From 78b5dfadca6d9b69c5e750ce3f31f22ae6a041e2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 12 Apr 2004 14:19:48 +0000 Subject: r177: Split ntlm_auth --diagnostics into a seperate file, so as not to clutter the main ntlm_auth program. It quite possibly should belong in smbtorture, but relies on the winbind client for now. Andrew Bartlett (This used to be commit 6e1b7a8848062a184ee293cf688135b851f2bd8d) --- source3/utils/ntlm_auth_diagnostics.c | 600 ++++++++++++++++++++++++++++++++++ 1 file changed, 600 insertions(+) create mode 100644 source3/utils/ntlm_auth_diagnostics.c (limited to 'source3/utils/ntlm_auth_diagnostics.c') diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c new file mode 100644 index 0000000000..40c627588d --- /dev/null +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -0,0 +1,600 @@ +/* + Unix SMB/CIFS implementation. + + Winbind status program. + + Copyright (C) Tim Potter 2000-2003 + Copyright (C) Andrew Bartlett 2003-2004 + Copyright (C) Francesco Chemolli 2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "../utils/ntlm_auth.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + +enum ntlm_break { + BREAK_NONE, + BREAK_LM, + BREAK_NT, + NO_LM, + NO_NT +}; + +/* + Authenticate a user with a challenge/response, checking session key + and valid authentication types +*/ + +/* + * Test the normal 'LM and NTLM' combination + */ + +static BOOL test_lm_ntlm_broken(enum ntlm_break break_which) +{ + BOOL pass = True; + NTSTATUS nt_status; + uint32 flags = 0; + DATA_BLOB lm_response = data_blob(NULL, 24); + DATA_BLOB nt_response = data_blob(NULL, 24); + DATA_BLOB session_key = data_blob(NULL, 16); + + uchar lm_key[8]; + uchar user_session_key[16]; + uchar lm_hash[16]; + uchar nt_hash[16]; + DATA_BLOB chall = get_challenge(); + char *error_string; + + ZERO_STRUCT(lm_key); + ZERO_STRUCT(user_session_key); + + flags |= WBFLAG_PAM_LMKEY; + flags |= WBFLAG_PAM_USER_SESSION_KEY; + + SMBencrypt(opt_password,chall.data,lm_response.data); + E_deshash(opt_password, lm_hash); + + SMBNTencrypt(opt_password,chall.data,nt_response.data); + + E_md4hash(opt_password, nt_hash); + SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data); + + switch (break_which) { + case BREAK_NONE: + break; + case BREAK_LM: + lm_response.data[0]++; + break; + case BREAK_NT: + nt_response.data[0]++; + break; + case NO_LM: + data_blob_free(&lm_response); + break; + case NO_NT: + data_blob_free(&nt_response); + break; + } + + nt_status = contact_winbind_auth_crap(opt_username, opt_domain, + opt_workstation, + &chall, + &lm_response, + &nt_response, + flags, + lm_key, + user_session_key, + &error_string, NULL); + + data_blob_free(&lm_response); + + if (!NT_STATUS_IS_OK(nt_status)) { + d_printf("%s (0x%x)\n", + error_string, + NT_STATUS_V(nt_status)); + SAFE_FREE(error_string); + return break_which == BREAK_NT; + } + + if (memcmp(lm_hash, lm_key, + sizeof(lm_key)) != 0) { + DEBUG(1, ("LM Key does not match expectations!\n")); + DEBUG(1, ("lm_key:\n")); + dump_data(1, (const char *)lm_key, 8); + DEBUG(1, ("expected:\n")); + dump_data(1, (const char *)lm_hash, 8); + pass = False; + } + + if (break_which == NO_NT) { + if (memcmp(lm_hash, user_session_key, + 8) != 0) { + DEBUG(1, ("NT Session Key does not match expectations (should be LM hash)!\n")); + DEBUG(1, ("user_session_key:\n")); + dump_data(1, (const char *)user_session_key, sizeof(user_session_key)); + DEBUG(1, ("expected:\n")); + dump_data(1, (const char *)lm_hash, sizeof(lm_hash)); + pass = False; + } + } else { + if (memcmp(session_key.data, user_session_key, + sizeof(user_session_key)) != 0) { + DEBUG(1, ("NT Session Key does not match expectations!