r874: This patch is a pile of work on NTLMSSP:

Samba's NTLMSSP code is now fully talloc based, which should go a long
way to cleaning up the memory leaks in this code.  This also avoids a
lot of extra copies of data, as we now allocate the 'return' blobs on
a caller-supplied context.

I have also been doing a lot of work towards NTLM2 signing and
sealing.  I have this working for sealing, but not for the verifier
(MD5 integrity check on the stream) which is still incorrect.

(I can aim a rpcecho sinkdata from a Win2k3 box to my server, and the
data arrives intact, but the signature check fails.  It does however
match the test values I have...).

The new torture test is cludged in - when we get a unit test suite
back, I'll happliy put it in the 'right' place....

Andrew Bartlett
(This used to be commit 399e2e2b1149b8d1c070aa7f0d5131c0b577d2b9)

1 files changed, 5 insertions, 1 deletions

diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index 5c7f01c658..25c2029f34 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -28,12 +28,16 @@ enum dcerpc_transport_t {NCACN_NP, NCACN_IP_TCP};
 struct dcerpc_security {
 	void *private;
 	NTSTATUS (*unseal_packet)(struct dcerpc_security *, 
+				  TALLOC_CTX *mem_ctx, 
 				  uchar *data, size_t length, DATA_BLOB *sig);
 	NTSTATUS (*check_packet)(struct dcerpc_security *, 
+				 TALLOC_CTX *mem_ctx, 
 				 const uchar *data, size_t length, const DATA_BLOB *sig);
 	NTSTATUS (*seal_packet)(struct dcerpc_security *, 
-				 uchar *data, size_t length, DATA_BLOB *sig);
+				TALLOC_CTX *mem_ctx, 
+				uchar *data, size_t length, DATA_BLOB *sig);
 	NTSTATUS (*sign_packet)(struct dcerpc_security *, 
+				TALLOC_CTX *mem_ctx, 
 				const uchar *data, size_t length, DATA_BLOB *sig);
 	NTSTATUS (*session_key)(struct dcerpc_security *, DATA_BLOB *session_key);
 	void (*security_end)(struct dcerpc_security *);