The branch, master has been updated via 27e43e1 auth/ntlmssp: make ntlmssp_server_check_password() shorter via c6b37a0 auth/ntlmssp: remove useless talloc_steal calls in ntlmssp_server_check_password() via ebb63e1 s4:dsdb/samdb: pass an existing 'struct ldb_context' to crack_auto_name_to_nt4_name() via f054130 s4:dsdb/samdb: pass an existing 'struct ldb_context' to crack_name_to_nt4_name() via bfb25f9 s4:auth/unix_token: remove unused tevent_context from auth_session_info_fill_unix() via a2efaef s4:auth/unix_token: remove unused tevent_context from security_token_to_unix_token() via d254984 s3:smbd: call auth_check_password_session_info() only in one central place via fc41aeb s3:smbd: introduce a reply_sesssetup_and_X_state via c990d2b s3:smbd: inline check_guest_password() into reply_sesssetup_and_X() via 5810f74 s3:smbd: only set user_info->auth_description on success via 823bc4c pidl:NDR/Parser: initialize [skip] values in ndr_pull_* via 5a08c98 ntprinting.idl: make use of [skip_noinit] for string_flags via b922472 pidl:NDR/Parser: add "skip_noinit" element via 3bc6b55 pidl:NDR/Parser: fix "skip" for pointers from 2fa069e ctdb-scripts: Don't send empty argument string to logger
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 27e43e1d0c35550e227c127f3c857fa4420cc8dc Author: Stefan Metzmacher <me...@samba.org> Date: Fri Jun 16 17:11:17 2017 +0200 auth/ntlmssp: make ntlmssp_server_check_password() shorter We move as must as possible into ntlmssp_server_{pre,post}auth(). Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Mon Jun 26 13:07:30 CEST 2017 on sn-devel-144 commit c6b37a0e1dff557ca8e200b47eff50d89c180e30 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Jun 16 18:03:11 2017 +0200 auth/ntlmssp: remove useless talloc_steal calls in ntlmssp_server_check_password() We only create a temporary auth_usersupplied_info structure and pass it down as const, lets keep the values on ntlmssp_state otherwise we may derefence stale pointers. We finally free the memory at the end of ntlmssp_server_postauth() now. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit ebb63e1cb3a40b3af691c56dd0ae2c6cfdccf9ec Author: Stefan Metzmacher <me...@samba.org> Date: Mon Jun 19 08:39:19 2017 +0200 s4:dsdb/samdb: pass an existing 'struct ldb_context' to crack_auto_name_to_nt4_name() There's no point in creating a temporary ldb_context as the only callers already have a valid struct ldb_context for the local sam. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit f0541309d77e51e1169d6a534b5e11bd3a24d4cd Author: Stefan Metzmacher <me...@samba.org> Date: Mon Jun 19 08:39:19 2017 +0200 s4:dsdb/samdb: pass an existing 'struct ldb_context' to crack_name_to_nt4_name() There's no point in creating a temporary ldb_context as all direct callers already have a valid struct ldb_context for the local sam. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit bfb25f92aac335d2b96ae5353fbeacf90bbdcb43 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Jun 19 08:26:26 2017 +0200 s4:auth/unix_token: remove unused tevent_context from auth_session_info_fill_unix() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit a2efaef15fc0311111a83a2bfc8f80490f2ea051 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Jun 19 08:26:26 2017 +0200 s4:auth/unix_token: remove unused tevent_context from security_token_to_unix_token() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d254984d371bb614e11c6ed13a58e1921813a4ff Author: Stefan Metzmacher <me...@samba.org> Date: Sun Jun 18 12:53:05 2017 +0200 s3:smbd: call auth_check_password_session_info() only in one central place Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit fc41aebf452e80869d80e3f0d6f3c7dfea65da01 Author: Stefan Metzmacher <me...