\n")); + DEBUG(1, ("user_session_key:\n")); + dump_data(1, (const char *)user_session_key, 16); + DEBUG(1, ("expected:\n")); + dump_data(1, (const char *)session_key.data, session_key.length); + pass = False; + } + } + return pass; +} + +/* + * Test LM authentication, no NT response supplied + */ + +static BOOL test_lm(void) +{ + + return test_lm_ntlm_broken(NO_NT); +} + +/* + * Test the NTLM response only, no LM. + */ + +static BOOL test_ntlm(void) +{ + return test_lm_ntlm_broken(NO_LM); +} + +/* + * Test the NTLM response only, but in the LM field. + */ + +static BOOL test_ntlm_in_lm(void) +{ + BOOL pass = True; + NTSTATUS nt_status; + uint32 flags = 0; + DATA_BLOB nt_response = data_blob(NULL, 24); + + uchar lm_key[8]; + uchar lm_hash[16]; + uchar user_session_key[16]; + DATA_BLOB chall = get_challenge(); + char *error_string; + + ZERO_STRUCT(user_session_key); + + flags |= WBFLAG_PAM_LMKEY; + flags |= WBFLAG_PAM_USER_SESSION_KEY; + + SMBNTencrypt(opt_password,chall.data,nt_response.data); + + E_deshash(opt_password, lm_hash); + + nt_status = contact_winbind_auth_crap(opt_username, opt_domain, + opt_workstation, + &chall, + &nt_response, + NULL, + flags, + lm_key, + user_session_key, + &error_string, NULL); + + data_blob_free(&nt_response); + + if (!NT_STATUS_IS_OK(nt_status)) { + d_printf("%s (0x%x)\n", + error_string, + NT_STATUS_V(nt_status)); + SAFE_FREE(error_string); + return False; + } + + if (memcmp(lm_hash, lm_key, + sizeof(lm_key)) != 0) { + DEBUG(1, ("LM Key does not match expectations!\n")); + DEBUG(1, ("lm_key:\n")); + dump_data(1, (const char *)lm_key, 8); + DEBUG(1, ("expected:\n")); + dump_data(1, (const char *)lm_hash, 8); + pass = False; + } + if (memcmp(lm_hash, user_session_key, 8) != 0) { + DEBUG(1, ("Session Key (first 8 lm hash) does not match expectations!\n")); + DEBUG(1, ("user_session_key:\n")); + dump_data(1, (const char *)user_session_key, 16); + DEBUG(1, ("expected:\n")); + dump_data(1, (const char *)lm_hash, 8); + pass = False; + } + return pass; +} + +/* + * Test the NTLM response only, but in the both the NT and LM fields. + */ + +static BOOL test_ntlm_in_both(void) +{ + BOOL pass = True; + NTSTATUS nt_status; + uint32 flags = 0; + DATA_BLOB nt_response = data_blob(NULL, 24); + DATA_BLOB session_key = data_blob(NULL, 16); + + char lm_key[8]; + char lm_hash[16]; + char user_session_key[16]; + char nt_hash[16]; + DATA_BLOB chall = get_challenge(); + char *error_string; + + ZERO_STRUCT(lm_key); + ZERO_STRUCT(user_session_key); + + flags |= WBFLAG_PAM_LMKEY; + flags |= WBFLAG_PAM_USER_SESSION_KEY; + + SMBNTencrypt(opt_password,chall.data,nt_response.data); + E_md4hash(opt_password, (unsigned char *)nt_hash); + SMBsesskeygen_ntv1((const unsigned char *)nt_hash, NULL, session_key.data); + + E_deshash(opt_password, (unsigned char *)lm_hash); + + nt_status = contact_winbind_auth_crap(opt_username, opt_domain, + opt_workstation, + &chall, + &nt_response, + &nt_response, + flags, + (unsigned char *)lm_key, + (unsigned char *)user_session_key, + &error_string, NULL); + + data_blob_free(&nt_response); + + if (!NT_STATUS_IS_OK(nt_status)) { + d_printf("%s (0x%x)\n", + error_string, + NT_STATUS_V(nt_status)); + SAFE_FREE(error_string); + return False; + } + + if (memcmp(lm_hash, lm_key, + sizeof(lm_key)) != 0) { + DEBUG(1, ("LM Key does not match expectations!\n")); + DEBUG(1, ("lm_key:\n")); + dump_data(1, lm_key, 8); + DEBUG(1, ("expected:\n")); + dump_data(1, lm_hash, 8); + pass = False; + } + if (memcmp(session_key.data, user_session_key, + sizeof(user_session_key)) != 0) { + DEBUG(1, ("NT Session Key does not match expectations!