diff options
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp.c | 25 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp.h | 14 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp_client.c | 2 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp_server.c | 2 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp_sign.c | 39 | ||||
-rw-r--r-- | source4/include/structs.h | 2 | ||||
-rw-r--r-- | source4/lib/crypto/crypto.h | 6 | ||||
-rw-r--r-- | source4/libcli/util/smbdes.c | 48 |
8 files changed, 59 insertions, 79 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c index 9bb0ed99fa..d132a3c567 100644 --- a/source4/auth/ntlmssp/ntlmssp.c +++ b/source4/auth/ntlmssp/ntlmssp.c @@ -90,19 +90,6 @@ void debug_ntlmssp_flags(uint32_t neg_flags) } /** - * Store a DATA_BLOB containing an NTLMSSP response, for use later. - * This copies the data blob - */ - -NTSTATUS ntlmssp_store_response(struct ntlmssp_state *ntlmssp_state, - DATA_BLOB response) -{ - ntlmssp_state->stored_response = data_blob_talloc(ntlmssp_state, - response.data, response.length); - return NT_STATUS_OK; -} - -/** * Next state function for the wrapped NTLMSSP state machine * * @param gensec_security GENSEC state, initialised to NTLMSSP @@ -115,13 +102,12 @@ NTSTATUS ntlmssp_store_response(struct ntlmssp_state *ntlmssp_state, static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, - const DATA_BLOB in, DATA_BLOB *out) + const DATA_BLOB input, DATA_BLOB *out) { struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data; struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp_state->ntlmssp_state; NTSTATUS status; - DATA_BLOB input; uint32_t ntlmssp_command; int i; @@ -137,15 +123,6 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, out_mem_ctx = ntlmssp_state; } - if (!in.length && ntlmssp_state->stored_response.length) { - input = ntlmssp_state->stored_response; - - /* we only want to read the stored response once - overwrite it */ - ntlmssp_state->stored_response = data_blob(NULL, 0); - } else { - input = in; - } - if (!input.length) { switch (ntlmssp_state->role) { case NTLMSSP_CLIENT: diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h index 7e7aeaad98..2aa9aea810 100644 --- a/source4/auth/ntlmssp/ntlmssp.h +++ b/source4/auth/ntlmssp/ntlmssp.h @@ -77,7 +77,6 @@ enum ntlmssp_message_type struct ntlmssp_state { - uint_t ref_count; enum ntlmssp_role role; enum samr_Role server_role; uint32_t expected_state; @@ -170,21 +169,14 @@ struct ntlmssp_state /* ntlmv2 */ DATA_BLOB send_sign_key; - DATA_BLOB send_seal_key; DATA_BLOB recv_sign_key; - DATA_BLOB recv_seal_key; - uint8_t send_seal_hash[258]; - uint8_t recv_seal_hash[258]; + struct arcfour_state *send_seal_hash; + struct arcfour_state *recv_seal_hash; /* ntlmv1 */ - uint8_t ntlmssp_hash[258]; + struct arcfour_state *ntlmssp_hash; - /* it turns out that we don't always get the - response in at the time we want to process it. - Store it here, until we need it */ - DATA_BLOB stored_response; - }; struct gensec_ntlmssp_state { diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c index dcd52af1f5..ceca0d6978 100644 --- a/source4/auth/ntlmssp/ntlmssp_client.c +++ b/source4/auth/ntlmssp/ntlmssp_client.c @@ -385,8 +385,6 @@ static NTSTATUS ntlmssp_client_start(TALLOC_CTX *mem_ctx, struct ntlmssp_state * (*ntlmssp_state)->expected_state = NTLMSSP_INITIAL; - (*ntlmssp_state)->ref_count = 1; - (*ntlmssp_state)->neg_flags = NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_REQUEST_TARGET; diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index 852d32ed2b..374fafc0e5 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -637,8 +637,6 @@ static NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx, struct ntlmssp_state * (*ntlmssp_state)->server_use_session_keys = True; (*ntlmssp_state)->server_multiple_authentications = False; - (*ntlmssp_state)->ref_count = 1; - (*ntlmssp_state)->neg_flags = NTLMSSP_NEGOTIATE_NTLM; diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c index 222cb3e607..a47a0f334a 100644 --- a/source4/auth/ntlmssp/ntlmssp_sign.c +++ b/source4/auth/ntlmssp/ntlmssp_sign.c @@ -363,6 +363,9 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) const char *recv_sign_const; const char *recv_seal_const; + DATA_BLOB send_seal_key; + DATA_BLOB recv_seal_key; + switch (ntlmssp_state->role) { case NTLMSSP_CLIENT: send_sign_const = CLI_SIGN; @@ -380,6 +383,11 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) return NT_STATUS_INTERNAL_ERROR; } + ntlmssp_state->send_seal_hash = talloc(ntlmssp_state, struct arcfour_state); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->send_seal_hash); + ntlmssp_state->recv_seal_hash = talloc(ntlmssp_state, struct arcfour_state); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->recv_seal_hash); + /** Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions. @@ -407,18 +415,18 