summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-05-09 15:02:11 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-05-09 15:02:11 +0000
commit4f52bd500bf9bf128b0bf8b653146b8325a99c4f (patch)
tree64bb4dfb33f0bfdff21bc86f0342be6e3351dbde /source3
parentd06f95ca78834403a602e4c1d64e13e059f3017e (diff)
downloadsamba-4f52bd500bf9bf128b0bf8b653146b8325a99c4f.tar.gz
samba-4f52bd500bf9bf128b0bf8b653146b8325a99c4f.tar.bz2
samba-4f52bd500bf9bf128b0bf8b653146b8325a99c4f.zip
Cleanups. My NTLMv2 changes also changed the preference from using an implicit
structure-memcpy for DATA_BLOB parameters to using a pointer to that DATA_BLOB. auth_sam calls some of these functions, so I've cleaned it all up to use this format now. Also clean up some debug statements to make them easier to read. Andrew Bartlett (This used to be commit 0c355c274a6ac084e4bf15a15613dfc007d6c5fc)
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth_sam.c84
1 files changed, 42 insertions, 42 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index cb88014e98..0c2ffaae88 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -28,9 +28,9 @@
/****************************************************************************
core of smb password checking routine.
****************************************************************************/
-static BOOL smb_pwd_check_ntlmv1(DATA_BLOB nt_response,
+static BOOL smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response,
const uchar *part_passwd,
- DATA_BLOB sec_blob,
+ const DATA_BLOB *sec_blob,
uint8 user_sess_key[16])
{
/* Finish the encryption of part_passwd. */
@@ -42,17 +42,17 @@ static BOOL smb_pwd_check_ntlmv1(DATA_BLOB nt_response,
return False;
}
- if (sec_blob.length != 8) {
- DEBUG(0, ("smb_pwd_check_ntlmv1: incorrect challenge size (%d)\n", sec_blob.length));
+ if (sec_blob->length != 8) {
+ DEBUG(0, ("smb_pwd_check_ntlmv1: incorrect challenge size (%d)\n", sec_blob->length));
return False;
}
- if (nt_response.length != 24) {
- DEBUG(0, ("smb_pwd_check_ntlmv1: incorrect password length (%d)\n", nt_response.length));
+ if (nt_response->length != 24) {
+ DEBUG(0, ("smb_pwd_check_ntlmv1: incorrect password length (%d)\n", nt_response->length));
return False;
}
- SMBOWFencrypt(part_passwd, sec_blob.data, p24);
+ SMBOWFencrypt(part_passwd, sec_blob->data, p24);
if (user_sess_key != NULL)
{
SMBsesskeygen_ntv1(part_passwd, NULL, user_sess_key);
@@ -61,16 +61,16 @@ static BOOL smb_pwd_check_ntlmv1(DATA_BLOB nt_response,
#if DEBUG_PASSWORD
- DEBUG(100,("Part password (P16) was |"));
+ DEBUG(100,("Part password (P16) was |\n"));
dump_data(100, part_passwd, 16);
- DEBUG(100,("Password from client was |"));
- dump_data(100, nt_response.data, nt_response.length);
- DEBUG(100,("Given challenge was |"));
- dump_data(100, sec_blob.data, sec_blob.length);
- DEBUG(100,("Value from encryption was |"));
+ DEBUGADD(100,("Password from client was |\n"));
+ dump_data(100, nt_response->data, nt_response->length);
+ DEBUGADD(100,("Given challenge was |\n"));
+ dump_data(100, sec_blob->data, sec_blob->length);
+ DEBUGADD(100,("Value from encryption was |\n"));
dump_data(100, p24, 24);
#endif
- return (memcmp(p24, nt_response.data, 24) == 0);
+ return (memcmp(p24, nt_response->data, 24) == 0);
}
@@ -79,9 +79,9 @@ core of smb password checking routine. (NTLMv2, LMv2)
Note: The same code works with both NTLMv2 and LMv2.
****************************************************************************/
-static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB ntv2_response,
+static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
const uchar *part_passwd,
- const DATA_BLOB sec_blob,
+ const DATA_BLOB *sec_blob,
const char *user, const char *domain,
uint8 user_sess_key[16])
{
@@ -98,43 +98,43 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB ntv2_response,
return False;
}
- if (ntv2_response.length < 24) {
+ if (ntv2_response->length < 24) {
/* We MUST have more than 16 bytes, or the stuff below will go
crazy. No known implementation sends less than the 24 bytes
for LMv2, let alone NTLMv2. */
DEBUG(0, ("smb_pwd_check_ntlmv2: incorrect password length (%d)\n",
- ntv2_response.length));
+ ntv2_response->length));
return False;
}
- client_key_data = data_blob(ntv2_response.data+16, ntv2_response.length-16);
+ client_key_data = data_blob(ntv2_response->data+16, ntv2_response->length-16);
/*
todo: should we be checking this for anything? We can't for LMv2,
but for NTLMv2 it is meant to contain the current time etc.
