summaryrefslogtreecommitdiff
path: root/source4/auth/ntlmssp
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth/ntlmssp')
-rw-r--r--source4/auth/ntlmssp/ntlmssp.c25
-rw-r--r--source4/auth/ntlmssp/ntlmssp.h14
-rw-r--r--source4/auth/ntlmssp/ntlmssp_client.c2
-rw-r--r--source4/auth/ntlmssp/ntlmssp_server.c2
-rw-r--r--source4/auth/ntlmssp/ntlmssp_sign.c39
5 files changed, 29 insertions, 53 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c
index 9bb0ed99fa..d132a3c567 100644
--- a/source4/auth/ntlmssp/ntlmssp.c
+++ b/source4/auth/ntlmssp/ntlmssp.c
@@ -90,19 +90,6 @@ void debug_ntlmssp_flags(uint32_t neg_flags)
}
/**
- * Store a DATA_BLOB containing an NTLMSSP response, for use later.
- * This copies the data blob
- */
-
-NTSTATUS ntlmssp_store_response(struct ntlmssp_state *ntlmssp_state,
- DATA_BLOB response)
-{
- ntlmssp_state->stored_response = data_blob_talloc(ntlmssp_state,
- response.data, response.length);
- return NT_STATUS_OK;
-}
-
-/**
* Next state function for the wrapped NTLMSSP state machine
*
* @param gensec_security GENSEC state, initialised to NTLMSSP
@@ -115,13 +102,12 @@ NTSTATUS ntlmssp_store_response(struct ntlmssp_state *ntlmssp_state,
static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
TALLOC_CTX *out_mem_ctx,
- const DATA_BLOB in, DATA_BLOB *out)
+ const DATA_BLOB input, DATA_BLOB *out)
{
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp_state->ntlmssp_state;
NTSTATUS status;
- DATA_BLOB input;
uint32_t ntlmssp_command;
int i;
@@ -137,15 +123,6 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
out_mem_ctx = ntlmssp_state;
}
- if (!in.length && ntlmssp_state->stored_response.length) {
- input = ntlmssp_state->stored_response;
-
- /* we only want to read the stored response once - overwrite it */
- ntlmssp_state->stored_response = data_blob(NULL, 0);
- } else {
- input = in;
- }
-
if (!input.length) {
switch (ntlmssp_state->role) {
case NTLMSSP_CLIENT:
diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h
index 7e7aeaad98..2aa9aea810 100644
--- a/source4/auth/ntlmssp/ntlmssp.h
+++ b/source4/auth/ntlmssp/ntlmssp.h
@@ -77,7 +77,6 @@ enum ntlmssp_message_type
struct ntlmssp_state
{
- uint_t ref_count;
enum ntlmssp_role role;
enum samr_Role server_role;
uint32_t expected_state;
@@ -170,21 +169,14 @@ struct ntlmssp_state
/* ntlmv2 */
DATA_BLOB send_sign_key;
- DATA_BLOB send_seal_key;
DATA_BLOB recv_sign_key;
- DATA_BLOB recv_seal_key;
- uint8_t send_seal_hash[258];
- uint8_t recv_seal_hash[258];
+ struct arcfour_state *send_seal_hash;
+ struct arcfour_state *recv_seal_hash;
/* ntlmv1 */
- uint8_t ntlmssp_hash[258];
+ struct arcfour_state *ntlmssp_hash;
- /* it turns out that we don't always get the
- response in at the time we want to process it.
