diff options
author | Luke Leighton <lkcl@samba.org> | 1999-06-29 18:47:06 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1999-06-29 18:47:06 +0000 |
commit | 73891ca8e4f6cca6aa8bb0ae043f660a64baa056 (patch) | |
tree | 9ed22c56d9f3eeac6608f25971e7b29f8006ae79 /source3/rpc_server/srv_pipe.c | |
parent | 1dc6c6c7ca54578d9e6040a9d4d5e509f1ad3af3 (diff) | |
download | samba-73891ca8e4f6cca6aa8bb0ae043f660a64baa056.tar.gz samba-73891ca8e4f6cca6aa8bb0ae043f660a64baa056.tar.bz2 samba-73891ca8e4f6cca6aa8bb0ae043f660a64baa056.zip |
improving authentication code (tidyup).
(This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7)
Diffstat (limited to 'source3/rpc_server/srv_pipe.c')
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 38 |
1 files changed, 25 insertions, 13 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index d98fecbc1f..3e5d986935 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -208,7 +208,9 @@ BOOL create_rpc_reply(pipes_struct *p, static BOOL api_pipe_ntlmssp_verify(pipes_struct *p) { uchar lm_owf[24]; - uchar nt_owf[24]; + uchar nt_owf[128]; + size_t lm_owf_len; + size_t nt_owf_len; struct smb_passwd *smb_pass = NULL; user_struct *vuser = get_valid_user_struct(p->vuid); @@ -221,12 +223,29 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p) return False; } - if (p->ntlmssp_resp.hdr_lm_resp.str_str_len == 0) return False; - if (p->ntlmssp_resp.hdr_nt_resp.str_str_len == 0) return False; + lm_owf_len = p->ntlmssp_resp.hdr_lm_resp.str_str_len; + nt_owf_len = p->ntlmssp_resp.hdr_nt_resp.str_str_len; + + + if (lm_owf_len == 0) return False; + if (nt_owf_len == 0) return False; if (p->ntlmssp_resp.hdr_usr .str_str_len == 0) return False; if (p->ntlmssp_resp.hdr_domain .str_str_len == 0) return False; if (p->ntlmssp_resp.hdr_wks .str_str_len == 0) return False; + if (lm_owf_len > sizeof(lm_owf)) return False; + if (nt_owf_len > sizeof(nt_owf)) return False; + + memcpy(lm_owf, p->ntlmssp_resp.lm_resp, sizeof(lm_owf)); + memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf)); + +#ifdef DEBUG_PASSWORD + DEBUG(100,("lm, nt owfs, chal\n")); + dump_data(100, lm_owf, sizeof(lm_owf)); + dump_data(100, nt_owf, sizeof(nt_owf)); + dump_data(100, p->ntlmssp_chal.challenge, 8); +#endif + memset(p->user_name, 0, sizeof(p->user_name)); memset(p->domain , 0, sizeof(p->domain )); memset(p->wks , 0, sizeof(p->wks )); @@ -252,19 +271,12 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p) DEBUG(5,("user: %s domain: %s wks: %s\n", p->user_name, p->domain, p->wks)); - memcpy(lm_owf, p->ntlmssp_resp.lm_resp, sizeof(lm_owf)); - memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf)); - -#ifdef DEBUG_PASSWORD - DEBUG(100,("lm, nt owfs, chal\n")); - dump_data(100, lm_owf, sizeof(lm_owf)); - dump_data(100, nt_owf, sizeof(nt_owf)); - dump_data(100, p->ntlmssp_chal.challenge, 8); -#endif become_root(True); p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain, (uchar*)p->ntlmssp_chal.challenge, - lm_owf, nt_owf, NULL, vuser->dc.user_sess_key); + lm_owf, lm_owf_len, + nt_owf, nt_owf_len, + NULL, vuser->dc.user_sess_key); smb_pass = getsmbpwnam(p->user_name); unbecome_root(True); |