summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-12-27 19:39:32 +1100
committerStefan Metzmacher <metze@samba.org>2012-01-06 14:59:12 +0100
commitfd69ebda26ab62333202de51d3e392af1978c544 (patch)
tree9707a6d2a73dadd9ab66fbf599fa909f6bc6259a /source3/libsmb
parent60c66118b3a076aee59e581a263c045a205e5ed5 (diff)
downloadsamba-fd69ebda26ab62333202de51d3e392af1978c544.tar.gz
samba-fd69ebda26ab62333202de51d3e392af1978c544.tar.bz2
samba-fd69ebda26ab62333202de51d3e392af1978c544.zip
s3-ntlmssp Remove unused ntlmssp_set_hashes() and do not set an invalid LM hash
When E_deshash() returns false, it indicates that the password is either > 14 chars in length, or could not be represented as an LM hash value for some other reason. In this case, we should not regard the LM hash being missing as an error or a no-password situation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Jan 6 14:59:13 CET 2012 on sn-devel-104
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/ntlmssp.c48
1 files changed, 21 insertions, 27 deletions
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 866ce9218b..989f26b458 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -109,41 +109,35 @@ NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *u
}
/**
- * Store NT and LM hashes on an NTLMSSP context - ensures they are talloc()ed
- *
- */
-NTSTATUS ntlmssp_set_hashes(struct ntlmssp_state *ntlmssp_state,
- const uint8_t lm_hash[16],
- const uint8_t nt_hash[16])
-{
- ntlmssp_state->lm_hash = (uint8_t *)
- talloc_memdup(ntlmssp_state, lm_hash, 16);
- ntlmssp_state->nt_hash = (uint8_t *)
- talloc_memdup(ntlmssp_state, nt_hash, 16);
- if (!ntlmssp_state->lm_hash || !ntlmssp_state->nt_hash) {
- TALLOC_FREE(ntlmssp_state->lm_hash);
- TALLOC_FREE(ntlmssp_state->nt_hash);
- return NT_STATUS_NO_MEMORY;
- }
- return NT_STATUS_OK;
-}
-
-/**
* Converts a password to the hashes on an NTLMSSP context.
*
*/
NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *password)
{
+ TALLOC_FREE(ntlmssp_state->lm_hash);
+ TALLOC_FREE(ntlmssp_state->nt_hash);
if (!password) {
- ntlmssp_state->lm_hash = NULL;
- ntlmssp_state->nt_hash = NULL;
+ return NT_STATUS_OK;
} else {
uint8_t lm_hash[16];
uint8_t nt_hash[16];
- E_deshash(password, lm_hash);
+ if (E_deshash(password, lm_hash)) {
+ ntlmssp_state->lm_hash = (uint8_t *)
+ talloc_memdup(ntlmssp_state, lm_hash, 16);
+ if (!ntlmssp_state->lm_hash) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
E_md4hash(password, nt_hash);
- return ntlmssp_set_hashes(ntlmssp_state, lm_hash, nt_hash);
+
+ ntlmssp_state->nt_hash = (uint8_t *)
+ talloc_memdup(ntlmssp_state, nt_hash, 16);
+ if (!ntlmssp_state->nt_hash) {
+ TALLOC_FREE(ntlmssp_state->lm_hash);
+ return NT_STATUS_NO_MEMORY;
+ }
}
return NT_STATUS_OK;
}
@@ -593,7 +587,7 @@ noccache:
return NT_STATUS_INVALID_PARAMETER;
}
- if (!ntlmssp_state->nt_hash || !ntlmssp_state->lm_hash) {
+ if (!ntlmssp_state->nt_hash) {
static const uint8_t zeros[16] = {0, };
/* do nothing - blobs are zero length */
@@ -657,7 +651,7 @@ noccache:
dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length);
} else {
/* lanman auth is insecure, it may be disabled */
- if (lp_client_lanman_auth()) {
+ if (lp_client_lanman_auth() && ntlmssp_state->lm_hash) {
lm_response = data_blob_talloc(ntlmssp_state,
NULL, 24);
SMBencrypt_hash(ntlmssp_state->lm_hash,challenge_blob.data,
@@ -670,7 +664,7 @@ noccache:
session_key = data_blob_talloc(ntlmssp_state, NULL, 16);
if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
- && lp_client_lanman_auth()) {
+ && lp_client_lanman_auth() && ntlmssp_state->lm_hash) {
SMBsesskeygen_lm_sess_key(ntlmssp_state->lm_hash, lm_response.data,
session_key.data);
dump_data_pw("LM session key\n", session_key.data, session_key.length);