diff options
-rw-r--r-- | source4/auth/auth.h | 6 | ||||
-rw-r--r-- | source4/auth/ntlm/auth.c | 25 | ||||
-rw-r--r-- | source4/auth/ntlm/auth_proto.h | 2 | ||||
-rw-r--r-- | source4/auth/ntlm/auth_server.c | 7 | ||||
-rw-r--r-- | source4/auth/ntlm/auth_util.c | 12 | ||||
-rw-r--r-- | source4/auth/ntlm/auth_winbind.c | 6 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp_server.c | 7 | ||||
-rw-r--r-- | source4/smb_server/smb/negprot.c | 5 |
8 files changed, 32 insertions, 38 deletions
diff --git a/source4/auth/auth.h b/source4/auth/auth.h index c31ed2f5fd..c625c87f39 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -135,7 +135,7 @@ struct auth_operations { * security=server, and makes a number of compromises to allow * that. It is not compatible with being a PDC. */ - NTSTATUS (*get_challenge)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *challenge); + NTSTATUS (*get_challenge)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, uint8_t chal[8]); /* Given the user supplied info, check if this backend want to handle the password checking */ @@ -190,7 +190,7 @@ struct auth_context { const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info); - NTSTATUS (*get_challenge)(struct auth_context *auth_ctx, const uint8_t **_chal); + NTSTATUS (*get_challenge)(struct auth_context *auth_ctx, uint8_t chal[8]); bool (*challenge_may_be_modified)(struct auth_context *auth_ctx); @@ -226,7 +226,7 @@ struct ldb_context; struct ldb_dn; struct gensec_security; -NTSTATUS auth_get_challenge(struct auth_context *auth_ctx, const uint8_t **_chal); +NTSTATUS auth_get_challenge(struct auth_context *auth_ctx, uint8_t chal[8]); NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx, uint32_t logon_parameters, diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c index 5520c9d01f..d0c8ed3a68 100644 --- a/source4/auth/ntlm/auth.c +++ b/source4/auth/ntlm/auth.c @@ -51,42 +51,34 @@ bool auth_challenge_may_be_modified(struct auth_context *auth_ctx) Try to get a challenge out of the various authentication modules. Returns a const char of length 8 bytes. ****************************************************************************/ -_PUBLIC_ NTSTATUS auth_get_challenge(struct auth_context *auth_ctx, const uint8_t **_chal) +_PUBLIC_ NTSTATUS auth_get_challenge(struct auth_context *auth_ctx, uint8_t chal[8]) { NTSTATUS nt_status; struct auth_method_context *method; - if (auth_ctx->challenge.data.length) { + if (auth_ctx->challenge.data.length == 8) { DEBUG(5, ("auth_get_challenge: returning previous challenge by module %s (normal)\n", auth_ctx->challenge.set_by)); - *_chal = auth_ctx->challenge.data.data; + memcpy(chal, auth_ctx->challenge.data.data, 8); return NT_STATUS_OK; } for (method = auth_ctx->methods; method; method = method->next) { - DATA_BLOB challenge = data_blob(NULL,0); - - nt_status = method->ops->get_challenge(method, auth_ctx, &challenge); + nt_status = method->ops->get_challenge(method, auth_ctx, chal); if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NOT_IMPLEMENTED)) { continue; } NT_STATUS_NOT_OK_RETURN(nt_status); - if (challenge.length != 8) { - DEBUG(0, ("auth_get_challenge: invalid challenge (length %u) by mothod [%s]\n", - (unsigned)challenge.length, method->ops->name)); - return NT_STATUS_INTERNAL_ERROR; - } - - auth_ctx->challenge.data = challenge; + auth_ctx->challenge.data = data_blob_talloc(auth_ctx, chal, 8); + NT_STATUS_HAVE_NO_MEMORY(auth_ctx->challenge.data.data); auth_ctx->challenge.set_by = method->ops->name; break; } if (!auth_ctx->challenge.set_by) { - uint8_t chal[8]; generate_random_buffer(chal, 8); auth_ctx->challenge.data = data_blob_talloc(auth_ctx, chal, 8); @@ -99,7 +91,6 @@ _PUBLIC_ NTSTATUS auth_get_challenge(struct auth_context *auth_ctx, const uint8_ DEBUG(10,("auth_get_challenge: challenge set by %s\n", auth_ctx->challenge.set_by)); - *_chal = auth_ctx->challenge.data.data; return NT_STATUS_OK; } @@ -256,7 +247,7 @@ _PUBLIC_ void