summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth_sam.c84
1 files changed, 42 insertions, 42 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index cb88014e98..0c2ffaae88 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -28,9 +28,9 @@
/****************************************************************************
core of smb password checking routine.
****************************************************************************/
-static BOOL smb_pwd_check_ntlmv1(DATA_BLOB nt_response,
+static BOOL smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response,
const uchar *part_passwd,
- DATA_BLOB sec_blob,
+ const DATA_BLOB *sec_blob,
uint8 user_sess_key[16])
{
/* Finish the encryption of part_passwd. */
@@ -42,17 +42,17 @@ static BOOL smb_pwd_check_ntlmv1(DATA_BLOB nt_response,
return False;
}
- if (sec_blob.length != 8) {
- DEBUG(0, ("smb_pwd_check_ntlmv1: incorrect challenge size (%d)\n", sec_blob.length));
+ if (sec_blob->length != 8) {
+ DEBUG(0, ("smb_pwd_check_ntlmv1: incorrect challenge size (%d)\n", sec_blob->length));
return False;
}
- if (nt_response.length != 24) {
- DEBUG(0, ("smb_pwd_check_ntlmv1: incorrect password length (%d)\n", nt_response.length));
+ if (nt_response->length != 24) {
+ DEBUG(0, ("smb_pwd_check_ntlmv1: incorrect password length (%d)\n", nt_response->length));
return False;
}
- SMBOWFencrypt(part_passwd, sec_blob.data, p24);
+ SMBOWFencrypt(part_passwd, sec_blob->data, p24);
if (user_sess_key != NULL)
{
SMBsesskeygen_ntv1(part_passwd, NULL, user_sess_key);
@@ -61,16 +61,16 @@ static BOOL smb_pwd_check_ntlmv1(DATA_BLOB nt_response,
#if DEBUG_PASSWORD
- DEBUG(100,("Part password (P16) was |"));
+ DEBUG(100,("Part password (P16) was |\n"));
dump_data(100, part_passwd, 16);
- DEBUG(100,("Password from client was |"));
- dump_data(100, nt_response.data, nt_response.length);
- DEBUG(100,("Given challenge was |"));
- dump_data(100, sec_blob.data, sec_blob.length);
- DEBUG(100,("Value from encryption was |"));
+ DEBUGADD(100,("Password from client was |\n"));
+ dump_data(100, nt_response->data, nt_response->length);
+ DEBUGADD(100,("Given challenge was |\n"));
+ dump_data(100, sec_blob->data, sec_blob->length);
+ DEBUGADD(100,("Value from encryption was |\n"));
dump_data(100, p24, 24);
#endif
- return (memcmp(p24, nt_response.data, 24) == 0);
+ return (memcmp(p24, nt_response->data, 24) == 0);
}
@@ -79,9 +79,9 @@ core of smb password checking routine. (NTLMv2, LMv2)
Note: The same code works with both NTLMv2 and LMv2.
****************************************************************************/
-static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB ntv2_response,
+static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
const uchar *part_passwd,
- const DATA_BLOB sec_blob,
+ const DATA_BLOB *sec_blob,
const char *user, const char *domain,
uint8 user_sess_key[16])
{
@@ -98,43 +98,43 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB ntv2_response,
return False;
}
- if (ntv2_response.length < 24) {
+ if (ntv2_response->length < 24) {
/* We MUST have more than 16 bytes, or the stuff below will go
crazy. No known implementation sends less than the 24 bytes
for LMv2, let alone NTLMv2. */
DEBUG(0, ("smb_pwd_check_ntlmv2: incorrect password length (%d)\n",
- ntv2_response.length));
+ ntv2_response->length));
return False;
}
- client_key_data = data_blob(ntv2_response.data+16, ntv2_response.length-16);
+ client_key_data = data_blob(ntv2_response->data+16, ntv2_response->length-16);
/*
todo: should we be checking this for anything? We can't for LMv2,
but for NTLMv2 it is meant to contain the current time etc.