@samba.org> Date: Sun Jun 18 12:48:11 2017 +0200 s3:smbd: introduce a reply_sesssetup_and_X_state Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit c990d2bd1c37e95c9e38540148cde37542aaf36f Author: Stefan Metzmacher <me...@samba.org> Date: Sun Jun 18 12:08:58 2017 +0200 s3:smbd: inline check_guest_password() into reply_sesssetup_and_X() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 5810f7468bc0c2592056d100f3174e6e2342b3b5 Author: Stefan Metzmacher <me...@samba.org> Date: Sun Jun 18 12:06:10 2017 +0200 s3:smbd: only set user_info->auth_description on success Otherwise we'll derefence a NULL pointer. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 823bc4c07add242a5a1d0cd25942ebaab3cd0e23 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Jun 13 09:57:33 2017 +0200 pidl:NDR/Parser: initialize [skip] values in ndr_pull_* It's too dangerous to leave values uninitialzed! [skip_noinit] can be used if required. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> commit 5a08c9887cb3e9354ed697c649d5f9965436fe50 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jun 21 15:11:28 2017 +0200 ntprinting.idl: make use of [skip_noinit] for string_flags Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> commit b922472fd683235fde3abc69ee09d9d8bfdb8644 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jun 21 15:05:35 2017 +0200 pidl:NDR/Parser: add "skip_noinit" element In future "skip" will be changed to initialize the element with ZERO_STRUCT() on ndr_pull_*. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> commit 3bc6b55385894691792962ecc15978a3b158eca4 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Jun 19 12:15:21 2017 +0200 pidl:NDR/Parser: fix "skip" for pointers We should handle the "skip" at the element level before we traverse trough the element levels. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> ----------------------------------------------------------------------- Summary of changes: auth/ntlmssp/ntlmssp_server.c | 109 ++++++++------- librpc/idl/ntprinting.idl | 8 +- pidl/lib/Parse/Pidl/NDR.pm | 1 + pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 43 ++++-- source3/smbd/sesssetup.c | 225 ++++++++++++++----------------- source4/auth/ntlm/auth.c | 6 +- source4/auth/ntlm/auth_sam.c | 3 +- source4/auth/ntlm/auth_simple.c | 4 +- source4/auth/ntlm/auth_winbind.c | 3 +- source4/auth/unix_token.c | 6 +- source4/dsdb/samdb/cracknames.c | 14 +- source4/ntvfs/unixuid/vfs_unixuid.c | 4 +- source4/rpc_server/lsa/lsa_lookup.c | 5 +- 13 files changed, 216 insertions(+), 215 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c index c525a93..e17074e 100644 --- a/auth/ntlmssp/ntlmssp_server.c +++ b/auth/ntlmssp/ntlmssp_server.c @@ -294,6 +294,7 @@ NTSTATUS gensec_ntlmssp_server_negotiate(struct gensec_security *gensec_security } struct ntlmssp_server_auth_state { + struct auth_usersupplied_info *user_info; DATA_BLOB user_session_key; DATA_BLOB lm_session_key; /* internal variables used by KEY_EXCH (client-supplied user session key */ @@ -318,6 +319,7 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_security *gensec_security, { struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state; struct auth4_context *auth_context = gensec_security->auth_context; + struct auth_usersupplied_info *user_info = NULL; uint32_t ntlmssp_command, auth_flags; NTSTATUS nt_status; const unsigned int version_len = 8; @@ -686,27 +688,8 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_security *gensec_security, ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY; } } - return NT_STATUS_OK; -} - -/** - * Check the password on an NTLMSSP login. - * - * Return the session