diff options
Diffstat (limited to 'source3/libsmb/ntlmssp.c')
-rw-r--r-- | source3/libsmb/ntlmssp.c | 137 |
1 files changed, 66 insertions, 71 deletions
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index a0e54ce769..cc13476935 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -11,12 +11,12 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -60,7 +60,7 @@ static const struct ntlmssp_callbacks { void debug_ntlmssp_flags(uint32 neg_flags) { DEBUG(3,("Got NTLMSSP neg_flags=0x%08x\n", neg_flags)); - + if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_UNICODE\n")); if (neg_flags & NTLMSSP_NEGOTIATE_OEM) @@ -109,7 +109,7 @@ void debug_ntlmssp_flags(uint32 neg_flags) * Default challenge generation code. * */ - + static const uint8 *get_challenge(const struct ntlmssp_state *ntlmssp_state) { static uchar chal[8]; @@ -122,7 +122,7 @@ static const uint8 *get_challenge(const struct ntlmssp_state *ntlmssp_state) * Default 'we can set the challenge to anything we like' implementation * */ - + static bool may_set_challenge(const struct ntlmssp_state *ntlmssp_state) { return True; @@ -134,7 +134,7 @@ static bool may_set_challenge(const struct ntlmssp_state *ntlmssp_state) * Does not actually do anything, as the value is always in the structure anyway. * */ - + static NTSTATUS set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge) { SMB_ASSERT(challenge->length == 8); @@ -148,7 +148,7 @@ static NTSTATUS set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *ch NTSTATUS ntlmssp_set_username(NTLMSSP_STATE *ntlmssp_state, const char *user) { - ntlmssp_state->user = talloc_strdup(ntlmssp_state->mem_ctx, user ? user : "" ); + ntlmssp_state->user = talloc_strdup(ntlmssp_state, user ? user : "" ); if (!ntlmssp_state->user) { return NT_STATUS_NO_MEMORY; } @@ -164,9 +164,9 @@ NTSTATUS ntlmssp_set_hashes(NTLMSSP_STATE *ntlmssp_state, const unsigned char nt_hash[16]) { ntlmssp_state->lm_hash = (unsigned char *) - TALLOC_MEMDUP(ntlmssp_state->mem_ctx, lm_hash, 16); + TALLOC_MEMDUP(ntlmssp_state, lm_hash, 16); ntlmssp_state->nt_hash = (unsigned char *) - TALLOC_MEMDUP(ntlmssp_state->mem_ctx, nt_hash, 16); + TALLOC_MEMDUP(ntlmssp_state, nt_hash, 16); if (!ntlmssp_state->lm_hash || !ntlmssp_state->nt_hash) { TALLOC_FREE(ntlmssp_state->lm_hash); TALLOC_FREE(ntlmssp_state->nt_hash); @@ -201,7 +201,8 @@ NTSTATUS ntlmssp_set_password(NTLMSSP_STATE *ntlmssp_state, const char *password */ NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain) { - ntlmssp_state->domain = talloc_strdup(ntlmssp_state->mem_ctx, domain ? domain : "" ); + ntlmssp_state->domain = talloc_strdup(ntlmssp_state, + domain ? domain : "" ); if (!ntlmssp_state->domain) { return NT_STATUS_NO_MEMORY; } @@ -214,7 +215,7 @@ NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain) */ NTSTATUS ntlmssp_set_workstation(NTLMSSP_STATE *ntlmssp_state, const char *workstation) { - ntlmssp_state->workstation = talloc_strdup(ntlmssp_state->mem_ctx, workstation); + ntlmssp_state->workstation = talloc_strdup(ntlmssp_state, workstation); if (!ntlmssp_state->workstation) { return NT_STATUS_NO_MEMORY; } @@ -229,8 +230,9 @@ NTSTATUS ntlmssp_set_workstation(NTLMSSP_STATE *ntlmssp_state, const char *works NTSTATUS ntlmssp_store_response(NTLMSSP_STATE *ntlmssp_state, DATA_BLOB response) { - ntlmssp_state->stored_response = data_blob_talloc(ntlmssp_state->mem_ctx, - response.data, response.length); + ntlmssp_state->stored_response = data_blob_talloc(ntlmssp_state, + response.data, + response.length); return NT_STATUS_OK; } @@ -277,7 +279,7 @@ void ntlmssp_want_feature(NTLMSSP_STATE *ntlmssp_state, uint32 feature) ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } } - + /** * Next state function for the NTLMSSP state machine * @@ -304,7 +306,7 @@ NTSTATUS ntlmssp_update(NTLMSSP_STATE *ntlmssp_state, if (!in.length && ntlmssp_state->stored_response.length) { input = ntlmssp_state->stored_response; - + /* we only want to read the stored response once - overwrite it */ ntlmssp_state->stored_response = data_blob_null; } else { @@ -357,16 +359,13 @@ NTSTATUS ntlmssp_update(NTLMSSP_STATE *ntlmssp_state, void ntlmssp_end(NTLMSSP_STATE **ntlmssp_state) { - TALLOC_CTX *mem_ctx = (*ntlmssp_state)->mem_ctx; - (*ntlmssp_state)->ref_count--; if ((*ntlmssp_state)->ref_count == 0) { data_blob_free(&(*ntlmssp_state)->chal); data_blob_free(&(*ntlmssp_state)->lm_resp); data_blob_free(&(*ntlmssp_state)->nt_resp); - - talloc_destroy(mem_ctx); + TALLOC_FREE(*ntlmssp_state); } *ntlmssp_state = NULL; @@ -562,13 +561,14 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state, if (target_name == NULL) return NT_STATUS_INVALID_PARAMETER; - ntlmssp_state->chal = data_blob_talloc(ntlmssp_state->mem_ctx, cryptkey, 8); - ntlmssp_state->internal_chal = data_blob_talloc(ntlmssp_state->mem_ctx, cryptkey, 8); + ntlmssp_state->chal = data_blob_talloc(ntlmssp_state, cryptkey, 8); + ntlmssp_state->internal_chal = data_blob_talloc(ntlmssp_state, + cryptkey, 8); /* This should be a 'netbios domain -> DNS domain' mapping */ - dnsdomname = get_mydnsdomname(ntlmssp_state->mem_ctx); + dnsdomname = get_mydnsdomname(ntlmssp_state); if (!dnsdomname) { - dnsdomname = talloc_strdup(ntlmssp_state->mem_ctx, ""); + dnsdomname = talloc_strdup(ntlmssp_state, ""); } if (!dnsdomname) { return NT_STATUS_NO_MEMORY; @@ -685,7 +685,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, SAFE_FREE(workstation); data_blob_free(&encrypted_session_key); auth_flags = 0; - + /* Try again with a shorter string (Win9X truncates this packet) */ if (ntlmssp_state->unicode) { parse_string = "CdBBUUU"; @@ -753,24 +753,25 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, /* NTLM2 uses a 'challenge' that is made of up both the server challenge, and a client challenge - + However, the NTLM2 flag may still be set for the real NTLMv2 logins, be careful. */ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { if (ntlmssp_state->nt_resp.length == 24 && ntlmssp_state->lm_resp.length == 24) { struct MD5Context md5_session_nonce_ctx; SMB_ASSERT(ntlmssp_state->internal_chal.data && ntlmssp_state->internal_chal.length == 8); - + doing_ntlm2 = True; memcpy(session_nonce, ntlmssp_state->internal_chal.data, 8); memcpy(&session_nonce[8], ntlmssp_state->lm_resp.data, 8); - + MD5Init(&md5_session_nonce_ctx); MD5Update(&md5_session_nonce_ctx, session_nonce, 16); MD5Final(session_nonce_hash, &md5_session_nonce_ctx); - - ntlmssp_state->chal = data_blob_talloc(ntlmssp_state->mem_ctx, session_nonce_hash, 8); + + ntlmssp_state->chal = data_blob_talloc( + ntlmssp_state, session_nonce_hash, 8); /* LM response is no longer useful */ data_blob_free(&ntlmssp_state->lm_resp); @@ -807,12 +808,13 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, /* Handle the different session key derivation for NTLM2 */ if (doing_ntlm2) { if (user_session_key.data && user_session_key.length == 16) { - session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); + session_key = data_blob_talloc(ntlmssp_state, + NULL, 16); hmac_md5(user_session_key.data, session_nonce, sizeof(session_nonce), session_key.data); DEBUG(10,("ntlmssp_server_auth: Created NTLM2 session key.