From 4d3eb32a1a1c70a183733771994b4b2868801a66 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sat, 1 Nov 2008 18:50:06 +0100
Subject: ntlm_check.c: Sync some changes from Samba 4.

---
 source3/libsmb/ntlm_check.c | 39 +++++++++++++++++++++++----------------
 1 file changed, 23 insertions(+), 16 deletions(-)

(limited to 'source3/libsmb/ntlm_check.c')

diff --git a/source3/libsmb/ntlm_check.c b/source3/libsmb/ntlm_check.c
index 01a5e44ba4..9380a83ea0 100644
--- a/source3/libsmb/ntlm_check.c
+++ b/source3/libsmb/ntlm_check.c
@@ -62,7 +62,7 @@ static bool smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response,
 	}
 	
 	
-#ifdef DEBUG_PASSWORD
+#if DEBUG_PASSWORD
 	DEBUG(100,("Part password (P16) was |\n"));
 	dump_data(100, part_passwd, 16);
 	DEBUGADD(100,("Password from client was |\n"));
@@ -80,23 +80,24 @@ static bool smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response,
  Note:  The same code works with both NTLMv2 and LMv2.
 ****************************************************************************/
 
-static bool smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
-				 const uchar *part_passwd,
+static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
+				 const DATA_BLOB *ntv2_response,
+				 const uint8_t *part_passwd,
 				 const DATA_BLOB *sec_blob,
 				 const char *user, const char *domain,
 				 bool upper_case_domain, /* should the domain be transformed into upper case? */
 				 DATA_BLOB *user_sess_key)
 {
 	/* Finish the encryption of part_passwd. */
-	uchar kr[16];
-	uchar value_from_encryption[16];
-	uchar client_response[16];
+	uint8_t kr[16];
+	uint8_t value_from_encryption[16];
+	uint8_t client_response[16];
 	DATA_BLOB client_key_data;
 	bool res;
 
 	if (part_passwd == NULL) {
 		DEBUG(10,("No password set - DISALLOWING access\n"));
-		/* No password set - always False */
+		/* No password set - always false */
 		return false;
 	}
 
@@ -115,7 +116,7 @@ static bool smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
 		return false;
 	}
 
-	client_key_data = data_blob(ntv2_response->data+16, ntv2_response->length-16);
+	client_key_data = data_blob_talloc(mem_ctx, ntv2_response->data+16, ntv2_response->length-16);
 	/* 
 	   todo:  should we be checking this for anything?  We can't for LMv2, 
 	   but for NTLMv2 it is meant to contain the current time etc.
@@ -124,7 +125,7 @@ static bool smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
 	memcpy(client_response, ntv2_response->data, sizeof(client_response));
 
 	if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) {
-		return False;
+		return false;
 	}
 
 	SMBOWFencrypt_ntv2(kr, sec_blob, &client_key_data, value_from_encryption);
@@ -288,7 +289,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 			   use it 
 			*/
 			DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n", client_domain));
-			if (smb_pwd_check_ntlmv2( nt_response, 
+			if (smb_pwd_check_ntlmv2(mem_ctx,
+						  nt_response, 
 						  nt_pw, challenge, 
 						  client_username, 
 						  client_domain,
@@ -298,7 +300,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 			}
 			
 			DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", client_domain));
-			if (smb_pwd_check_ntlmv2( nt_response, 
+			if (smb_pwd_check_ntlmv2(mem_ctx,
+						  nt_response, 
 						  nt_pw, challenge, 
 						  client_username, 
 						  client_domain,
@@ -308,7 +311,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 			}
 			
 			DEBUG(4,("ntlm_password_check: Checking NTLMv2 password without a domain\n"));
-			if (smb_pwd_check_ntlmv2( nt_response, 
+			if (smb_pwd_check_ntlmv2(mem_ctx,
+						  nt_response, 
 						  nt_pw, challenge, 
 						  client_username, 
 						  "",
@@ -399,17 +403,19 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 	   - related to Win9X, legacy NAS pass-though authentication
 	*/
 	DEBUG(4,("ntlm_password_check: Checking LMv2 password with domain %s\n", client_domain));
-	if (smb_pwd_check_ntlmv2( lm_response, 
+	if (smb_pwd_check_ntlmv2(mem_ctx,
+				 lm_response, 
 				  nt_pw, challenge, 
 				  client_username,
 				  client_domain,
-				  False,
+				  false,
 				  NULL)) {
 		return NT_STATUS_OK;
 	}
 	
 	DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n", client_domain));
-	if (smb_pwd_check_ntlmv2( lm_response, 
+	if (smb_pwd_check_ntlmv2(mem_ctx,
+				 lm_response, 
 				  nt_pw, challenge, 
 				  client_username,
 				  client_domain,
@@ -419,7 +425,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 	}
 	
 	DEBUG(4,("ntlm_password_check: Checking LMv2 password without a domain\n"));
-	if (smb_pwd_check_ntlmv2( lm_response, 
+	if (smb_pwd_check_ntlmv2(mem_ctx,
+				 lm_response, 
 				  nt_pw, challenge, 
 				  client_username,
 				  "",
-- 
cgit