keys used on the connection. - */ -static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_security, - struct gensec_ntlmssp_context *gensec_ntlmssp, - TALLOC_CTX *mem_ctx, - DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) -{ - struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state; - struct auth4_context *auth_context = gensec_security->auth_context; - NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; - struct auth_session_info *session_info = NULL; - struct auth_usersupplied_info *user_info; - - user_info = talloc_zero(ntlmssp_state, struct auth_usersupplied_info); + user_info = talloc_zero(state, struct auth_usersupplied_info); if (!user_info) { return NT_STATUS_NO_MEMORY; } @@ -732,9 +715,26 @@ static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_sec user_info->password_state = AUTH_PASSWORD_RESPONSE; user_info->password.response.lanman = ntlmssp_state->lm_resp; - user_info->password.response.lanman.data = talloc_steal(user_info, ntlmssp_state->lm_resp.data); user_info->password.response.nt = ntlmssp_state->nt_resp; - user_info->password.response.nt.data = talloc_steal(user_info, ntlmssp_state->nt_resp.data); + + state->user_info = user_info; + return NT_STATUS_OK; +} + +/** + * Check the password on an NTLMSSP login. + * + * Return the session keys used on the connection. + */ + +static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_security, + struct gensec_ntlmssp_context *gensec_ntlmssp, + const struct auth_usersupplied_info *user_info, + TALLOC_CTX *mem_ctx, + DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) +{ + struct auth4_context *auth_context = gensec_security->auth_context; + NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; if (auth_context->check_ntlm_password) { uint8_t authoritative = 0; @@ -750,10 +750,37 @@ static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_sec if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(5, (__location__ ": Checking NTLMSSP password for %s\\%s failed: %s\n", user_info->client.domain_name, user_info->client.account_name, nt_errstr(nt_status))); } - TALLOC_FREE(user_info); - NT_STATUS_NOT_OK_RETURN(nt_status); + talloc_steal(mem_ctx, user_session_key->data); + talloc_steal(mem_ctx, lm_session_key->data); + + return nt_status; +} + +/** + * Next state function for the Authenticate packet + * (after authentication - figures out the session keys etc) + * + * @param ntlmssp_state NTLMSSP State + * @return Errors or NT_STATUS_OK. + */ + +static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security, + struct gensec_ntlmssp_context *gensec_ntlmssp, + struct ntlmssp_server_auth_state *state, + DATA_BLOB request) +{ + struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state; + struct auth4_context *auth_context = gensec_security->auth_context; + DATA_BLOB user_session_key = state->user_session_key; + DATA_BLOB lm_session_key = state->lm_session_key; + NTSTATUS nt_status = NT_STATUS_OK; + DATA_BLOB session_key = data_blob(NULL, 0); + struct auth_session_info *session_info = NULL; + + TALLOC_FREE(state->user_info); + if (lpcfg_map_to_guest(gensec_security->settings->lp_ctx) != NEVER_MAP_TO_GUEST && auth_context->generate_session_info != NULL) { @@ -762,7 +789,7 @@ static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_sec /* * We need to check if the auth is anonymous or mapped to guest */ - tmp_status = auth_context->generate_session_info(auth_context, mem_ctx, + tmp_status = auth_context->generate_session_info(auth_context, state, gensec_ntlmssp->server_returned_info, gensec_ntlmssp->ntlmssp_state->user, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, @@ -790,31 +817,6 @@ static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_sec