From 395c366237dec1a38a53248d2e8df17f877207aa Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 4 Jan 2008 22:56:31 +0100 Subject: Do not pass emtpy wkssvc_PasswordBuffers to rpc functions. Guenther (This used to be commit fe75e5ccdfc2609380367e59215637b0de1ef241) --- source3/libsmb/smbencrypt.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'source3/libsmb/smbencrypt.c') diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 9e37d1d6cf..d7f6f604f7 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -704,16 +704,22 @@ char *decrypt_trustdom_secret(const char *pass, DATA_BLOB *data_in) void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, const char *pwd, DATA_BLOB *session_key, - struct wkssvc_PasswordBuffer *pwd_buf) + struct wkssvc_PasswordBuffer **pwd_buf) { uint8_t buffer[516]; struct MD5Context ctx; - - DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16); - + struct wkssvc_PasswordBuffer *my_pwd_buf = NULL; + DATA_BLOB confounded_session_key; int confounder_len = 8; uint8_t confounder[8]; + my_pwd_buf = talloc_zero(mem_ctx, struct wkssvc_PasswordBuffer); + if (!my_pwd_buf) { + return; + } + + confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16); + encode_pw_buffer(buffer, pwd, STR_UNICODE); generate_random_buffer((uint8_t *)confounder, confounder_len); @@ -725,10 +731,12 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, SamOEMhashBlob(buffer, 516, &confounded_session_key); - memcpy(&pwd_buf->data[0], confounder, confounder_len); - memcpy(&pwd_buf->data[8], buffer, 516); + memcpy(&my_pwd_buf->data[0], confounder, confounder_len); + memcpy(&my_pwd_buf->data[8], buffer, 516); data_blob_free(&confounded_session_key); + + *pwd_buf = my_pwd_buf; } WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, -- cgit From ce9e918c95a81470056eef74878aeb10aadbaacf Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Tue, 15 Jan 2008 19:28:23 +0100 Subject: libsmb: Do not upper-case target name on NTLMv2 hash generation This makes our NTLMv2 hash generation compatible to the Davenport example and fixes a bug when ntlm_auth is called with a non-upper-case --domain parameter and client ntlmv2 auth = yes Jerry, please consider for 3.2.0 (This used to be commit ecbe08897c9cc47790f3d4f5680d25202bc0f6c3) --- source3/libsmb/smbencrypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libsmb/smbencrypt.c') diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index d7f6f604f7..c547a4a003 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -443,7 +443,7 @@ bool SMBNTLMv2encrypt_hash(const char *user, const char *domain, const uchar nt_ the username and domain. This prevents username swapping during the auth exchange */ - if (!ntv2_owf_gen(nt_hash, user, domain, True, ntlm_v2_hash)) { + if (!ntv2_owf_gen(nt_hash, user, domain, False, ntlm_v2_hash)) { return False; } -- cgit