r6462: Move the arcfour sbox state into it's own structure, and allocate it

with talloc() for the NTLMSSP system.

Andrew Bartlett
(This used to be commit 7a93ac49c28d433ccf0f077294f473fe728b9995)

5 files changed, 29 insertions, 53 deletions

diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c
index 9bb0ed99fa..d132a3c567 100644
--- a/source4/auth/ntlmssp/ntlmssp.c
+++ b/source4/auth/ntlmssp/ntlmssp.c
@@ -90,19 +90,6 @@ void debug_ntlmssp_flags(uint32_t neg_flags)
 }
 
 /**
- *  Store a DATA_BLOB containing an NTLMSSP response, for use later.
- *  This copies the data blob
- */
-
-NTSTATUS ntlmssp_store_response(struct ntlmssp_state *ntlmssp_state,
-				DATA_BLOB response) 
-{
-	ntlmssp_state->stored_response = data_blob_talloc(ntlmssp_state, 
-							  response.data, response.length);
-	return NT_STATUS_OK;
-}
-
-/**
  * Next state function for the wrapped NTLMSSP state machine
  * 
  * @param gensec_security GENSEC state, initialised to NTLMSSP
@@ -115,13 +102,12 @@ NTSTATUS ntlmssp_store_response(struct ntlmssp_state *ntlmssp_state,
 
 static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, 
 				      TALLOC_CTX *out_mem_ctx, 
-				      const DATA_BLOB in, DATA_BLOB *out) 
+				      const DATA_BLOB input, DATA_BLOB *out) 
 {
 	struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
 	struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp_state->ntlmssp_state;
 	NTSTATUS status;
 
-	DATA_BLOB input;
 	uint32_t ntlmssp_command;
 	int i;
 
@@ -137,15 +123,6 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
 		out_mem_ctx = ntlmssp_state;
 	}
 
-	if (!in.length && ntlmssp_state->stored_response.length) {
-		input = ntlmssp_state->stored_response;
-		
-		/* we only want to read the stored response once - overwrite it */
-		ntlmssp_state->stored_response = data_blob(NULL, 0);
-	} else {
-		input = in;
-	}
-
 	if (!input.length) {
 		switch (ntlmssp_state->role) {
 		case NTLMSSP_CLIENT:
diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h
index 7e7aeaad98..2aa9aea810 100644
--- a/source4/auth/ntlmssp/ntlmssp.h
+++ b/source4/auth/ntlmssp/ntlmssp.h
@@ -77,7 +77,6 @@ enum ntlmssp_message_type
 
 struct ntlmssp_state 
 {
-	uint_t ref_count;
 	enum ntlmssp_role role;
 	enum samr_Role server_role;
 	uint32_t expected_state;
@@ -170,21 +169,14 @@ struct ntlmssp_state
 
 	/* ntlmv2 */
 	DATA_BLOB send_sign_key;
-	DATA_BLOB send_seal_key;
 	DATA_BLOB recv_sign_key;
-	DATA_BLOB recv_seal_key;
 
-	uint8_t send_seal_hash[258];
-	uint8_t recv_seal_hash[258];
+	struct arcfour_state *send_seal_hash;
+	struct arcfour_state *recv_seal_hash;
 
 	/* ntlmv1 */
-	uint8_t ntlmssp_hash[258];
+	struct arcfour_state *ntlmssp_hash;
 
-	/* it turns out that we don't always get the
-	   response in at the time we want to process it.
-	   Store it here, until we need it */
-	DATA_BLOB stored_response; 
-	
 };
 
 struct gensec_ntlmssp_state {
diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c
index dcd52af1f5..ceca0d6978 100644
--- a/source4/auth/ntlmssp/ntlmssp_client.c
+++ b/source4/auth/ntlmssp/ntlmssp_client.c
@@ -385,8 +385,6 @@ static NTSTATUS ntlmssp_client_start(TALLOC_CTX *mem_ctx, struct ntlmssp_state *
 
 	(*ntlmssp_state)->expected_state = NTLMSSP_INITIAL;
 
-	(*ntlmssp_state)->ref_count = 1;
-
 	(*ntlmssp_state)->neg_flags = 
 		NTLMSSP_NEGOTIATE_NTLM |
 		NTLMSSP_REQUEST_TARGET;
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index 852d32ed2b..374fafc0e5 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -637,8 +637,6 @@ static NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx, struct ntlmssp_state *
 	(*ntlmssp_state)->server_use_session_keys = True;
 	(*ntlmssp_state)->server_multiple_authentications = False;
 	