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) ntlmssp_state->send_sign_key.length); calc_ntlmv2_key(ntlmssp_state, - &ntlmssp_state->send_seal_key, + &send_seal_key, weak_session_key, send_seal_const); dump_data_pw("NTLMSSP send seal key:\n", - ntlmssp_state->send_seal_key.data, - ntlmssp_state->send_seal_key.length); + send_seal_key.data, + send_seal_key.length); arcfour_init(ntlmssp_state->send_seal_hash, - &ntlmssp_state->send_seal_key); + &send_seal_key); dump_data_pw("NTLMSSP send sesl hash:\n", - ntlmssp_state->send_seal_hash, - sizeof(ntlmssp_state->send_seal_hash)); + ntlmssp_state->send_seal_hash->sbox, + sizeof(ntlmssp_state->send_seal_hash->sbox)); /* RECV */ calc_ntlmv2_key(ntlmssp_state, @@ -429,24 +437,27 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) ntlmssp_state->recv_sign_key.length); calc_ntlmv2_key(ntlmssp_state, - &ntlmssp_state->recv_seal_key, + &recv_seal_key, weak_session_key, recv_seal_const); dump_data_pw("NTLMSSP recv seal key:\n", - ntlmssp_state->recv_seal_key.data, - ntlmssp_state->recv_seal_key.length); + recv_seal_key.data, + recv_seal_key.length); arcfour_init(ntlmssp_state->recv_seal_hash, - &ntlmssp_state->recv_seal_key); + &recv_seal_key); dump_data_pw("NTLMSSP receive seal hash:\n", - ntlmssp_state->recv_seal_hash, - sizeof(ntlmssp_state->recv_seal_hash)); + ntlmssp_state->recv_seal_hash->sbox, + sizeof(ntlmssp_state->recv_seal_hash->sbox)); } else { DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n")); + ntlmssp_state->ntlmssp_hash = talloc(ntlmssp_state, struct arcfour_state); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->ntlmssp_hash); + arcfour_init(ntlmssp_state->ntlmssp_hash, &ntlmssp_state->session_key); - dump_data_pw("NTLMSSP hash:\n", ntlmssp_state->ntlmssp_hash, - sizeof(ntlmssp_state->ntlmssp_hash)); + dump_data_pw("NTLMSSP hash:\n", ntlmssp_state->ntlmssp_hash->sbox, + sizeof(ntlmssp_state->ntlmssp_hash->sbox)); } ntlmssp_state->ntlm_seq_num = 0; diff --git a/source4/include/structs.h b/source4/include/structs.h index 431d01aace..2800bc6cb8 100644 --- a/source4/include/structs.h +++ b/source4/include/structs.h @@ -198,3 +198,5 @@ struct wrepl_packet; struct wrepl_associate; struct wrepl_pull_table; struct wrepl_pull_names; + +struct arcfour_state; diff --git a/source4/lib/crypto/crypto.h b/source4/lib/crypto/crypto.h index e7a0c290a5..8cf4b21aae 100644 --- a/source4/lib/crypto/crypto.h +++ b/source4/lib/crypto/crypto.h @@ -22,3 +22,9 @@ #include "lib/crypto/md4.h" #include "lib/crypto/hmacmd5.h" #include "lib/crypto/crc32.h" + +struct arcfour_state { + uint8_t sbox[256]; + uint8_t index_i; + uint8_t index_j; +}; diff --git a/source4/libcli/util/smbdes.c b/source4/libcli/util/smbdes.c index 016bd59501..d214d4cfe4 100644 --- a/source4/libcli/util/smbdes.c +++ b/source4/libcli/util/smbdes.c @@ -22,6 +22,7 @@ */ #include "includes.h" +#include "lib/crypto/crypto.h" /* NOTES: @@ -365,51 +366,46 @@ void des_crypt112_16(uint8_t out[16], uint8_t in[16], const uint8_t key[14], int } /* initialise the arcfour sbox with key */ -void arcfour_init(uint8_t s_box[258], const DATA_BLOB *key) +void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key) { int ind; uint8_t j = 0; - for (ind = 0; ind < 256; ind++) { - s_box[ind] = (uint8_t)ind; + for (ind = 0; ind < sizeof(state->sbox); ind++) { + state->sbox[ind] = (uint8_t)ind; } - for (ind = 0; ind < 256; ind++) { + for (ind = 0; ind < sizeof(state->sbox); ind++) { uint8_t tc; - j += (s_box[ind] + key->data[ind%key->length]); + j += (state->sbox[ind] + key->data[ind%key->length]); - tc = s_box[ind]; - s_box[ind] = s_box[j]; - s_box[j] = tc; + tc = state->sbox[ind]; + state->sbox[ind] = state->sbox[j]; + state->sbox[j] = tc; } - s_box[256] = 0; /* i */ - s_box[257] = 0; /* j */ - + state->index_i = 0; + state->index_j = 0; } /* crypt the data with arcfour */ -void arcfour_crypt_sbox(uint8_t s_box[258], uint8_t *data, int len) +void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int len) { - uint8_t index_i = s_box[256]; - uint8_t index_j = s_box[257]; int ind; for (ind = 0; ind < len; ind++) { uint8_t tc; uint8_t t; - index_i++; - index_j += s_box[index_i]; + state->index_i++; + state->index_j += state->sbox[state->index_i]; - tc = s_box[index_i]; - s_box[index_i] = s_box[index_j]; - s_box[index_j] = tc; + tc = state->sbox[state->index_i]; + state->sbox[state->index_i] = state->sbox[state->index_j]; + state->sbox[state->index_j] = tc; - t = s_box[index_i] + s_box[index_j]; - data[ind] = data[ind] ^ s_box[t]; + t = state->sbox[state->index_i] + state->sbox[state->index_j]; + data[ind] = data[ind] ^ state->sbox[t]; } - s_box[256] = index_i; - s_box[257] = index_j; } /* @@ -417,9 +413,9 @@ void arcfour_crypt_sbox(uint8_t s_box[258], uint8_t *data, int len) */ void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key) { - uint8_t s_box[258]; - arcfour_init(s_box, key); - arcfour_crypt_sbox(s_box, data, len); + struct arcfour_state state; + arcfour_init(&state, key); + arcfour_crypt_sbox(&state, data, len); } /* |