diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-04-25 08:26:53 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:11:39 -0500 |
| commit | 0501a440bedde5e867e461d266aafe666be53e54 (patch) | |
| tree | 45652fd169b546fe4691f696d3d22a1c2777df46 /source4/auth/ntlmssp/ntlmssp_sign.c | |
| parent | 874cd2db86e7feb82eedd2b436c5c301d3cbe5fa (diff) | |
| download | samba-0501a440bedde5e867e461d266aafe666be53e54.tar.gz samba-0501a440bedde5e867e461d266aafe666be53e54.tar.bz2 samba-0501a440bedde5e867e461d266aafe666be53e54.zip | |
r6462: Move the arcfour sbox state into it's own structure, and allocate it
with talloc() for the NTLMSSP system.
Andrew Bartlett
(This used to be commit 7a93ac49c28d433ccf0f077294f473fe728b9995)
Diffstat (limited to 'source4/auth/ntlmssp/ntlmssp_sign.c')
| -rw-r--r-- | source4/auth/ntlmssp/ntlmssp_sign.c | 39 |
1 files changed, 25 insertions, 14 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c index 222cb3e607..a47a0f334a 100644 --- a/source4/auth/ntlmssp/ntlmssp_sign.c +++ b/source4/auth/ntlmssp/ntlmssp_sign.c @@ -363,6 +363,9 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) const char *recv_sign_const; const char *recv_seal_const; + DATA_BLOB send_seal_key; + DATA_BLOB recv_seal_key; + switch (ntlmssp_state->role) { case NTLMSSP_CLIENT: send_sign_const = CLI_SIGN; @@ -380,6 +383,11 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) return NT_STATUS_INTERNAL_ERROR; } + ntlmssp_state->send_seal_hash = talloc(ntlmssp_state, struct arcfour_state); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->send_seal_hash); + ntlmssp_state->recv_seal_hash = talloc(ntlmssp_state, struct arcfour_state); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->recv_seal_hash); + /** Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions. @@ -407,18 +415,18 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) ntlmssp_state->send_sign_key.length); calc_ntlmv2_key(ntlmssp_state, - &ntlmssp_state->send_seal_key, + &send_seal_key, weak_session_key, send_seal_const); dump_data_pw("NTLMSSP send seal key:\n", - ntlmssp_state->send_seal_key.data, - ntlmssp_state->send_seal_key.length); + send_seal_key.data, + send_seal_key.length); arcfour_init(ntlmssp_state->send_seal_hash, - &ntlmssp_state->send_seal_key); + &send_seal_key); dump_data_pw("NTLMSSP send sesl hash:\n", - ntlmssp_state->send_seal_hash, - sizeof(ntlmssp_state->send_seal_hash)); + ntlmssp_state->send_seal_hash->sbox, + sizeof(ntlmssp_state->send_seal_hash->sbox)); /* RECV */ calc_ntlmv2_key(ntlmssp_state, @@ -429,24 +437,27 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) ntlmssp_state->recv_sign_key.length); calc_ntlmv2_key(ntlmssp_state, - &ntlmssp_state->recv_seal_key, + &recv_seal_key, weak_session_key, recv_seal_const); dump_data_pw("NTLMSSP recv seal key:\n", - ntlmssp_state->recv_seal_key.data, - ntlmssp_state->recv_seal_key.length); + recv_seal_key.data, + recv_seal_key.length); arcfour_init(ntlmssp_state->recv_seal_hash, - &ntlmssp_state->recv_seal_key); + &recv_seal_key); dump_data_pw("NTLMSSP receive seal hash:\n", - ntlmssp_state->recv_seal_hash, - sizeof(ntlmssp_state->recv_seal_hash)); + ntlmssp_state->recv_seal_hash->sbox, + sizeof(ntlmssp_state->recv_seal_hash->sbox)); } else { DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n")); + ntlmssp_state->ntlmssp_hash = talloc(ntlmssp_state, struct arcfour_state); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->ntlmssp_hash); + arcfour_init(ntlmssp_state->ntlmssp_hash, &ntlmssp_state->session_key); - dump_data_pw("NTLMSSP hash:\n", ntlmssp_state->ntlmssp_hash, - sizeof(ntlmssp_state->ntlmssp_hash)); + dump_data_pw("NTLMSSP hash:\n", ntlmssp_state->ntlmssp_hash->sbox, + sizeof(ntlmssp_state->ntlmssp_hash->sbox)); } ntlmssp_state->ntlm_seq_num = 0; |