2c1cb8f37 Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 lib: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 25465b118a32d0f4dea777da5880195ed7f27ecf Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 librpc: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 20c56e21ca4a5f2abcc618deb7d23e432721c88a Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 libnet: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit f5847b6e3484f7660535e60ba2d5df2fc8dad096 Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 auth: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit f46932abfcd6461f4aa61302312ba13f641fc3d7 Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 librpc: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 577418c87ef7ead24bcc09149c5a54840b7bc287 Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 libcli: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit ac389eedece4ed9917cbac8b759b83f2111b3b66 Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 passdb: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit d3322cdd21a28968fb6442843cbf169dc1ae0737 Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 13:11:10 2016 +0000 auth3: Avoid some zeros footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 9c72823a99c4355af23530db2f6e263ac2b58458 Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 ntlm_auth: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 0eea65d3728aaac3a443f5b57172d7486ca1c893 Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 libcli: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 38884b2b2b08d54311d3b927900c5a9b071f8a5e Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 libcli: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit f50b6e7cb4aa1891f4a6808cc7008f64aee79e49 Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 auth3: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 3d9b1bdf6c8f969c5075f1e0b47714a8a534bc2a Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:45:51 2016 +0000 libcli: Use "all_zero" where appropriate ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 66e402653f9a7991d03c7d483a9186a5400ab70e Author: Volker Lendecke <v...@samba.org> Date: Sat Dec 31 12:38:45 2016 +0000 lib: Remove a duplicate prototype Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit ebdce3c489a856f233067d806fa4e3fb35976919 Author: Volker Lendecke <v...@samba.org> Date: Mon Dec 19 20:18:41 2016 +0100 libsmb: Add name_status_lmhosts Don't ask... Oh, you did? :-) Try to figure out a hosts' name from lmhosts. This is for a setup I've come across where for several reasons kerberos and ldap were unusable (very organically grown but unchangeable Solaris 10 installation with tons of ancient libs that ./configure incorrectly finds and where tar xf samba-4.5.3.tar takes 5 minutes...), so I had to fall back to compile with --without-ads. Unfortunately in that environment NetBIOS was also turned off, but the "winbind rpc only" code relies on name_status to get a DC's name from its IP address for the netlogon calls. This walks the local lmhosts file to scan for the same information. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/krb5_wrap/krb5_samba.c | 8 ++---- libcli/auth/credentials.c | 33 +++++++++------------ libcli/auth/ntlm_check.c | 5 ++-- libcli/samsync/decrypt.c | 15 ++++------ libcli/smb/smbXcli_base.c | 10 ++----- librpc/ndr/ndr_sec_helper.c | 12 ++------ source3/auth/auth_util.c | 10 +++---- source3/auth/check_samsec.c | 5 ++-- source3/include/proto.h | 1 - source3/libads/kerberos_keytab.c | 30 ++++--------------- source3/libnet/libnet_dssync_passdb.c | 7 ++--- source3/libnet/libnet_keytab.h | 1 - source3/libnet/libnet_samsync_display.c | 6 ++-- source3/libnet/libnet_samsync_keytab.c | 2 +- source3/libnet/libnet_samsync_ldif.c | 7 ++--- source3/libnet/libnet_samsync_passdb.c | 7 ++--- source3/librpc/crypto/gse_krb5.c | 38 +++++++----------------- source3/libsmb/namequery.c | 43 ++++++++++++++++++++++++++++ source3/passdb/pdb_samba_dsdb.c | 4 +-- source3/rpc_server/samr/srv_samr_chgpasswd.c | 8 ++---- source3/utils/ntlm_auth.c | 22 ++++++-------- source4/auth/ntlm/auth_sam.c | 5 ++-- source4/kdc/pac-glue.c | 10 +++---- source4/torture/dfs/domaindfs.c | 7 ++--- source4/torture/rpc/netlogon.c | 7 ++--- source4/torture/rpc/samlogon.c | 16 +++-------- 26 files changed, 131 insertions(+), 188 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 307be93..f8f3b16 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -1229,17 +1229,13 @@ krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context, { krb5_error_code ret; krb5_kt_cursor cursor; - krb5_kt_cursor zero_csr; krb5_keytab_entry kt_entry; - krb5_keytab_entry zero_kt_entry; char *ktprinc = NULL; krb5_kvno old_kvno = kvno - 1; TALLOC_CTX *tmp_ctx; ZERO_STRUCT(cursor); - ZERO_STRUCT(zero_csr); ZERO_STRUCT(kt_entry); - ZERO_STRUCT(zero_kt_entry); ret = krb5_kt_start_seq_get(context, keytab, &cursor); if (ret == KRB5_KT_END || ret == ENOENT ) { @@ -1374,10 +1370,10 @@ krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context, out: talloc_free(tmp_ctx); - if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) { + if (!all_zero((uint8_t *)&kt_entry, sizeof(kt_entry))) { smb_krb5_kt_free_entry(context, &kt_entry); } - if (memcmp(&cursor, &zero_csr, sizeof(krb5_kt_cursor)) != 0) { + if (!all_zero((uint8_t *)&cursor, sizeof(cursor))) { krb5_kt_end_seq_get(context, keytab, &cursor); } return ret; diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index 91f37b7..ddff5e9 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -512,7 +512,6 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede union netr_Validation *validation, bool do_encrypt) { - static const char zeros[16]; struct netr_SamBaseInfo *base = NULL; if (validation == NULL) { @@ -549,8 +548,7 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede /* they aren't encrypted! */ } else if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ - if (memcmp(base->key.key, zeros, - sizeof(base->key.key)) != 0) { + if (!all_zero(base->key.key, sizeof(base->key.key))) { if (do_encrypt) { netlogon_creds_aes_encrypt(creds, base->key.key, @@ -562,8 +560,8 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede } } - if (memcmp(base->LMSessKey.key, zeros, - sizeof(base->LMSessKey.key)) != 0) { + if (!all_zero(base->LMSessKey.key, + sizeof(base->LMSessKey.key))) { if (do_encrypt) { netlogon_creds_aes_encrypt(creds, base->LMSessKey.key, @@ -577,23 +575,22 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede } } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ - if (memcmp(base->key.key, zeros, - sizeof(base->key.key)) != 0) { + if (!all_zero(base->key.key, sizeof(base->key.key))) { netlogon_creds_arcfour_crypt(creds, base->key.key, sizeof(base->key.key)); } - if (memcmp(base->LMSessKey.key, zeros, - sizeof(base->LMSessKey.key)) != 0) { + if (!all_zero(base->LMSessKey.key, + sizeof(base->LMSessKey.key))) { netlogon_creds_arcfour_crypt(creds, base->LMSessKey.key, sizeof(base->LMSessKey.key)); } } else { /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ - if (memcmp(base->LMSessKey.key, zeros, - sizeof(base->LMSessKey.key)) != 0) { + if (!all_zero(base->LMSessKey.key, + sizeof(base->LMSessKey.key))) { if (do_encrypt) { netlogon_creds_des_encrypt_LMKey(creds, &base->LMSessKey); @@ -626,8 +623,6 @@ static void netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Credential union netr_LogonLevel *logon, bool do_encrypt) { - static const char zeros[16]; - if (logon == NULL) { return; } @@ -645,7 +640,7 @@ static void netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Credential uint8_t *h; h = logon->password->lmpassword.hash; - if (memcmp(h, zeros, 16) != 0) { + if (!all_zero(h, 16)) { if (do_encrypt) { netlogon_creds_aes_encrypt(creds, h, 16); } else { @@ -654,7 +649,7 @@ static void netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Credential } h = logon->password->ntpassword.hash; - if (memcmp(h, zeros, 16) != 0) { + if (!all_zero(h, 16)) { if (do_encrypt) { netlogon_creds_aes_encrypt(creds, h, 16); } else { @@ -665,19 +660,19 @@ static void netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Credential uint8_t *h; h = logon->password->lmpassword.hash; - if (memcmp(h, zeros, 16) != 0) { + if (!all_zero(h, 16)) { netlogon_creds_arcfour_crypt(creds, h, 16); } h = logon->password->ntpassword.hash; - if (memcmp(h, zeros, 16) != 0) { + if (!all_zero(h, 16)) { netlogon_creds_arcfour_crypt(creds, h, 16); } } else { struct samr_Password *p; p = &logon->password->lmpassword; - if (memcmp(p->hash, zeros, 16) != 0) { + if (!all_zero(p->hash, 16)) { if (do_encrypt) { netlogon_creds_des_encrypt(creds, p); } else { @@ -685,7 +680,7 @@ static void netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Credential } } p = &logon->password->ntpassword; - if (memcmp(p->hash, zeros, 16) != 0) { + if (!all_zero(p->hash, 16)) { if (do_encrypt) { netlogon_creds_des_encrypt(creds, p); } else { diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c index 7f91b52..d7fba34 100644 --- a/libcli/auth/ntlm_check.c +++ b/libcli/auth/ntlm_check.c @@ -293,7 +293,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, DATA_BLOB *user_sess_key, DATA_BLOB *lm_sess_key) { - const static uint8_t zeros[8]; DATA_BLOB tmp_sess_key; const char *upper_client_domain = NULL; @@ -314,8 +313,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, /* Check for cleartext netlogon. Used by Exchange 5.5. */ if ((logon_parameters & MSV1_0_CLEARTEXT_PASSWORD_ALLOWED) - && challenge->length == sizeof(zeros) - && (memcmp(challenge->data, zeros, challenge->length) == 0 )) { + && challenge->length == 8 + && (all_zero(challenge->data, challenge->length))) { struct samr_Password client_nt; struct samr_Password client_lm; char *unix_pw = NULL; diff --git a/libcli/samsync/decrypt.c b/libcli/samsync/decrypt.c index 117151e..66cc915 100644 --- a/libcli/samsync/decrypt.c +++ b/libcli/samsync/decrypt.c @@ -44,15 +44,12 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx, struct netr_DELTA_USER *user = delta->delta_union.user; struct samr_Password lm_hash; struct samr_Password nt_hash; - unsigned char zero_buf[16]; - - memset(zero_buf, '\0', sizeof(zero_buf)); /* Note that win2000 may send us all zeros * for the hashes if it doesn't * think this channel is secure enough. */ if (user->lm_password_present) { - if (memcmp(user->lmpassword.hash, zero_buf, 16) != 0) { + if (!all_zero(user->lmpassword.hash, 16)) { sam_rid_crypt(rid, user->lmpassword.hash, lm_hash.hash, 0); } else { memset(lm_hash.hash, '\0', sizeof(lm_hash.hash)); @@ -61,7 +58,7 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx, } if (user->nt_password_present) { - if (memcmp(user->ntpassword.hash, zero_buf, 16) != 0) { + if (!all_zero(user->ntpassword.hash, 16)) { sam_rid_crypt(rid, user->ntpassword.hash, nt_hash.hash, 0); } else { memset(nt_hash.hash, '\0', sizeof(nt_hash.hash)); @@ -90,8 +87,8 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx, * for the hashes if it doesn't * think this channel is secure enough. */ if (keys.keys.keys2.lmpassword.length == 16) { - if (memcmp(keys.keys.keys2.lmpassword.pwd.hash, - zero_buf, 16) != 0) { + if (!all_zero(keys.keys.keys2.lmpassword.pwd.hash, + 16)) { sam_rid_crypt(rid, keys.keys.keys2.lmpassword.pwd.hash, lm_hash.hash, 0); @@ -102,8 +99,8 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx, user->lm_password_present = true; } if (keys.keys.keys2.ntpassword.length == 16) { - if (memcmp(keys.keys.keys2.ntpassword.pwd.hash, - zero_buf, 16) != 0) { + if (!all_zero(keys.keys.keys2.ntpassword.pwd.hash, + 16)) { sam_rid_crypt(rid, keys.keys.keys2.ntpassword.pwd.hash, nt_hash.hash, 0); diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index e24090d..a7b24f0 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -3851,13 +3851,9 @@ static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn, } } if (signing_key) { - int cmp; - static const uint8_t zeros[16]; - - cmp = memcmp(inhdr+SMB2_HDR_SIGNATURE, - zeros, - 16); - if (cmp == 0) { + bool zero; + zero = all_zero(inhdr+SMB2_HDR_SIGNATURE, 16); + if (zero) { state->smb2.signing_skipped = true; signing_key = NULL; } diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c index ea082d1..ecc0511 100644 --- a/librpc/ndr/ndr_sec_helper.c +++ b/librpc/ndr/ndr_sec_helper.c @@ -128,13 +128,9 @@ size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags) size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags) { - struct dom_sid zero_sid; - if (!sid) return 0; - ZERO_STRUCT(zero_sid); - - if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { + if (all_zero((const uint8_t *)sid, sizeof(struct dom_sid))) { return 0; } @@ -287,8 +283,6 @@ enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct */ enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) { - struct dom_sid zero_sid; - if (!(ndr_flags & NDR_SCALARS)) { return NDR_ERR_SUCCESS; } @@ -297,9 +291,7 @@ enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const s return NDR_ERR_SUCCESS; } - ZERO_STRUCT(zero_sid); - - if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { + if (all_zero((const uint8_t *)sid, sizeof(struct dom_sid))) { return NDR_ERR_SUCCESS; } diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 25f27e8..ae6bfb3 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -811,7 +811,6 @@ static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx, static NTSTATUS make_new_session_info_guest(struct auth_session_info **session_info, struct auth_serversupplied_info **server_info) { - static const char zeros[16] = {0}; const char *guest_account = lp_guest_account(); const char *domain = lp_netbios_name(); struct netr_SamInfo3 info3; @@ -861,7 +860,7 @@ static NTSTATUS make_new_session_info_guest(struct auth_session_info **session_i /* annoying, but the Guest really does have a session key, and it is all zeros! */ - (*session_info)->session_key = data_blob(zeros, sizeof(zeros)); + (*session_info)->session_key = data_blob_talloc_zero(NULL, 16); status = NT_STATUS_OK; done: @@ -1358,8 +1357,6 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info **server_info, const struct netr_SamInfo3 *info3) { - static const char zeros[16] = {0, }; - NTSTATUS nt_status = NT_STATUS_OK; char *found_username = NULL; const char *nt_domain; @@ -1460,7 +1457,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, /* ensure we are never given NULL session keys */ - if (memcmp(info3->base.key.key, zeros, sizeof(zeros)) == 0) { + if (all_zero(info3->base.key.key, sizeof(info3->base.key.key))) { result->session_key = data_blob_null; } else { result->session_key = data_blob_talloc( @@ -1468,7 +1465,8 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, sizeof(info3->base.key.key)); } - if (memcmp(info3->base.LMSessKey.key, zeros, 8) == 0) { + if (all_zero(info3->base.LMSessKey.key, + sizeof(info3->base.LMSessKey.key))) { result->lm_session_key = data_blob_null; } else { result->lm_session_key = data_blob_talloc( diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c index cbcde08..53b6da5 100644 --- a/source3/auth/check_samsec.c +++ b/source3/auth/check_samsec.c @@ -322,7 +322,6 @@ static bool need_to_increment_bad_pw_count( username = pdb_get_username(sampass); for (i=1; i < MIN(MIN(3, policy_pwhistory_len), pwhistory_len); i++) { - static const uint8_t zero16[SALTED_MD5_HASH_LEN]; const uint8_t *salt; const uint8_t *nt_pw; NTSTATUS status; @@ -332,12 +331,12 @@ static bool need_to_increment_bad_pw_count( salt = &pwhistory[i*PW_HISTORY_ENTRY_LEN]; nt_pw = salt + PW_HISTORY_SALT_LEN; - if (memcmp(zero16, nt_pw, NT_HASH_LEN) == 0) { + if (all_zero(nt_pw, NT_HASH_LEN)) { /* skip zero password hash */ continue; } - if (memcmp(zero16, salt, PW_HISTORY_SALT_LEN) != 0) { + if (!all_zero(salt, PW_HISTORY_SALT_LEN)) { /* skip nonzero salt (old format entry) */ continue; } diff --git a/source3/include/proto.h b/source3/include/proto.h index 4535a14..642900e 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -324,7 +324,6 @@ const char *my_sam_name(void); enum protocol_types get_Protocol(void); void set_Protocol(enum protocol_types p); -bool all_zero(const uint8_t *ptr, size_t size); void gfree_names(void); void gfree_all( void ); const char *my_netbios_names(int i); diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c index 8c7c1c3..3c73b08 100644 --- a/source3/libads/kerberos_keytab.c +++ b/source3/libads/kerberos_keytab.c @@ -553,18 +553,10 @@ done: TALLOC_FREE(frame); if (context) { - krb5_keytab_entry zero_kt_entry; - krb5_kt_cursor zero_csr; - - ZERO_STRUCT(zero_kt_entry); - ZERO_STRUCT(zero_csr); - - if (memcmp(&zero_kt_entry, &kt_entry, - sizeof(krb5_keytab_entry))) { + if (!all_zero((uint8_t *)&kt_entry, sizeof(kt_entry))) { smb_krb5_kt_free_entry(context, &kt_entry); } - if ((memcmp(&cursor, &zero_csr, - sizeof(krb5_kt_cursor)) != 0) && keytab) { + if (!all_zero((uint8_t *)&cursor, sizeof(cursor)) && keytab) { krb5_kt_end_seq_get(context, keytab, &cursor); } if (keytab) { @@ -657,21 +649,11 @@ int ads_keytab_list(const char *keytab_name) ZERO_STRUCT(cursor); out: - { - krb5_keytab_entry zero_kt_entry; - ZERO_STRUCT(zero_kt_entry); - if (memcmp(&zero_kt_entry, &kt_entry, - sizeof(krb5_keytab_entry))) { - smb_krb5_kt_free_entry(context, &kt_entry); - } + if (!all_zero((uint8_t *)&kt_entry, sizeof(kt_entry))) { + smb_krb5_kt_free_entry(context, &kt_entry); } - { - krb5_kt_cursor zero_csr; - ZERO_STRUCT(zero_csr); - if ((memcmp(&cursor, &zero_csr, - sizeof(krb5_kt_cursor)) != 0) && keytab) { - krb5_kt_end_seq_get(context, keytab, &cursor); - } + if (!all_zero((uint8_t *)&cursor, sizeof(cursor)) && keytab) { + krb5_kt_end_seq_get(context, keytab, &cursor); } if (keytab) { diff --git a/source3/libnet/libnet_dssync_passdb.c b/source3/libnet/libnet_dssync_passdb.c index 99e65c2..8e2a459 100644 --- a/source3/libnet/libnet_dssync_passdb.c +++ b/source3/libnet/libnet_dssync_passdb.c @@ -1105,7 +1105,6 @@ static NTSTATUS sam_account_from_object(struct samu *account, TALLOC_CTX *mem_ctx = account; const char *old_string, *new_string; time_t unix_time, stored_time; - uchar zero_buf[16]; NTSTATUS status; NTTIME lastLogon; @@ -1134,8 +1133,6 @@ static NTSTATUS sam_account_from_object(struct samu *account, uint32_t acct_flags; uint32_t units_per_week; - memset(zero_buf, '\0', sizeof(zero_buf)); - objectSid = cur->object.identifier->sid; GET_STRING_EX(sAMAccountName, true); DEBUG(0,("sam_account_from_object(%s, %s) start\n", @@ -1329,11 +1326,11 @@ static NTSTATUS sam_account_from_object(struct samu *account, think this channel is secure enough - don't set the passwords at all in that case */ - if (dBCSPwd.length == 16 && memcmp(dBCSPwd.data, zero_buf, 16) != 0) { + if (dBCSPwd.length == 16 && !all_zero(dBCSPwd.data, 16)) { pdb_set_lanman_passwd(account, dBCSPwd.data, PDB_CHANGED); } - if (unicodePwd.length == 16 && memcmp(unicodePwd.data, zero_buf, 16) != 0) { + if (unicodePwd.length == 16 && !all_zero(unicodePwd.data, 16)) { pdb_set_nt_passwd(account, unicodePwd.data, PDB_CHANGED); } diff --git a/source3/libnet/libnet_keytab.h b/source3/libnet/libnet_keytab.h index 43071ce..df6e957 100644 --- a/source3/libnet/libnet_keytab.h +++ b/source3/libnet/libnet_keytab.h @@ -35,7 +35,6 @@ struct libnet_keytab_context { const char *keytab_name; struct ads_struct *ads; const char *dns_domain_name; - uint8_t zero_buf[16]; uint32_t count; struct libnet_keytab_entry *entries; bool clean_old_entries; diff --git a/source3/libnet/libnet_samsync_display.c b/source3/libnet/libnet_samsync_display.c index 034a23f..040742d 100644 --- a/source3/libnet/libnet_samsync_display.c +++ b/source3/libnet/libnet_samsync_display.c @@ -60,19 +60,17 @@ static void display_account_info(uint32_t rid, struct netr_DELTA_USER *r) { fstring hex_nt_passwd, hex_lm_passwd; - uchar zero_buf[16]; - memset(zero_buf, '\0', sizeof(zero_buf)); /* Decode hashes from password hash (if they are not NULL) */ - if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { + if (!all_zero(r->lmpassword.hash, 16)) { pdb_sethexpwd(hex_lm_passwd, r->lmpassword.hash, r->acct_flags); } else { pdb_sethexpwd(hex_lm_passwd, NULL, 0); } - if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { + if (!all_zero(r->ntpassword.hash, 16)) { -- Samba Shared Repository