summaryrefslogtreecommitdiff
path: root/source4/auth/ntlmssp
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-08-07 18:56:35 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-08-07 18:56:35 +1000
commit4b47245a9d7292255a5dca8286283b5519de12e6 (patch)
tree4eb8ea00defb05fc0d0c9f03064477650d273831 /source4/auth/ntlmssp
parent6644f48d724085f839da86ef75bd814a46359ea5 (diff)
downloadsamba-4b47245a9d7292255a5dca8286283b5519de12e6.tar.gz
samba-4b47245a9d7292255a5dca8286283b5519de12e6.tar.bz2
samba-4b47245a9d7292255a5dca8286283b5519de12e6.zip
s4:ntlmssp Merge more aspects of the source3/ NTLMSSP layer
This changes the talloc treatment of the session keys to avoid memory duplication - the session key has always been allocated onto the ntlmssp_context by the auth subsystem callback. The remainder of the changes are cosmetics, such as avoiding using lm_session_key as a pointer (and avoiding then doing an if statement on something that is always true). Andrew Bartlett
Diffstat (limited to 'source4/auth/ntlmssp')
-rw-r--r--source4/auth/ntlmssp/ntlmssp_server.c41
1 files changed, 21 insertions, 20 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index 264064346c..c4c7544a16 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -399,26 +399,24 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state,
static NTSTATUS ntlmssp_server_postauth(struct ntlmssp_state *ntlmssp_state,
struct ntlmssp_server_auth_state *state)
{
- DATA_BLOB *user_session_key = &state->user_session_key;
- DATA_BLOB *lm_session_key = &state->lm_session_key;
+ DATA_BLOB user_session_key = state->user_session_key;
+ DATA_BLOB lm_session_key = state->lm_session_key;
NTSTATUS nt_status;
DATA_BLOB session_key = data_blob(NULL, 0);
- if (user_session_key)
- dump_data_pw("USER session key:\n", user_session_key->data, user_session_key->length);
-
- if (lm_session_key)
- dump_data_pw("LM first-8:\n", lm_session_key->data, lm_session_key->length);
+ dump_data_pw("NT session key:\n", user_session_key.data, user_session_key.length);
+ dump_data_pw("LM first-8:\n", lm_session_key.data, lm_session_key.length);
/* Handle the different session key derivation for NTLM2 */
if (state->doing_ntlm2) {
- if (user_session_key && user_session_key->data && user_session_key->length == 16) {
- session_key = data_blob_talloc(ntlmssp_state, NULL, 16);
- hmac_md5(user_session_key->data, state->session_nonce,
+ if (user_session_key.data && user_session_key.length == 16) {
+ session_key = data_blob_talloc(ntlmssp_state,
+ NULL, 16);
+ hmac_md5(user_session_key.data, state->session_nonce,
sizeof(state->session_nonce), session_key.data);
DEBUG(10,("ntlmssp_server_auth: Created NTLM2 session key.\n"));
dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length);
-
+
} else {
DEBUG(10,("ntlmssp_server_auth: Failed to create NTLM2 session key.\n"));
session_key = data_blob_null;
@@ -427,10 +425,14 @@ static NTSTATUS ntlmssp_server_postauth(struct ntlmssp_state *ntlmssp_state,
/* Ensure we can never get here on NTLMv2 */
&& (ntlmssp_state->nt_resp.length == 0 || ntlmssp_state->nt_resp.length == 24)) {
- if (lm_session_key && lm_session_key->data && lm_session_key->length >= 8) {
+ if (lm_session_key.data && lm_session_key.length >= 8) {
if (ntlmssp_state->lm_resp.data && ntlmssp_state->lm_resp.length == 24) {
- session_key = data_blob_talloc(ntlmssp_state, NULL, 16);
- SMBsesskeygen_lm_sess_key(lm_session_key->data, ntlmssp_state->lm_resp.data,
+ session_key = data_blob_talloc(ntlmssp_state,
+ NULL, 16);
+ if (session_key.data == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state->lm_resp.data,
session_key.data);
DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
} else {
@@ -443,7 +445,6 @@ static NTSTATUS ntlmssp_server_postauth(struct ntlmssp_state *ntlmssp_state,
SMBsesskeygen_lm_sess_key(zeros, zeros,
session_key.data);
DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
- dump_data_pw("LM session key:\n", session_key.data, session_key.length);
}
dump_data_pw("LM session key:\n", session_key.data,
session_key.length);
@@ -455,17 +456,17 @@ static NTSTATUS ntlmssp_server_postauth(struct ntlmssp_state *ntlmssp_state,
session_key = data_blob_null;
}
- } else if (user_session_key && user_session_key->data) {
- session_key = data_blob_talloc(ntlmssp_state, user_session_key->data, user_session_key->length);
+ } else if (user_session_key.data) {
+ session_key = user_session_key;
DEBUG(10,("ntlmssp_server_auth: Using unmodified nt session key.\n"));
dump_data_pw("unmodified session key:\n", session_key.data, session_key.length);
/* LM Key not selected */
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
- } else if (lm_session_key && lm_session_key->data) {
+ } else if (lm_session_key.data) {
/* Very weird to have LM key, but no user session key, but anyway.. */
- session_key = data_blob_talloc(ntlmssp_state, lm_session_key->data, lm_session_key->length);
+ session_key = lm_session_key;
DEBUG(10,("ntlmssp_server_auth: Using unmodified lm session key.\n"));
dump_data_pw("unmodified session key:\n", session_key.data, session_key.length);
@@ -474,7 +475,7 @@ static NTSTATUS ntlmssp_server_postauth(struct ntlmssp_state *ntlmssp_state,
} else {
DEBUG(10,("ntlmssp_server_auth: Failed to create unmodified session key.\n"));
- session_key = data_blob(NULL, 0);
+ session_key = data_blob_null;
/* LM Key not selected */
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;