-	(*ntlmssp_state)->ref_count = 1;
-
 	(*ntlmssp_state)->neg_flags = 
 		NTLMSSP_NEGOTIATE_NTLM;
 
diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c
index 222cb3e607..a47a0f334a 100644
--- a/source4/auth/ntlmssp/ntlmssp_sign.c
+++ b/source4/auth/ntlmssp/ntlmssp_sign.c
@@ -363,6 +363,9 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
 		const char *recv_sign_const;
 		const char *recv_seal_const;
 
+		DATA_BLOB send_seal_key;
+		DATA_BLOB recv_seal_key;
+
 		switch (ntlmssp_state->role) {
 		case NTLMSSP_CLIENT:
 			send_sign_const = CLI_SIGN;
@@ -380,6 +383,11 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
 			return NT_STATUS_INTERNAL_ERROR;
 		}
 		
+		ntlmssp_state->send_seal_hash = talloc(ntlmssp_state, struct arcfour_state);
+		NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->send_seal_hash);
+		ntlmssp_state->recv_seal_hash = talloc(ntlmssp_state, struct arcfour_state);
+		NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->recv_seal_hash);
+
 		/**
 		   Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions.
 		   
@@ -407,18 +415,18 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
 			     ntlmssp_state->send_sign_key.length);
 		
 		calc_ntlmv2_key(ntlmssp_state, 
-				&ntlmssp_state->send_seal_key, 
+				&send_seal_key, 
 				weak_session_key, send_seal_const);
 		dump_data_pw("NTLMSSP send seal key:\n",
-			     ntlmssp_state->send_seal_key.data, 
-			     ntlmssp_state->send_seal_key.length);
+			     send_seal_key.data, 
+			     send_seal_key.length);
 
 		arcfour_init(ntlmssp_state->send_seal_hash, 
-			     &ntlmssp_state->send_seal_key);
+			     &send_seal_key);
 
 		dump_data_pw("NTLMSSP send sesl hash:\n", 
-			     ntlmssp_state->send_seal_hash, 
-			     sizeof(ntlmssp_state->send_seal_hash));
+			     ntlmssp_state->send_seal_hash->sbox, 
+			     sizeof(ntlmssp_state->send_seal_hash->sbox));
 
 		/* RECV */
 		calc_ntlmv2_key(ntlmssp_state, 
@@ -429,24 +437,27 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
 			     ntlmssp_state->recv_sign_key.length);
 
 		calc_ntlmv2_key(ntlmssp_state, 
-				&ntlmssp_state->recv_seal_key, 
+				&recv_seal_key, 
 				weak_session_key, recv_seal_const);
 		dump_data_pw("NTLMSSP recv seal key:\n",
-			     ntlmssp_state->recv_seal_key.data, 
-			     ntlmssp_state->recv_seal_key.length);
+			     recv_seal_key.data, 
+			     recv_seal_key.length);
 		arcfour_init(ntlmssp_state->recv_seal_hash, 
-			     &ntlmssp_state->recv_seal_key);
+			     &recv_seal_key);
 
 		dump_data_pw("NTLMSSP receive seal hash:\n", 
-			     ntlmssp_state->recv_seal_hash, 
-			     sizeof(ntlmssp_state->recv_seal_hash));
+			     ntlmssp_state->recv_seal_hash->sbox, 
+			     sizeof(ntlmssp_state->recv_seal_hash->sbox));
 	} else {
 		DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n"));
 
+		ntlmssp_state->ntlmssp_hash = talloc(ntlmssp_state, struct arcfour_state);
+		NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->ntlmssp_hash);
+
 		arcfour_init(ntlmssp_state->ntlmssp_hash, 
 			     &ntlmssp_state->session_key);
-		dump_data_pw("NTLMSSP hash:\n", ntlmssp_state->ntlmssp_hash,
-			     sizeof(ntlmssp_state->ntlmssp_hash));
+		dump_data_pw("NTLMSSP hash:\n", ntlmssp_state->ntlmssp_hash->sbox,
+			     sizeof(ntlmssp_state->ntlmssp_hash->sbox));
 	}
 
 	ntlmssp_state->ntlm_seq_num = 0;