summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/libsmb/ntlm_check.c39
1 files changed, 23 insertions, 16 deletions
diff --git a/source3/libsmb/ntlm_check.c b/source3/libsmb/ntlm_check.c
index 01a5e44ba4..9380a83ea0 100644
--- a/source3/libsmb/ntlm_check.c
+++ b/source3/libsmb/ntlm_check.c
@@ -62,7 +62,7 @@ static bool smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response,
}
-#ifdef DEBUG_PASSWORD
+#if DEBUG_PASSWORD
DEBUG(100,("Part password (P16) was |\n"));
dump_data(100, part_passwd, 16);
DEBUGADD(100,("Password from client was |\n"));
@@ -80,23 +80,24 @@ static bool smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response,
Note: The same code works with both NTLMv2 and LMv2.
****************************************************************************/
-static bool smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
- const uchar *part_passwd,
+static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *ntv2_response,
+ const uint8_t *part_passwd,
const DATA_BLOB *sec_blob,
const char *user, const char *domain,
bool upper_case_domain, /* should the domain be transformed into upper case? */
DATA_BLOB *user_sess_key)
{
/* Finish the encryption of part_passwd. */
- uchar kr[16];
- uchar value_from_encryption[16];
- uchar client_response[16];
+ uint8_t kr[16];
+ uint8_t value_from_encryption[16];
+ uint8_t client_response[16];
DATA_BLOB client_key_data;
bool res;
if (part_passwd == NULL) {
DEBUG(10,("No password set - DISALLOWING access\n"));
- /* No password set - always False */
+ /* No password set - always false */
return false;
}
@@ -115,7 +116,7 @@ static bool smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
return false;
}
- client_key_data = data_blob(ntv2_response->data+16, ntv2_response->length-16);
+ client_key_data = data_blob_talloc(mem_ctx, ntv2_response->data+16, ntv2_response->length-16);
/*
todo: should we be checking this for anything? We can't for LMv2,
but for NTLMv2 it is meant to contain the current time etc.
@@ -124,7 +125,7 @@ static bool smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
memcpy(client_response, ntv2_response->data, sizeof(client_response));
if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) {
- return False;
+ return false;
}
SMBOWFencrypt_ntv2(kr, sec_blob, &client_key_data, value_from_encryption);
@@ -288,7 +289,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
use it
*/
DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n", client_domain));
- if (smb_pwd_check_ntlmv2( nt_response,
+ if (smb_pwd_check_ntlmv2(mem_ctx,
+ nt_response,
nt_pw, challenge,
client_username,
client_domain,
@@ -298,7 +300,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
}
DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", client_domain));
- if (smb_pwd_check_ntlmv2( nt_response,
+ if (smb_pwd_check_ntlmv2(mem_ctx,
+ nt_response,
nt_pw, challenge,
client_username,
client_domain,
@@ -308,7 +311,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
}
DEBUG(4,("ntlm_password_check: Checking NTLMv2 password without a domain\n"));
- if (smb_pwd_check_ntlmv2( nt_response,
+ if (smb_pwd_check_ntlmv2(mem_ctx,
+ nt_response,
nt_pw, challenge,
client_username,
"",
@@ -399,17 +403,19 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
- related to Win9X, legacy NAS pass-though authentication
*/
DEBUG(4,("ntlm_password_check: Checking LMv2 password with domain %s\n", client_domain));
- if (smb_pwd_check_ntlmv2( lm_response,
+ if (smb_pwd_check_ntlmv2(mem_ctx,
+ lm_response,
nt_pw, challenge,
client_username,
client_domain,
- False,
+ false,
NULL)) {
return NT_STATUS_OK;
}
DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n", client_domain));
- if (smb_pwd_check_ntlmv2( lm_response,
+ if (smb_pwd_check_ntlmv2(mem_ctx,
+ lm_response,
nt_pw, challenge,
client_username,
client_domain,
@@ -419,7 +425,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
}
DEBUG(4,("ntlm_password_check: Checking LMv2 password without a domain\n"));
- if (smb_pwd_check_ntlmv2( lm_response,
+ if (smb_pwd_check_ntlmv2(mem_ctx,
+ lm_response,
nt_pw, challenge,
client_username,
"",