summaryrefslogtreecommitdiff
path: root/source4/auth/ntlmssp
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2009-12-30 16:01:28 +0100
committerGünther Deschner <gd@samba.org>2010-03-24 17:34:51 +0100
commit1564b2a94beba168c20f961d438a78cebe79d72d (patch)
tree04481eee2c47562aec39857a9e760c9ef4cf4885 /source4/auth/ntlmssp
parent23507c022f9d926cc15674ae0158ce55478cf202 (diff)
downloadsamba-1564b2a94beba168c20f961d438a78cebe79d72d.tar.gz
samba-1564b2a94beba168c20f961d438a78cebe79d72d.tar.bz2
samba-1564b2a94beba168c20f961d438a78cebe79d72d.zip
s4:ntlmssp: split gensec_ntlmssp_check_packet() and ntlmssp_check_packet()
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source4/auth/ntlmssp')
-rw-r--r--source4/auth/ntlmssp/ntlmssp_sign.c44
1 files changed, 31 insertions, 13 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c
index 4239a39ce5..3c18c34f82 100644
--- a/source4/auth/ntlmssp/ntlmssp_sign.c
+++ b/source4/auth/ntlmssp/ntlmssp_sign.c
@@ -147,26 +147,21 @@ NTSTATUS ntlmssp_sign_packet(struct gensec_ntlmssp_state *ntlmssp_state,
*
*/
-NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
- TALLOC_CTX *sig_mem_ctx,
- const uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- const DATA_BLOB *sig)
+NTSTATUS ntlmssp_check_packet(struct gensec_ntlmssp_state *ntlmssp_state,
+ TALLOC_CTX *sig_mem_ctx,
+ const uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ const DATA_BLOB *sig)
{
- struct gensec_ntlmssp_context *gensec_ntlmssp =
- talloc_get_type_abort(gensec_security->private_data,
- struct gensec_ntlmssp_context);
- struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
-
DATA_BLOB local_sig;
NTSTATUS nt_status;
- if (!gensec_ntlmssp_state->session_key.length) {
+ if (!ntlmssp_state->session_key.length) {
DEBUG(3, ("NO session key, cannot check packet signature\n"));
return NT_STATUS_NO_USER_SESSION_KEY;
}
- nt_status = ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx,
+ nt_status = ntlmssp_make_packet_signature(ntlmssp_state, sig_mem_ctx,
data, length,
whole_pdu, pdu_length,
NTLMSSP_RECEIVE, &local_sig, true);
@@ -176,7 +171,7 @@ NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
return nt_status;
}
- if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
+ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
if (local_sig.length != sig->length ||
memcmp(local_sig.data,
sig->data, sig->length) != 0) {
@@ -187,6 +182,7 @@ NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
DEBUG(10, ("BAD SIG: got signature over %llu bytes of input:\n", (unsigned long long)pdu_length));
dump_data(10, sig->data, sig->length);
+ data_blob_free(&local_sig);
return NT_STATUS_ACCESS_DENIED;
}
} else {
@@ -199,11 +195,13 @@ NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
DEBUG(10, ("BAD SIG: got signature of %llu bytes of input:\n", (unsigned long long)length));
dump_data(10, sig->data, sig->length);
+ data_blob_free(&local_sig);
return NT_STATUS_ACCESS_DENIED;
}
}
dump_data_pw("checked ntlmssp signature\n", sig->data, sig->length);
+ data_blob_free(&local_sig);
return NT_STATUS_OK;
}
@@ -473,6 +471,26 @@ NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security,
return nt_status;
}
+NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
+ TALLOC_CTX *sig_mem_ctx,
+ const uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ const DATA_BLOB *sig)
+{
+ struct gensec_ntlmssp_context *gensec_ntlmssp =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gensec_ntlmssp_context);
+ NTSTATUS nt_status;
+
+ nt_status = ntlmssp_check_packet(gensec_ntlmssp->ntlmssp_state,
+ sig_mem_ctx,
+ data, length,
+ whole_pdu, pdu_length,
+ sig);
+
+ return nt_status;
+}
+
size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security, size_t data_size)
{
return NTLMSSP_SIG_SIZE;