summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-12-10 12:12:23 +1100
committerAndrew Bartlett <abartlet@samba.org>2010-12-10 16:09:06 +1100
commit6195dfc0eb310a2362cb949a000979514a52c648 (patch)
treebf55fefb2c18bb1a3c5f7390a0273f84c6bc320b /source3
parent5cfe949108f253a8e20c835cb53fe6f5eae7fbb5 (diff)
downloadsamba-6195dfc0eb310a2362cb949a000979514a52c648.tar.gz
samba-6195dfc0eb310a2362cb949a000979514a52c648.tar.bz2
samba-6195dfc0eb310a2362cb949a000979514a52c648.zip
s3-winbind Improve memory handling in NTLMv2-backend plaintext authentication
Andrew Bartlett
Diffstat (limited to 'source3')
-rw-r--r--source3/winbindd/winbindd_pam.c23
1 files changed, 6 insertions, 17 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 23ffb87b7e..7ec0bff9a7 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1166,36 +1166,25 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
if (lp_client_ntlmv2_auth()) {
DATA_BLOB server_chal;
DATA_BLOB names_blob;
- DATA_BLOB nt_response;
- DATA_BLOB lm_response;
- server_chal = data_blob_talloc(state->mem_ctx, chal, 8);
+ server_chal = data_blob_const(chal, 8);
- /* note that the 'workgroup' here is a best guess - we don't know
- the server's domain at this point. The 'server name' is also
- dodgy...
+ /* note that the 'workgroup' here is for the local
+ machine. The 'server name' must match the
+ 'workstation' passed to the actual SamLogon call.
*/
names_blob = NTLMv2_generate_names_blob(state->mem_ctx, global_myname(), lp_workgroup());
- if (!SMBNTLMv2encrypt(NULL, name_user, name_domain,
+ if (!SMBNTLMv2encrypt(state->mem_ctx, name_user, name_domain,
state->request->data.auth.pass,
&server_chal,
&names_blob,
- &lm_response, &nt_response, NULL, NULL)) {
+ &lm_resp, &nt_resp, NULL, NULL)) {
data_blob_free(&names_blob);
- data_blob_free(&server_chal);
DEBUG(0, ("winbindd_pam_auth: SMBNTLMv2encrypt() failed!\n"));
result = NT_STATUS_NO_MEMORY;
goto done;
}
data_blob_free(&names_blob);
- data_blob_free(&server_chal);
- lm_resp = data_blob_talloc(state->mem_ctx, lm_response.data,
- lm_response.length);
- nt_resp = data_blob_talloc(state->mem_ctx, nt_response.data,
- nt_response.length);
- data_blob_free(&lm_response);
- data_blob_free(&nt_response);
-
} else {
lm_resp = data_blob_null;
SMBNTencrypt(state->request->data.auth.pass,