diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-05-11 19:22:22 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:16:40 -0500 |
| commit | c64ac2fc5a084203ed277ba0d71c67a02872d92e (patch) | |
| tree | 57f5e24fac293f125c84467e8250575465ae6c57 /source4/auth/ntlmssp/ntlmssp_server.c | |
| parent | 0aef77698e0f927b9d492edc56195217b1b59c07 (diff) | |
| download | samba-c64ac2fc5a084203ed277ba0d71c67a02872d92e.tar.gz samba-c64ac2fc5a084203ed277ba0d71c67a02872d92e.tar.bz2 samba-c64ac2fc5a084203ed277ba0d71c67a02872d92e.zip | |
r6738: My version of the patch by metze that I just reverted (-r 6734).
This also includes other changes to reduce memory use by GENSEC when
not being used for sign/seal operations. This should lower tridge's K
'per connection' benchmark further.
Andrew Bartlett
(This used to be commit 4a5829401b20c10091185bbd93236477523459b2)
Diffstat (limited to 'source4/auth/ntlmssp/ntlmssp_server.c')
| -rw-r--r-- | source4/auth/ntlmssp/ntlmssp_server.c | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index c54d30abdc..db169684d6 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -350,11 +350,11 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_ntlmssp_state *gensec_ntlms gensec_ntlmssp_state->doing_ntlm2 = True; - memcpy(gensec_ntlmssp_state->ntlm2.session_nonce, gensec_ntlmssp_state->internal_chal.data, 8); - memcpy(&gensec_ntlmssp_state->ntlm2.session_nonce[8], gensec_ntlmssp_state->lm_resp.data, 8); + memcpy(gensec_ntlmssp_state->crypt.ntlm2.session_nonce, gensec_ntlmssp_state->internal_chal.data, 8); + memcpy(&gensec_ntlmssp_state->crypt.ntlm2.session_nonce[8], gensec_ntlmssp_state->lm_resp.data, 8); MD5Init(&md5_session_nonce_ctx); - MD5Update(&md5_session_nonce_ctx, gensec_ntlmssp_state->ntlm2.session_nonce, 16); + MD5Update(&md5_session_nonce_ctx, gensec_ntlmssp_state->crypt.ntlm2.session_nonce, 16); MD5Final(session_nonce_hash, &md5_session_nonce_ctx); gensec_ntlmssp_state->chal = data_blob_talloc(gensec_ntlmssp_state, @@ -366,7 +366,7 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_ntlmssp_state *gensec_ntlms /* We changed the effective challenge - set it */ if (!NT_STATUS_IS_OK(nt_status = gensec_ntlmssp_state->set_challenge(gensec_ntlmssp_state, - &gensec_ntlmssp_state->chal))) { + &gensec_ntlmssp_state->chal))) { /* zero this out */ data_blob_free(&gensec_ntlmssp_state->encrypted_session_key); return nt_status; @@ -387,10 +387,11 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_ntlmssp_state *gensec_ntlms * @return Errors or NT_STATUS_OK. */ -static NTSTATUS ntlmssp_server_postauth(struct gensec_ntlmssp_state *gensec_ntlmssp_state, +static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) { + struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data; NTSTATUS nt_status; DATA_BLOB session_key = data_blob(NULL, 0); @@ -404,8 +405,8 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_ntlmssp_state *gensec_ntlm if (gensec_ntlmssp_state->doing_ntlm2) { if (user_session_key && user_session_key->data && user_session_key->length == 16) { session_key = data_blob_talloc(gensec_ntlmssp_state, NULL, 16); - hmac_md5(user_session_key->data, gensec_ntlmssp_state->ntlm2.session_nonce, - sizeof(gensec_ntlmssp_state->ntlm2.session_nonce), session_key.data); + hmac_md5(user_session_key->data, gensec_ntlmssp_state->crypt.ntlm2.session_nonce, + sizeof(gensec_ntlmssp_state->crypt.ntlm2.session_nonce), session_key.data); DEBUG(10,("ntlmssp_server_auth: Created NTLM2 session key.\n")); dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length); @@ -500,7 +501,12 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_ntlmssp_state *gensec_ntlm /* The server might need us to use a partial-strength session key */ ntlmssp_weaken_keys(gensec_ntlmssp_state); - nt_status = ntlmssp_sign_init(gensec_ntlmssp_state); + if ((gensec_security->want_features & GENSEC_FEATURE_SIGN) + || (gensec_security->want_features & GENSEC_FEATURE_SEAL)) { + nt_status = ntlmssp_sign_init(gensec_ntlmssp_state); + } else { + nt_status = NT_STATUS_OK; + } data_blob_free(&gensec_ntlmssp_state->encrypted_session_key); @@ -531,7 +537,7 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_ntlmssp_state *gensec_ntlm NTSTATUS ntlmssp_server_auth(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, const DATA_BLOB in, DATA_BLOB *out) -{ +{ struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data; DATA_BLOB user_session_key = data_blob(NULL, 0); DATA_BLOB lm_session_key = data_blob(NULL, 0); @@ -559,7 +565,7 @@ NTSTATUS ntlmssp_server_auth(struct gensec_security *gensec_security, } if (gensec_ntlmssp_state->server_use_session_keys) { - return ntlmssp_server_postauth(gensec_ntlmssp_state, &user_session_key, &lm_session_key); + return ntlmssp_server_postauth(gensec_security, &user_session_key, &lm_session_key); } else { gensec_ntlmssp_state->session_key = data_blob(NULL, 0); return NT_STATUS_OK; |