TALLOC_FREE(session_info); } - talloc_steal(mem_ctx, user_session_key->data); - talloc_steal(mem_ctx, lm_session_key->data); - - return nt_status; -} - -/** - * Next state function for the Authenticate packet - * (after authentication - figures out the session keys etc) - * - * @param ntlmssp_state NTLMSSP State - * @return Errors or NT_STATUS_OK. - */ - -static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security, - struct gensec_ntlmssp_context *gensec_ntlmssp, - struct ntlmssp_server_auth_state *state, - DATA_BLOB request) -{ - struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state; - DATA_BLOB user_session_key = state->user_session_key; - DATA_BLOB lm_session_key = state->lm_session_key; - NTSTATUS nt_status = NT_STATUS_OK; - DATA_BLOB session_key = data_blob(NULL, 0); - dump_data_pw("NT session key:\n", user_session_key.data, user_session_key.length); dump_data_pw("LM first-8:\n", lm_session_key.data, lm_session_key.length); @@ -977,6 +979,11 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security, nt_status = ntlmssp_sign_init(ntlmssp_state); } + data_blob_clear_free(&ntlmssp_state->internal_chal); + data_blob_clear_free(&ntlmssp_state->chal); + data_blob_clear_free(&ntlmssp_state->lm_resp); + data_blob_clear_free(&ntlmssp_state->nt_resp); + ntlmssp_state->expected_state = NTLMSSP_DONE; return nt_status; @@ -1026,7 +1033,7 @@ NTSTATUS gensec_ntlmssp_server_auth(struct gensec_security *gensec_security, /* Finally, actually ask if the password is OK */ nt_status = ntlmssp_server_check_password(gensec_security, gensec_ntlmssp, - state, + state->user_info, state, &state->user_session_key, &state->lm_session_key); if (!NT_STATUS_IS_OK(nt_status)) { diff --git a/librpc/idl/ntprinting.idl b/librpc/idl/ntprinting.idl index 8152144..30af141 100644 --- a/librpc/idl/ntprinting.idl +++ b/librpc/idl/ntprinting.idl @@ -36,7 +36,7 @@ interface ntprinting * "dffffffff" followed by a remaining buffer of "f" array */ typedef [flag(NDR_NOALIGN),public] struct { - [skip] uint32 string_flags; + [skip_noinit] uint32 string_flags; uint32 version; [flag(ndr_ntprinting_string_flags(r->string_flags))] string name; @@ -61,7 +61,7 @@ interface ntprinting * "B" private data blob */ typedef [flag(NDR_NOALIGN),public] struct { - [skip] uint32 string_flags; + [skip_noinit] uint32 string_flags; /* uint32 devicemode_ptr; */ [flag(ndr_ntprinting_string_flags(r->string_flags))] string devicename; @@ -108,7 +108,7 @@ interface ntprinting * "fdB" */ typedef [flag(NDR_NOALIGN),public] struct { - [skip] uint32 string_flags; + [skip_noinit] uint32 string_flags; uint32 ptr; [flag(ndr_ntprinting_string_flags(r->string_flags))] string name; @@ -123,7 +123,7 @@ interface ntprinting */ typedef [flag(NDR_NOALIGN),public] struct { - [skip] uint32 string_flags; + [skip_noinit] uint32 string_flags; uint32 attributes; uint32 priority; diff --git a/pidl/lib/Parse/Pidl/NDR.pm b/pidl/lib/Parse/Pidl/NDR.pm index 4659e31..003156e 100644 --- a/pidl/lib/Parse/Pidl/NDR.pm +++ b/pidl/lib/Parse/Pidl/NDR.pm @@ -1104,6 +1104,7 @@ my %property_list = ( "nopython" => ["FUNCTION", "TYPEDEF", "STRUCT", "UNION", "ENUM", "BITMAP"], "todo" => ["FUNCTION"], "skip" => ["ELEMENT"], + "skip_noinit" => ["ELEMENT"], # union "switch_is" => ["ELEMENT"], diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 87ef6ce..7a73126 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -721,6 +721,11 @@ sub ParseElementPush($$$$$$) my $var_name = $env->{$e->{NAME}}; + if (has_property($e, "skip") or has_property($e, "skip_noinit")) { + $self->pidl("/* [skip] '$var_name' */"); + return; + } + return if ContainsPipe($e, $e->{LEVELS}[0]); return unless $primitives or ($deferred and ContainsDeferred($e, $e->{LEVELS}[0])); @@ -983,11 +988,7 @@ sub ParseDataPull($$$$$$$) $var_name = get_pointer_to($var_name); - if (has_property($e, "skip")) { - $self->pidl("/* [skip] '$var_name' */"); - } else { - $self->pidl("NDR_CHECK(".TypeFunctionName("ndr_pull", $l->{DATA_TYPE})."