*/
- memcpy(client_response, ntv2_response.data, sizeof(client_response));
+ memcpy(client_response, ntv2_response->data, sizeof(client_response));
if (!ntv2_owf_gen(part_passwd, user, domain, kr)) {
return False;
}
- SMBOWFencrypt_ntv2(kr, sec_blob, client_key_data, value_from_encryption);
+ SMBOWFencrypt_ntv2(kr, sec_blob, &client_key_data, value_from_encryption);
if (user_sess_key != NULL)
{
SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key);
}
#if DEBUG_PASSWORD
- DEBUG(100,("Part password (P16) was |"));
+ DEBUG(100,("Part password (P16) was |\n"));
dump_data(100, part_passwd, 16);
- DEBUG(100,("Password from client was |"));
- dump_data(100, ntv2_response.data, ntv2_response.length);
- DEBUG(100,("Variable data from client was |"));
+ DEBUGADD(100,("Password from client was |\n"));
+ dump_data(100, ntv2_response->data, ntv2_response->length);
+ DEBUGADD(100,("Variable data from client was |\n"));
dump_data(100, client_key_data.data, client_key_data.length);
- DEBUG(100,("Given challenge was |"));
- dump_data(100, sec_blob.data, sec_blob.length);
- DEBUG(100,("Value from encryption was |"));
+ DEBUGADD(100,("Given challenge was |\n"));
+ dump_data(100, sec_blob->data, sec_blob->length);
+ DEBUGADD(100,("Value from encryption was |\n"));
dump_data(100, value_from_encryption, 16);
#endif
data_blob_clear_free(&client_key_data);
@@ -186,8 +186,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
use it (ie. does it exist in the smbpasswd file).
*/
DEBUG(4,("sam_password_ok: Checking NTLMv2 password with domain [%s]\n", user_info->client_domain.str));
- if (smb_pwd_check_ntlmv2( user_info->nt_resp,
- nt_pw, auth_context->challenge,
+ if (smb_pwd_check_ntlmv2( &user_info->nt_resp,
+ nt_pw, &auth_context->challenge,
user_info->smb_name.str,
user_info->client_domain.str,
user_sess_key))
@@ -196,8 +196,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
}
DEBUG(4,("sam_password_ok: Checking NTLMv2 password without a domain\n"));
- if (smb_pwd_check_ntlmv2( user_info->nt_resp,
- nt_pw, auth_context->challenge,
+ if (smb_pwd_check_ntlmv2( &user_info->nt_resp,
+ nt_pw, &auth_context->challenge,
user_info->smb_name.str,
"",
user_sess_key))
@@ -214,8 +214,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
use it (ie. does it exist in the smbpasswd file).
*/
DEBUG(4,("sam_password_ok: Checking NT MD4 password\n"));
- if (smb_pwd_check_ntlmv1(user_info->nt_resp,
- nt_pw, auth_context->challenge,
+ if (smb_pwd_check_ntlmv1(&user_info->nt_resp,
+ nt_pw, &auth_context->challenge,
user_sess_key))
{
return NT_STATUS_OK;
@@ -243,8 +243,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
lm_pw = pdb_get_lanman_passwd(sampass);
DEBUG(4,("sam_password_ok: Checking LM password\n"));
- if (smb_pwd_check_ntlmv1(user_info->lm_resp,
- lm_pw, auth_context->challenge,
+ if (smb_pwd_check_ntlmv1(&user_info->lm_resp,
+ lm_pw, &auth_context->challenge,
user_sess_key))
{
return NT_STATUS_OK;
@@ -262,8 +262,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
- related to Win9X, legacy NAS pass-though authentication
*/
DEBUG(4,("sam_password_ok: Checking LMv2 password with domain %s\n", user_info->client_domain.str));
- if (smb_pwd_check_ntlmv2( user_info->lm_resp,
- nt_pw, auth_context->challenge,
+ if (smb_pwd_check_ntlmv2( &user_info->lm_resp,
+ nt_pw, &auth_context->challenge,
user_info->smb_name.str,
user_info->client_domain.str,
user_sess_key))
@@ -272,8 +272,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
}
DEBUG(4,("sam_password_ok: Checking LMv2 password without a domain\n"));
- if (smb_pwd_check_ntlmv2( user_info->lm_resp,
- nt_pw, auth_context->challenge,
+ if (smb_pwd_check_ntlmv2( &user_info->lm_resp,
+ nt_pw, &auth_context->challenge,
user_info->smb_name.str,
"",
user_sess_key))
@@ -287,8 +287,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
DEBUG(4,("sam_password_ok: Checking NT MD4 password in LM field\n"));
if (lp_ntlm_auth())
{
- if (smb_pwd_check_ntlmv1(user_info->lm_resp,
- nt_pw, auth_context->challenge,
+ if (smb_pwd_check_ntlmv1(&user_info->lm_resp,
+ nt_pw, &auth_context->challenge,
user_sess_key))
{
return NT_STATUS_OK;