diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-12-27 19:39:32 +1100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2012-01-06 14:59:12 +0100 |
commit | fd69ebda26ab62333202de51d3e392af1978c544 (patch) | |
tree | 9707a6d2a73dadd9ab66fbf599fa909f6bc6259a /source3 | |
parent | 60c66118b3a076aee59e581a263c045a205e5ed5 (diff) | |
download | samba-fd69ebda26ab62333202de51d3e392af1978c544.tar.gz samba-fd69ebda26ab62333202de51d3e392af1978c544.tar.bz2 samba-fd69ebda26ab62333202de51d3e392af1978c544.zip |
s3-ntlmssp Remove unused ntlmssp_set_hashes() and do not set an invalid LM hash
When E_deshash() returns false, it indicates that the password is either > 14 chars
in length, or could not be represented as an LM hash value for some other
reason. In this case, we should not regard the LM hash being missing
as an error or a no-password situation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jan 6 14:59:13 CET 2012 on sn-devel-104
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/proto.h | 3 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp.c | 48 |
2 files changed, 21 insertions, 30 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 7a7f60a765..9dcd334404 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1079,9 +1079,6 @@ bool get_dc_name(const char *domain, /* The following definitions come from libsmb/ntlmssp.c */ struct ntlmssp_state; NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *user) ; -NTSTATUS ntlmssp_set_hashes(struct ntlmssp_state *ntlmssp_state, - const uint8_t lm_hash[16], - const uint8_t nt_hash[16]) ; NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *password) ; NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *domain) ; void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *feature_list); diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index 866ce9218b..989f26b458 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -109,41 +109,35 @@ NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *u } /** - * Store NT and LM hashes on an NTLMSSP context - ensures they are talloc()ed - * - */ -NTSTATUS ntlmssp_set_hashes(struct ntlmssp_state *ntlmssp_state, - const uint8_t lm_hash[16], - const uint8_t nt_hash[16]) -{ - ntlmssp_state->lm_hash = (uint8_t *) - talloc_memdup(ntlmssp_state, lm_hash, 16); - ntlmssp_state->nt_hash = (uint8_t *) - talloc_memdup(ntlmssp_state, nt_hash, 16); - if (!ntlmssp_state->lm_hash || !ntlmssp_state->nt_hash) { - TALLOC_FREE(ntlmssp_state->lm_hash); - TALLOC_FREE(ntlmssp_state->nt_hash); - return NT_STATUS_NO_MEMORY; - } - return NT_STATUS_OK; -} - -/** * Converts a password to the hashes on an NTLMSSP context. * */ NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *password) { + TALLOC_FREE(ntlmssp_state->lm_hash); + TALLOC_FREE(ntlmssp_state->nt_hash); if (!password) { - ntlmssp_state->lm_hash = NULL; - ntlmssp_state->nt_hash = NULL; + return NT_STATUS_OK; } else { uint8_t lm_hash[16]; uint8_t nt_hash[16]; - E_deshash(password, lm_hash); + if (E_deshash(password, lm_hash)) { + ntlmssp_state->lm_hash = (uint8_t *) + talloc_memdup(ntlmssp_state, lm_hash, 16); + if (!ntlmssp_state->lm_hash) { + return NT_STATUS_NO_MEMORY; + } + } + E_md4hash(password, nt_hash); - return ntlmssp_set_hashes(ntlmssp_state, lm_hash, nt_hash); + + ntlmssp_state->nt_hash = (uint8_t *) + talloc_memdup(ntlmssp_state, nt_hash, 16); + if (!ntlmssp_state->nt_hash) { + TALLOC_FREE(ntlmssp_state->lm_hash); + return NT_STATUS_NO_MEMORY; + } } return NT_STATUS_OK; } @@ -593,7 +587,7 @@ noccache: return NT_STATUS_INVALID_PARAMETER; } - if (!ntlmssp_state->nt_hash || !ntlmssp_state->lm_hash) { + if (!ntlmssp_state->nt_hash) { static const uint8_t zeros[16] = {0, }; /* do nothing - blobs are zero length */ @@ -657,7 +651,7 @@ noccache: dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length); } else { /* lanman auth is insecure, it may be disabled */ - if (lp_client_lanman_auth()) { + if (lp_client_lanman_auth() && ntlmssp_state->lm_hash) { lm_response = data_blob_talloc(ntlmssp_state, NULL, 24); SMBencrypt_hash(ntlmssp_state->lm_hash,challenge_blob.data, @@ -670,7 +664,7 @@ noccache: session_key = data_blob_talloc(ntlmssp_state, NULL, 16); if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) - && lp_client_lanman_auth()) { + && lp_client_lanman_auth() && ntlmssp_state->lm_hash) { SMBsesskeygen_lm_sess_key(ntlmssp_state->lm_hash, lm_response.data, session_key.data); dump_data_pw("LM session key\n", session_key.data, session_key.length); |