\n")); dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length); - + } else { DEBUG(10,("ntlmssp_server_auth: Failed to create NTLM2 session key.\n")); session_key = data_blob_null; @@ -820,7 +822,8 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) { if (lm_session_key.data && lm_session_key.length >= 8) { if (ntlmssp_state->lm_resp.data && ntlmssp_state->lm_resp.length == 24) { - session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); + session_key = data_blob_talloc(ntlmssp_state, + NULL, 16); if (session_key.data == NULL) { return NT_STATUS_NO_MEMORY; } @@ -831,7 +834,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, uint8 zeros[24]; ZERO_STRUCT(zeros); session_key = data_blob_talloc( - ntlmssp_state->mem_ctx, NULL, 16); + ntlmssp_state, NULL, 16); if (session_key.data == NULL) { return NT_STATUS_NO_MEMORY; } @@ -875,9 +878,9 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, SamOEMhash(encrypted_session_key.data, session_key.data, encrypted_session_key.length); - ntlmssp_state->session_key = data_blob_talloc(ntlmssp_state->mem_ctx, - encrypted_session_key.data, - encrypted_session_key.length); + ntlmssp_state->session_key = data_blob_talloc( + ntlmssp_state, encrypted_session_key.data, + encrypted_session_key.length); dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, encrypted_session_key.length); } @@ -892,7 +895,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, } data_blob_free(&encrypted_session_key); - + /* Only one authentication allowed per server state. */ ntlmssp_state->expected_state = NTLMSSP_DONE; @@ -907,20 +910,15 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, NTSTATUS ntlmssp_server_start(NTLMSSP_STATE **ntlmssp_state) { - TALLOC_CTX *mem_ctx; - - mem_ctx = talloc_init("NTLMSSP context"); - - *ntlmssp_state = TALLOC_ZERO_P(mem_ctx, NTLMSSP_STATE); + *ntlmssp_state = TALLOC_ZERO_P(NULL, NTLMSSP_STATE); if (!*ntlmssp_state) { DEBUG(0,("ntlmssp_server_start: talloc failed!\n")); - talloc_destroy(mem_ctx); + talloc_destroy(*ntlmssp_state); return NT_STATUS_NO_MEMORY; } (*ntlmssp_state)->role = NTLMSSP_SERVER; - (*ntlmssp_state)->mem_ctx = mem_ctx; (*ntlmssp_state)->get_challenge = get_challenge; (*ntlmssp_state)->set_challenge = set_challenge; (*ntlmssp_state)->may_set_challenge = may_set_challenge; @@ -968,7 +966,7 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, } else { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_OEM; } - + if (ntlmssp_state->use_ntlmv2) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; } @@ -1021,7 +1019,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, return NT_STATUS_INVALID_PARAMETER; } - + data_blob_free(&server_domain_blob); DEBUG(3, ("Got challenge flags:\n")); @@ -1062,7 +1060,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, return NT_STATUS_INVALID_PARAMETER; } - ntlmssp_state->server_domain = talloc_strdup(ntlmssp_state->mem_ctx, + ntlmssp_state->server_domain = talloc_strdup(ntlmssp_state, server_domain); SAFE_FREE(server_domain); @@ -1078,8 +1076,8 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, ZERO_STRUCT(zeros); /* session key is all zeros */ - session_key = data_blob_talloc(ntlmssp_state->mem_ctx, zeros, 16); - + session_key = data_blob_talloc(ntlmssp_state, zeros, 16); + /* not doing NLTM2 without a password */ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2; } else if (ntlmssp_state->use_ntlmv2) { @@ -1092,7 +1090,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, /* TODO: if the remote server is standalone, then we should replace 'domain' with the server name as supplied above */ - + if (!SMBNTLMv2encrypt_hash(ntlmssp_state->user, ntlmssp_state->domain, ntlmssp_state->nt_hash, &challenge_blob, @@ -1107,14 +1105,14 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, uchar session_nonce[16]; uchar session_nonce_hash[16]; uchar user_session_key[16]; - - lm_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24); + + lm_response = data_blob_talloc(ntlmssp_state, NULL, 24); generate_random_buffer(lm_response.data, 8); memset(lm_response.data+8, 0, 16); memcpy(session_nonce, challenge_blob.data, 8); memcpy(&session_nonce[8], lm_response.data, 8); - + MD5Init(&md5_session_nonce_ctx); MD5Update(&md5_session_nonce_ctx, challenge_blob.data, 8); MD5Update(&md5_session_nonce_ctx, lm_response.data, 8); @@ -1123,13 +1121,13 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, DEBUG(5, ("NTLMSSP challenge set by NTLM2\n")); DEBUG(5, ("challenge is: \n")); dump_data(5, session_nonce_hash, 8); - - nt_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24); + + nt_response = data_blob_talloc(ntlmssp_state, NULL, 24); SMBNTencrypt_hash(ntlmssp_state->nt_hash, session_nonce_hash, nt_response.data); - session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); + session_key = data_blob_talloc(ntlmssp_state, NULL, 16); SMBsesskeygen_ntv1(ntlmssp_state->nt_hash, NULL, user_session_key); hmac_md5(user_session_key, session_nonce, sizeof(session_nonce), session_key.data); @@ -1137,16 +1135,17 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, } else { /* lanman auth is insecure, it may be disabled */ if (lp_client_lanman_auth()) { - lm_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24); + lm_response = data_blob_talloc(ntlmssp_state, + NULL, 24); SMBencrypt_hash(ntlmssp_state->lm_hash,challenge_blob.data, lm_response.data); } - - nt_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24); + + nt_response = data_blob_talloc(ntlmssp_state, NULL, 24); SMBNTencrypt_hash(ntlmssp_state->nt_hash,challenge_blob.data, nt_response.data); - - session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); + + session_key = data_blob_talloc(ntlmssp_state, NULL, 16); if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) && lp_client_lanman_auth()) { SMBsesskeygen_lm_sess_key(ntlmssp_state->lm_hash, lm_response.data, @@ -1174,7 +1173,9 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, /* Mark the new session key as the 'real' session key */ data_blob_free(&session_key); - session_key = data_blob_talloc(ntlmssp_state->mem_ctx, client_session_key, sizeof(client_session_key)); + session_key = data_blob_talloc(ntlmssp_state, + client_session_key, + sizeof(client_session_key)); } /* this generates the actual auth packet */ @@ -1188,7 +1189,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, ntlmssp_state->get_global_myname(), encrypted_session_key.data, encrypted_session_key.length, ntlmssp_state->neg_flags)) { - + return NT_STATUS_NO_MEMORY; } @@ -1213,21 +1214,15 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, NTSTATUS ntlmssp_client_start(NTLMSSP_STATE **ntlmssp_state) { - TALLOC_CTX *mem_ctx; - - mem_ctx = talloc_init("NTLMSSP Client context"); - - *ntlmssp_state = TALLOC_ZERO_P(mem_ctx, NTLMSSP_STATE); + *ntlmssp_state = TALLOC_ZERO_P(NULL, NTLMSSP_STATE); if (!*ntlmssp_state) { DEBUG(0,("ntlmssp_client_start: talloc failed!\n")); - talloc_destroy(mem_ctx); + talloc_destroy(*ntlmssp_state); return NT_STATUS_NO_MEMORY; } (*ntlmssp_state)->role = NTLMSSP_CLIENT; - (*ntlmssp_state)->mem_ctx = mem_ctx; - (*ntlmssp_state)->get_global_myname = global_myname; (*ntlmssp_state)->get_domain = lp_workgroup; |