- Store it here, until we need it */
- DATA_BLOB stored_response;
-
};
struct gensec_ntlmssp_state {
diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c
index dcd52af1f5..ceca0d6978 100644
--- a/source4/auth/ntlmssp/ntlmssp_client.c
+++ b/source4/auth/ntlmssp/ntlmssp_client.c
@@ -385,8 +385,6 @@ static NTSTATUS ntlmssp_client_start(TALLOC_CTX *mem_ctx, struct ntlmssp_state *
(*ntlmssp_state)->expected_state = NTLMSSP_INITIAL;
- (*ntlmssp_state)->ref_count = 1;
-
(*ntlmssp_state)->neg_flags =
NTLMSSP_NEGOTIATE_NTLM |
NTLMSSP_REQUEST_TARGET;
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index 852d32ed2b..374fafc0e5 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -637,8 +637,6 @@ static NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx, struct ntlmssp_state *
(*ntlmssp_state)->server_use_session_keys = True;
(*ntlmssp_state)->server_multiple_authentications = False;
- (*ntlmssp_state)->ref_count = 1;
-
(*ntlmssp_state)->neg_flags =
NTLMSSP_NEGOTIATE_NTLM;
diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c
index 222cb3e607..a47a0f334a 100644
--- a/source4/auth/ntlmssp/ntlmssp_sign.c
+++ b/source4/auth/ntlmssp/ntlmssp_sign.c
@@ -363,6 +363,9 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
const char *recv_sign_const;
const char *recv_seal_const;
+ DATA_BLOB send_seal_key;
+ DATA_BLOB recv_seal_key;
+
switch (ntlmssp_state->role) {
case NTLMSSP_CLIENT:
send_sign_const = CLI_SIGN;
@@ -380,6 +383,11 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
return NT_STATUS_INTERNAL_ERROR;
}
+ ntlmssp_state->send_seal_hash = talloc(ntlmssp_state, struct arcfour_state);
+ NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->send_seal_hash);
+ ntlmssp_state->recv_seal_hash = talloc(ntlmssp_state, struct arcfour_state);
+ NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->recv_seal_hash);
+
/**
Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions.
@@ -407,18 +415,18 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
ntlmssp_state->send_sign_key.length);
calc_ntlmv2_key(ntlmssp_state,
- &ntlmssp_state->send_seal_key,
+ &send_seal_key,
weak_session_key, send_seal_const);
dump_data_pw("NTLMSSP send seal key:\n",
- ntlmssp_state->send_seal_key.data,
- ntlmssp_state->send_seal_key.length);
+ send_seal_key.data,
+ send_seal_key.length);
arcfour_init(ntlmssp_state->send_seal_hash,
- &ntlmssp_state->send_seal_key);
+ &send_seal_key);
dump_data_pw("NTLMSSP send sesl hash:\n",
- ntlmssp_state->send_seal_hash,
- sizeof(ntlmssp_state->send_seal_hash));
+ ntlmssp_state->send_seal_hash->sbox,
+ sizeof(ntlmssp_state->send_seal_hash->sbox));
/* RECV */
calc_ntlmv2_key(ntlmssp_state,
@@ -429,24 +437,27 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
ntlmssp_state->recv_sign_key.length);
calc_ntlmv2_key(ntlmssp_state,
- &ntlmssp_state->recv_seal_key,
+ &recv_seal_key,
weak_session_key, recv_seal_const);
dump_data_pw("NTLMSSP recv seal key:\n",
- ntlmssp_state->recv_seal_key.data,
- ntlmssp_state->recv_seal_key.length);
+ recv_seal_key.data,
+ recv_seal_key.length);
arcfour_init(ntlmssp_state->recv_seal_hash,
- &ntlmssp_state->recv_seal_key);
+ &recv_seal_key);
dump_data_pw("NTLMSSP receive seal hash:\n",
- ntlmssp_state->recv_seal_hash,
- sizeof(ntlmssp_state->recv_seal_hash));
+ ntlmssp_state->recv_seal_hash->sbox,
+ sizeof(ntlmssp_state->recv_seal_hash->sbox));
} else {
DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n"));
+ ntlmssp_state->ntlmssp_hash = talloc(ntlmssp_state, struct arcfour_state);
+ NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->ntlmssp_hash);
+
arcfour_init(ntlmssp_state->ntlmssp_hash,
&ntlmssp_state->session_key);
- dump_data_pw("NTLMSSP hash:\n", ntlmssp_state->ntlmssp_hash,
- sizeof(ntlmssp_state->ntlmssp_hash));
+ dump_data_pw("NTLMSSP hash:\n", ntlmssp_state->ntlmssp_hash->sbox,
+ sizeof(ntlmssp_state->ntlmssp_hash->sbox));
}
ntlmssp_state->ntlm_seq_num = 0;