($ndr, $ndr_flags, $var_name));"); - } + $self->pidl("NDR_CHECK(".TypeFunctionName("ndr_pull", $l->{DATA_TYPE})."($ndr, $ndr_flags, $var_name));"); my $pl = GetPrevLevel($e, $l); @@ -1025,11 +1026,7 @@ sub ParseDataPush($$$$$$$) $var_name = get_pointer_to($var_name); } - if (has_property($e, "skip")) { - $self->pidl("/* [skip] '$var_name' */"); - } else { - $self->pidl("NDR_CHECK(".TypeFunctionName("ndr_push", $l->{DATA_TYPE})."($ndr, $ndr_flags, $var_name));"); - } + $self->pidl("NDR_CHECK(".TypeFunctionName("ndr_push", $l->{DATA_TYPE})."($ndr, $ndr_flags, $var_name));"); } else { $self->ParseTypePush($l->{DATA_TYPE}, $ndr, $var_name, $primitives, $deferred); } @@ -1129,6 +1126,14 @@ sub ParseElementPullLevel my $ndr_flags = CalcNdrFlags($l, $primitives, $deferred); my $array_length = undef; + if (has_property($e, "skip") or has_property($e, "skip_noinit")) { + $self->pidl("/* [skip] '$var_name' */"); + if (not has_property($e, "skip_noinit")) { + $self->pidl("ZERO_STRUCT($var_name);"); + } + return; + } + if ($l->{TYPE} eq "ARRAY" and ($l->{IS_VARYING} or $l->{IS_CONFORMANT})) { $var_name = get_pointer_to($var_name); } @@ -1652,6 +1657,11 @@ sub ParseStructPrint($$$$$) sub DeclarePtrVariables($$) { my ($self,$e) = @_; + + if (has_property($e, "skip") or has_property($e, "skip_noinit")) { + return; + } + foreach my $l (@{$e->{LEVELS}}) { my $size = 32; if ($l->{TYPE} eq "POINTER" and @@ -1669,6 +1679,10 @@ sub DeclareArrayVariables($$;$) { my ($self,$e,$pull) = @_; + if (has_property($e, "skip") or has_property($e, "skip_noinit")) { + return; + } + foreach my $l (@{$e->{LEVELS}}) { next if ($l->{TYPE} ne "ARRAY"); if (defined($pull)) { @@ -1687,6 +1701,10 @@ sub DeclareArrayVariablesNoZero($$$) { my ($self,$e,$env) = @_; + if (has_property($e, "skip") or has_property($e, "skip_noinit")) { + return; + } + foreach my $l (@{$e->{LEVELS}}) { next if ($l->{TYPE} ne "ARRAY"); next if has_fast_array($e,$l); @@ -1703,6 +1721,11 @@ sub DeclareArrayVariablesNoZero($$$) sub DeclareMemCtxVariables($$) { my ($self,$e) = @_; + + if (has_property($e, "skip") or has_property($e, "skip_noinit")) { + return; + } + foreach my $l (@{$e->{LEVELS}}) { my $mem_flags = $self->ParseMemCtxPullFlags($e, $l); diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index a44af7f..e1fc7fd 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -75,45 +75,6 @@ static int push_signature(uint8_t **outbuf) } /**************************************************************************** - Do a 'guest' logon, getting back the -****************************************************************************/ - -static NTSTATUS check_guest_password(const struct tsocket_address *remote_address, - const struct tsocket_address *local_address, - TALLOC_CTX *mem_ctx, - struct auth_session_info **session_info) -{ - struct auth4_context *auth_context; - struct auth_usersupplied_info *user_info = NULL; - uint8_t chal[8]; - NTSTATUS nt_status; - - DEBUG(3,("Got anonymous request\n")); - - nt_status = make_auth4_context(talloc_tos(), &auth_context); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - - auth_context->get_ntlm_challenge(auth_context, - chal); - - if (!make_user_info_guest(talloc_tos(), remote_address, local_address, - "SMB", &user_info)) { - TALLOC_FREE(auth_context); - return NT_STATUS_NO_MEMORY; - } - - user_info->auth_description = "guest"; - - nt_status = auth_check_password_session_info(auth_context, - mem_ctx, user_info, session_info); - TALLOC_FREE(user_info); - TALLOC_FREE(auth_context); - return nt_status; -} - -/**************************************************************************** Reply to a session setup command. conn POINTER CAN BE NULL HERE ! ****************************************************************************/ @@ -594,21 +555,36 @@ static void setup_new_vc_session(struct smbd_server_connection *sconn) Reply to a session setup command. ****************************************************************************/ +struct reply_sesssetup_and_X_state { + struct smb_request *req; + struct auth4_context *auth_context; + struct auth_usersupplied_info *user_info; + const char *user; + const char *domain; + DATA_BLOB lm_resp; + DATA_BLOB nt_resp; + DATA_BLOB plaintext_password; +}; + +static int reply_sesssetup_and_X_state_destructor( + struct reply_sesssetup_and_X_state *state) +{ + data_blob_clear_free(&state->nt_resp); + data_blob_clear_free(&state->lm_resp); + data_blob_clear_free(&state->plaintext_password); + return 0; +} + void reply_sesssetup_and_X(struct smb_request *req) { + struct reply_sesssetup_and_X_state *state = NULL; uint64_t sess_vuid; uint16_t smb_bufsize; - DATA_BLOB lm_resp; - DATA_BLOB nt_resp; - DATA_BLOB plaintext_password; char *tmp; - const char *user; fstring sub_user; /* Sanitised username for substituion */ - const char *domain; const char *native_os; const char *native_lanman; const char *primary_domain; - struct auth_usersupplied_info *user_info = NULL; struct auth_session_info *session_info = NULL; uint16_t smb_flag2 = req->flags2; uint16_t action = 0; @@ -625,12 +601,17 @@ void reply_sesssetup_and_X(struct smb_request *req) START_PROFILE(SMBsesssetupX); - ZERO_STRUCT(lm_resp); - ZERO_STRUCT(nt_resp); - ZERO_STRUCT(plaintext_password); - DEBUG(3,("wct=%d flg2=0x%x\n", req->wct, req->flags2)); + state = talloc_zero(req, struct reply_sesssetup_and_X_state); + if (state == NULL) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + END_PROFILE(SMBsesssetupX); + return; + } + state->req = req; + talloc_set_destructor(state, reply_sesssetup_and_X_state_destructor); + if (req->flags2 & FLAGS2_SMB_SECURITY_SIGNATURES) { signing_allowed = true; } @@ -688,18 +669,22 @@ void reply_sesssetup_and_X(struct smb_request *req) } if (doencrypt) { - lm_resp = data_blob(req->buf, passlen1); + state->lm_resp = data_blob_talloc(state, + req->buf, + passlen1); } else { - plaintext_password = data_blob(req->buf, passlen1+1); + state->plaintext_password = data_blob_talloc(state, + req->buf, + passlen1+1); /* Ensure null termination */ - plaintext_password.data[passlen1] = 0; + state->plaintext_password.data[passlen1] = 0; } - srvstr_pull_req_talloc(talloc_tos(), req, &tmp, + srvstr_pull_req_talloc(state, req, &tmp, req->buf + passlen1, STR_TERMINATE); - user = tmp ? tmp : ""; + state->user = tmp ? tmp : ""; - domain = ""; + state->domain = ""; } else { uint16_t passlen1 = SVAL(req->vwv+7, 0); @@ -774,15 +759,15 @@ void reply_sesssetup_and_X(struct smb_request *req) } if (doencrypt) { - lm_resp = data_blob(p, passlen1); - nt_resp = data_blob(p+passlen1, passlen2); + state->lm_resp = data_blob_talloc(state, p, passlen1); + state->nt_resp = data_blob_talloc(state, p+passlen1, passlen2); } else { char *pass = NULL; bool unic= smb_flag2 & FLAGS2_UNICODE_STRINGS; if (unic && (passlen2 == 0) && passlen1) { /* Only a ascii plaintext password was sent. */ - (void)srvstr_pull_talloc(talloc_tos(), + (void)srvstr_pull_talloc(state, req->inbuf, req->flags2, &pass, @@ -790,7 +775,7 @@ void reply_sesssetup_and_X(struct smb_request *req) passlen1, -- Samba Shared Repository