auth_check_password_send(struct auth_context *auth_ctx, /* if all the modules say 'not for me' this is reasonable */ NTSTATUS nt_status; struct auth_method_context *method; - const uint8_t *challenge; + uint8_t chal[8]; struct auth_usersupplied_info *user_info_tmp; struct auth_check_password_request *req = NULL; @@ -283,7 +274,7 @@ _PUBLIC_ void auth_check_password_send(struct auth_context *auth_ctx, DEBUGADD(3,("auth_check_password_send: mapped user is: [%s]\\[%s]@[%s]\n", user_info->mapped.domain_name, user_info->mapped.account_name, user_info->workstation_name)); - nt_status = auth_get_challenge(auth_ctx, &challenge); + nt_status = auth_get_challenge(auth_ctx, chal); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("auth_check_password_send: Invalid challenge (length %u) stored for this auth context set_by %s - cannot continue: %s\n", (unsigned)auth_ctx->challenge.data.length, auth_ctx->challenge.set_by, nt_errstr(nt_status))); diff --git a/source4/auth/ntlm/auth_proto.h b/source4/auth/ntlm/auth_proto.h index 572c1a4ca7..5e8c725ea0 100644 --- a/source4/auth/ntlm/auth_proto.h +++ b/source4/auth/ntlm/auth_proto.h @@ -23,7 +23,7 @@ NTSTATUS server_service_auth_init(void); /* The following definitions come from auth/ntlm/auth_util.c */ -NTSTATUS auth_get_challenge_not_implemented(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *challenge); +NTSTATUS auth_get_challenge_not_implemented(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, uint8_t chal[8]); /**************************************************************************** Create an auth_usersupplied_data structure after appropriate mapping. diff --git a/source4/auth/ntlm/auth_server.c b/source4/auth/ntlm/auth_server.c index 12849aa420..ae7b7dd3a8 100644 --- a/source4/auth/ntlm/auth_server.c +++ b/source4/auth/ntlm/auth_server.c @@ -40,7 +40,7 @@ static NTSTATUS server_want_check(struct auth_method_context *ctx, /** * The challenge from the target server, when operating in security=server **/ -static NTSTATUS server_get_challenge(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *_blob) +static NTSTATUS server_get_challenge(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, uint8_t chal[8]) { struct smb_composite_connect io; struct smbcli_options smb_options; @@ -88,7 +88,10 @@ static NTSTATUS server_get_challenge(struct auth_method_context *ctx, TALLOC_CTX ctx->auth_ctx->event_ctx); NT_STATUS_NOT_OK_RETURN(status); - *_blob = io.out.tree->session->transport->negotiate.secblob; + if (io.out.tree->session->transport->negotiate.secblob.length != 8) { + return NT_STATUS_INTERNAL_ERROR; + } + memcpy(chal, io.out.tree->session->transport->negotiate.secblob.data, 8); ctx->private_data = talloc_steal(ctx, io.out.tree->session); return NT_STATUS_OK; } diff --git a/source4/auth/ntlm/auth_util.c b/source4/auth/ntlm/auth_util.c index 5543cbebea..92df0bfe80 100644 --- a/source4/auth/ntlm/auth_util.c +++ b/source4/auth/ntlm/auth_util.c @@ -29,7 +29,7 @@ /* this default function can be used by mostly all backends * which don't want to set a challenge */ -NTSTATUS auth_get_challenge_not_implemented(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *challenge) +NTSTATUS auth_get_challenge_not_implemented(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, uint8_t chal[8]) { /* we don't want to set a challenge */ return NT_STATUS_NOT_IMPLEMENTED; @@ -122,7 +122,7 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_contex } case AUTH_PASSWORD_HASH: { - const uint8_t *challenge; + uint8_t chal[8]; DATA_BLOB chall_blob; user_info_temp = talloc(mem_ctx, struct auth_usersupplied_info); if (!user_info_temp) { @@ -134,12 +134,12 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_contex *user_info_temp = *user_info_in; user_info_temp->mapped_state = to_state; - nt_status = auth_get_challenge(auth_context, &challenge); + nt_status = auth_get_challenge(auth_context, chal); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } - chall_blob = data_blob_talloc(mem_ctx, challenge, 8); + chall_blob = data_blob_talloc(mem_ctx, chal, 8); if (lp_client_ntlmv2_auth(auth_context->lp_ctx)) { DATA_BLOB names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(auth_context->lp_ctx), lp_workgroup(auth_context->lp_ctx)); DATA_BLOB lmv2_response, ntlmv2_response, lmv2_session_key, ntlmv2_session_key; @@ -162,12 +162,12 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_contex data_blob_free(&ntlmv2_session_key); } else { DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, 24); - SMBOWFencrypt(user_info_in->password.hash.nt->hash, challenge, blob.data); + SMBOWFencrypt(user_info_in->password.hash.nt->hash, chal, blob.data); user_info_temp->password.response.nt = blob; if (lp_client_lanman_auth(auth_context->lp_ctx) && user_info_in->password.hash.lanman) { DATA_BLOB lm_blob = data_blob_talloc(mem_ctx, NULL, 24); - SMBOWFencrypt(user_info_in->password.hash.lanman->hash, challenge, blob.data); + SMBOWFencrypt(user_info_in->password.hash.lanman->hash, chal, blob.data); user_info_temp->password.response.lanman = lm_blob; } else { /* if not sending the LM password, send the NT password twice */ diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c index 568226dd87..173a895390 100644 --- a/source4/auth/ntlm/auth_winbind.c +++ b/source4/auth/ntlm/auth_winbind.c @@ -271,7 +271,7 @@ static NTSTATUS winbind_check_password(struct auth_method_context *ctx, s->req.in.logon.password= password_info; } else { struct netr_NetworkInfo *network_info; - const uint8_t *challenge; + uint8_t chal[8]; status = encrypt_user_info(s, ctx->auth_ctx, AUTH_PASSWORD_RESPONSE, user_info, &user_info_new); @@ -281,10 +281,10 @@ static NTSTATUS winbind_check_password(struct auth_method_context *ctx, network_info = talloc(s, struct netr_NetworkInfo); NT_STATUS_HAVE_NO_MEMORY(network_info); - status = auth_get_challenge(ctx->auth_ctx, &challenge); + status = auth_get_challenge(ctx->auth_ctx, chal); NT_STATUS_NOT_OK_RETURN(status); - memcpy(network_info->challenge, challenge, sizeof(network_info->challenge)); + memcpy(network_info->challenge, chal, sizeof(network_info->challenge)); network_info->nt.length = user_info->password.response.nt.length; network_info->nt.data = user_info->password.response.nt.data; diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index 94de920772..281ffbfa6d 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -600,9 +600,12 @@ NTSTATUS ntlmssp_server_auth(struct gensec_security *gensec_security, static const uint8_t *auth_ntlmssp_get_challenge(const struct gensec_ntlmssp_state *gensec_ntlmssp_state) { NTSTATUS status; - const uint8_t *chal; + uint8_t *chal = talloc_array(gensec_ntlmssp_state, uint8_t, 8); + if (!chal) { + return NULL; + } - status = gensec_ntlmssp_state->auth_context->get_challenge(gensec_ntlmssp_state->auth_context, &chal); + status = gensec_ntlmssp_state->auth_context->get_challenge(gensec_ntlmssp_state->auth_context, chal); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("auth_ntlmssp_get_challenge: failed to get challenge: %s\n", nt_errstr(status))); diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c index ab763e39c3..fe6cd68f6e 100644 --- a/source4/smb_server/smb/negprot.c +++ b/source4/smb_server/smb/negprot.c @@ -33,7 +33,6 @@ static NTSTATUS get_challenge(struct smbsrv_connection *smb_conn, uint8_t buff[8]) { NTSTATUS nt_status; - const uint8_t *challenge; /* muliple negprots are not premitted */ if (smb_conn->negotiate.auth_context) { @@ -53,14 +52,12 @@ static NTSTATUS get_challenge(struct smbsrv_connection *smb_conn, uint8_t buff[8 return nt_status; } - nt_status = auth_get_challenge(smb_conn->negotiate.auth_context, &challenge); + nt_status = auth_get_challenge(smb_conn->negotiate.auth_context, buff); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("auth_get_challenge() returned %s", nt_errstr(nt_status))); return nt_status; } - memcpy(buff, challenge, 8); - return NT_STATUS_OK; } |