diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-12-10 12:12:23 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-12-10 16:09:06 +1100 |
commit | 6195dfc0eb310a2362cb949a000979514a52c648 (patch) | |
tree | bf55fefb2c18bb1a3c5f7390a0273f84c6bc320b /source3 | |
parent | 5cfe949108f253a8e20c835cb53fe6f5eae7fbb5 (diff) | |
download | samba-6195dfc0eb310a2362cb949a000979514a52c648.tar.gz samba-6195dfc0eb310a2362cb949a000979514a52c648.tar.bz2 samba-6195dfc0eb310a2362cb949a000979514a52c648.zip |
s3-winbind Improve memory handling in NTLMv2-backend plaintext authentication
Andrew Bartlett
Diffstat (limited to 'source3')
-rw-r--r-- | source3/winbindd/winbindd_pam.c | 23 |
1 files changed, 6 insertions, 17 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 23ffb87b7e..7ec0bff9a7 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1166,36 +1166,25 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain, if (lp_client_ntlmv2_auth()) { DATA_BLOB server_chal; DATA_BLOB names_blob; - DATA_BLOB nt_response; - DATA_BLOB lm_response; - server_chal = data_blob_talloc(state->mem_ctx, chal, 8); + server_chal = data_blob_const(chal, 8); - /* note that the 'workgroup' here is a best guess - we don't know - the server's domain at this point. The 'server name' is also - dodgy... + /* note that the 'workgroup' here is for the local + machine. The 'server name' must match the + 'workstation' passed to the actual SamLogon call. */ names_blob = NTLMv2_generate_names_blob(state->mem_ctx, global_myname(), lp_workgroup()); - if (!SMBNTLMv2encrypt(NULL, name_user, name_domain, + if (!SMBNTLMv2encrypt(state->mem_ctx, name_user, name_domain, state->request->data.auth.pass, &server_chal, &names_blob, - &lm_response, &nt_response, NULL, NULL)) { + &lm_resp, &nt_resp, NULL, NULL)) { data_blob_free(&names_blob); - data_blob_free(&server_chal); DEBUG(0, ("winbindd_pam_auth: SMBNTLMv2encrypt() failed!\n")); result = NT_STATUS_NO_MEMORY; goto done; } data_blob_free(&names_blob); - data_blob_free(&server_chal); - lm_resp = data_blob_talloc(state->mem_ctx, lm_response.data, - lm_response.length); - nt_resp = data_blob_talloc(state->mem_ctx, nt_response.data, - nt_response.length); - data_blob_free(&lm_response); - data_blob_free(&nt_response); - } else { lm_resp = data_blob_null; SMBNTencrypt(state->request->data.auth.pass, |