*/
- memcpy(client_response, ntv2_response.data, sizeof(client_response));
+ memcpy(client_response, ntv2_response->data, sizeof(client_response));
if (!ntv2_owf_gen(part_passwd, user, domain, kr)) {
return False;
}
- SMBOWFencrypt_ntv2(kr, sec_blob, client_key_data, value_from_encryption);
+ SMBOWFencrypt_ntv2(kr, sec_blob, &client_key_data, value_from_encryption);
if (user_sess_key != NULL)
{
SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key);
}
#if DEBUG_PASSWORD
- DEBUG(100,("Part password (P16) was |"));
+ DEBUG(100,("Part password (P16) was |\n"));
dump_data(100, part_passwd, 16);
- DEBUG(100,("Password from client was |"));
- dump_data(100, ntv2_response.data, ntv2_response.length);
- DEBUG(100,("Variable data from client was |"));
+ DEBUGADD(100,("Password from client was |\n"));
+ dump_data(100, ntv2_response->data, ntv2_response->length);
+ DEBUGADD(100,("Variable data from client was |\n"));
dump_data(100, client_key_data.data, client_key_data.length);
- DEBUG(100,("Given challenge was |"));
- dump_data(100, sec_blob.data, sec_blob.length);
- DEBUG(100,("Value from encryption was |"));
+ DEBUGADD(100,("Given challenge was |\n"));
+ dump_data(100, sec_blob->data, sec_blob->length);
+ DEBUGADD(100,("Value from encryption was |\n"));
dump_data(100, value_from_encryption, 16);
#endif
data_blob_clear_free(&client_key_data);
@@ -186,8 +186,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
use it (ie. does it exist in the smbpasswd file).
*/
DEBUG(4,("sam_password_ok: Checking NTLMv2 password with domain [%s]\n", user_info->client_domain.str));
- if (smb_pwd_check_ntlmv2( user_info->nt_resp,
- nt_pw, auth_context->challenge,
+ if (smb_pwd_check_ntlmv2( &user_info->nt_resp,
+ nt_pw, &auth_context->challenge,
user_info->smb_name.str,
user_info->client_domain.str,
user_sess_key))
@@ -196,8 +196,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
}
DEBUG(4,("sam_password_ok: Checking NTLMv2 password without a domain\n"));
- if (smb_pwd_check_ntlmv2( user_info->nt_resp,
- nt_pw, auth_context->challenge,
+ if (smb_pwd_check_ntlmv2( &user_info->nt_resp,
+ nt_pw, &auth_context->challenge,
user_info->smb_name.str,
"",
user_sess_key))
@@ -214,8 +214,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
use it (ie. does it exist in the smbpasswd file).
*/
DEBUG(4,("sam_password_ok: Checking NT MD4 password\n"));
- if (smb_pwd_check_ntlmv1(user_info->nt_resp,
- nt_pw, auth_context->challenge,
+ if (smb_pwd_check_ntlmv1(&user_info->nt_resp,
+ nt_pw, &auth_context->challenge,
user_sess_key))
{
return NT_STATUS_OK;
@@ -243,8 +243,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
lm_pw = pdb_get_lanman_passwd(sampass);
DEBUG(4,("sam_password_ok: Checking LM password\n"));
- if (smb_pwd_check_ntlmv1(user_info->lm_resp,
- lm_pw, auth_context->challenge,
+ if (smb_pwd_check_ntlmv1(&user_info->lm_resp,
+ lm_pw, &auth_context->challenge,
user_sess_key))
{
return NT_STATUS_OK;
@@ -262,8 +262,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
- related to Win9X, legacy NAS pass-though authentication
*/
DEBUG(4,("sam_password_ok: Checking LMv2 password with domain %s\n", user_info->client_domain.str));
- if (smb_pwd_check_ntlmv2( user_info->lm_resp,
- nt_pw, auth_context->challenge,
+ if (smb_pwd_check_ntlmv2( &user_info->lm_resp,
+ nt_pw, &auth_context->challenge,
user_info->smb_name.str,
user_info->client_domain.str,
user_sess_key))
@@ -272,8 +272,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
}
DEBUG(4,("sam_password_ok: Checking LMv2 password without a domain\n"));
- if (smb_pwd_check_ntlmv2( user_info->lm_resp,
- nt_pw, auth_context->challenge,
+ if (smb_pwd_check_ntlmv2( &user_info->lm_resp,
+ nt_pw, &auth_context->challenge,
user_info->smb_name.str,
"",
user_sess_key))
@@ -287,8 +287,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
DEBUG(4,("sam_password_ok: Checking NT MD4 password in LM field\n"));
if (lp_ntlm_auth())
{
- if (smb_pwd_check_ntlmv1(user_info->lm_resp,
- nt_pw, auth_context->challenge,
+ if (smb_pwd_check_ntlmv1(&user_info->lm_resp,
+ nt_pw, &auth_context->challenge,
user_sess_key))
{
return NT_STATUS_OK;