summaryrefslogtreecommitdiff
path: root/source4/libcli/util/smbencrypt.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-05-25 14:06:28 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:56:14 -0500
commit5b0ab386cb0fb74d78e6c68abe1b047ab515b7b3 (patch)
tree78f843cb6a9ff745f9ac5ef35de53bccbf1ccbd8 /source4/libcli/util/smbencrypt.c
parent579c13da43d5b40ac6d6c1436399fbc1d8dfd054 (diff)
downloadsamba-5b0ab386cb0fb74d78e6c68abe1b047ab515b7b3.tar.gz
samba-5b0ab386cb0fb74d78e6c68abe1b047ab515b7b3.tar.bz2
samba-5b0ab386cb0fb74d78e6c68abe1b047ab515b7b3.zip
r874: This patch is a pile of work on NTLMSSP:
Samba's NTLMSSP code is now fully talloc based, which should go a long way to cleaning up the memory leaks in this code. This also avoids a lot of extra copies of data, as we now allocate the 'return' blobs on a caller-supplied context. I have also been doing a lot of work towards NTLM2 signing and sealing. I have this working for sealing, but not for the verifier (MD5 integrity check on the stream) which is still incorrect. (I can aim a rpcecho sinkdata from a Win2k3 box to my server, and the data arrives intact, but the signature check fails. It does however match the test values I have...). The new torture test is cludged in - when we get a unit test suite back, I'll happliy put it in the 'right' place.... Andrew Bartlett (This used to be commit 399e2e2b1149b8d1c070aa7f0d5131c0b577d2b9)
Diffstat (limited to 'source4/libcli/util/smbencrypt.c')
-rw-r--r--source4/libcli/util/smbencrypt.c21
1 files changed, 14 insertions, 7 deletions
diff --git a/source4/libcli/util/smbencrypt.c b/source4/libcli/util/smbencrypt.c
index 013f00d5fa..edf1526d2e 100644
--- a/source4/libcli/util/smbencrypt.c
+++ b/source4/libcli/util/smbencrypt.c
@@ -291,19 +291,20 @@ void SMBsesskeygen_lm_sess_key(const uchar lm_hash[16],
#endif
}
-DATA_BLOB NTLMv2_generate_names_blob(const char *hostname,
+DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx,
+ const char *hostname,
const char *domain)
{
- DATA_BLOB names_blob = data_blob(NULL, 0);
+ DATA_BLOB names_blob = data_blob_talloc(mem_ctx, NULL, 0);
- msrpc_gen(&names_blob, "aaa",
+ msrpc_gen(mem_ctx, &names_blob, "aaa",
NTLMSSP_NAME_TYPE_DOMAIN, domain,
NTLMSSP_NAME_TYPE_SERVER, hostname,
0, "");
return names_blob;
}
-static DATA_BLOB NTLMv2_generate_client_data(const DATA_BLOB *names_blob)
+static DATA_BLOB NTLMv2_generate_client_data(TALLOC_CTX *mem_ctx, const DATA_BLOB *names_blob)
{
uchar client_chal[8];
DATA_BLOB response = data_blob(NULL, 0);
@@ -318,7 +319,7 @@ static DATA_BLOB NTLMv2_generate_client_data(const DATA_BLOB *names_blob)
/* See http://www.ubiqx.org/cifs/SMB.html#SMB.8.5 */
- msrpc_gen(&response, "ddbbdb",
+ msrpc_gen(mem_ctx, &response, "ddbbdb",
0x00000101, /* Header */
0, /* 'Reserved' */
long_date, 8, /* Timestamp */
@@ -337,10 +338,16 @@ static DATA_BLOB NTLMv2_generate_response(const uchar ntlm_v2_hash[16],
DATA_BLOB ntlmv2_client_data;
DATA_BLOB final_response;
+ TALLOC_CTX *mem_ctx = talloc_init("NTLMv2_generate_response internal context");
+
+ if (!mem_ctx) {
+ return data_blob(NULL, 0);
+ }
+
/* NTLMv2 */
/* generate some data to pass into the response function - including
the hostname and domain name of the server */
- ntlmv2_client_data = NTLMv2_generate_client_data(names_blob);
+ ntlmv2_client_data = NTLMv2_generate_client_data(mem_ctx, names_blob);
/* Given that data, and the challenge from the server, generate a response */
SMBOWFencrypt_ntv2(ntlm_v2_hash, server_chal, &ntlmv2_client_data, ntlmv2_response);
@@ -352,7 +359,7 @@ static DATA_BLOB NTLMv2_generate_response(const uchar ntlm_v2_hash[16],
memcpy(final_response.data+sizeof(ntlmv2_response),
ntlmv2_client_data.data, ntlmv2_client_data.length);
- data_blob_free(&ntlmv2_client_data);
+ talloc_destroy(mem_ctx);
return final_response;
}