\n")); + DEBUG(1, ("user_session_key:\n")); + dump_data(1, user_session_key, 16); + DEBUG(1, ("expected:\n")); + dump_data(1, (const char *)session_key.data, session_key.length); + pass = False; + } + + + return pass; +} + +/* + * Test the NTLMv2 and LMv2 responses + */ + +static BOOL test_lmv2_ntlmv2_broken(enum ntlm_break break_which) +{ + BOOL pass = True; + NTSTATUS nt_status; + uint32 flags = 0; + DATA_BLOB ntlmv2_response = data_blob(NULL, 0); + DATA_BLOB lmv2_response = data_blob(NULL, 0); + DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0); + DATA_BLOB names_blob = NTLMv2_generate_names_blob(get_winbind_netbios_name(), get_winbind_domain()); + + uchar user_session_key[16]; + DATA_BLOB chall = get_challenge(); + char *error_string; + + ZERO_STRUCT(user_session_key); + + flags |= WBFLAG_PAM_USER_SESSION_KEY; + + if (!SMBNTLMv2encrypt(opt_username, opt_domain, opt_password, &chall, + &names_blob, + &lmv2_response, &ntlmv2_response, + &ntlmv2_session_key)) { + data_blob_free(&names_blob); + return False; + } + data_blob_free(&names_blob); + + switch (break_which) { + case BREAK_NONE: + break; + case BREAK_LM: + lmv2_response.data[0]++; + break; + case BREAK_NT: + ntlmv2_response.data[0]++; + break; + case NO_LM: + data_blob_free(&lmv2_response); + break; + case NO_NT: + data_blob_free(&ntlmv2_response); + break; + } + + nt_status = contact_winbind_auth_crap(opt_username, opt_domain, + opt_workstation, + &chall, + &lmv2_response, + &ntlmv2_response, + flags, + NULL, + user_session_key, + &error_string, NULL); + + data_blob_free(&lmv2_response); + data_blob_free(&ntlmv2_response); + + if (!NT_STATUS_IS_OK(nt_status)) { + d_printf("%s (0x%x)\n", + error_string, + NT_STATUS_V(nt_status)); + SAFE_FREE(error_string); + return break_which == BREAK_NT; + } + + if (break_which != NO_NT && break_which != BREAK_NT && memcmp(ntlmv2_session_key.data, user_session_key, + sizeof(user_session_key)) != 0) { + DEBUG(1, ("USER (NTLMv2) Session Key does not match expectations!\n")); + DEBUG(1, ("user_session_key:\n")); + dump_data(1, (const char *)user_session_key, 16); + DEBUG(1, ("expected:\n")); + dump_data(1, (const char *)ntlmv2_session_key.data, ntlmv2_session_key.length); + pass = False; + } + return pass; +} + +/* + * Test the NTLMv2 and LMv2 responses + */ + +static BOOL test_lmv2_ntlmv2(void) +{ + return test_lmv2_ntlmv2_broken(BREAK_NONE); +} + +/* + * Test the LMv2 response only + */ + +static BOOL test_lmv2(void) +{ + return test_lmv2_ntlmv2_broken(NO_NT); +} + +/* + * Test the NTLMv2 response only + */ + +static BOOL test_ntlmv2(void) +{ + return test_lmv2_ntlmv2_broken(NO_LM); +} + +static BOOL test_lm_ntlm(void) +{ + return test_lm_ntlm_broken(BREAK_NONE); +} + +static BOOL test_ntlm_lm_broken(void) +{ + return test_lm_ntlm_broken(BREAK_LM); +} + +static BOOL test_ntlm_ntlm_broken(void) +{ + return test_lm_ntlm_broken(BREAK_NT); +} + +static BOOL test_ntlmv2_lmv2_broken(void) +{ + return test_lmv2_ntlmv2_broken(BREAK_LM); +} + +static BOOL test_ntlmv2_ntlmv2_broken(void) +{ + return test_lmv2_ntlmv2_broken(BREAK_NT); +} + +static BOOL test_plaintext(enum ntlm_break break_which) +{ + NTSTATUS nt_status; + uint32 flags = 0; + DATA_BLOB nt_response = data_blob(NULL, 0); + DATA_BLOB lm_response = data_blob(NULL, 0); + char *password; + + uchar user_session_key[16]; + uchar lm_key[16]; + static const uchar zeros[8]; + DATA_BLOB chall = data_blob(zeros, sizeof(zeros)); + char *error_string; + + ZERO_STRUCT(user_session_key); + + flags |= WBFLAG_PAM_LMKEY; + flags |= WBFLAG_PAM_USER_SESSION_KEY; + + if ((push_ucs2_allocate((smb_ucs2_t **)&nt_response.data, opt_password)) == -1) { + DEBUG(0, ("push_ucs2_allocate failed!\n")); + exit(1); + } + + nt_response.length = strlen_w(((void *)nt_response.data))*sizeof(smb_ucs2_t); + + password = strdup_upper(opt_password); + + if ((convert_string_allocate(NULL, CH_UNIX, + CH_DOS, password, + strlen(password)+1, + (void**)&lm_response.data,True)) == -1) { + DEBUG(0, ("push_ascii_allocate failed!\n")); + exit(1); + } + + SAFE_FREE(password); + + lm_response.length = strlen(lm_response.data); + + switch (break_which) { + case BREAK_NONE: + break; + case BREAK_LM: + lm_response.data[0]++; + break; + case BREAK_NT: + nt_response.data[0]++; + break; + case NO_LM: + SAFE_FREE(lm_response.data); + lm_response.length = 0; + break; + case NO_NT: + SAFE_FREE(nt_response.data); + nt_response.length = 0; + break; + } + + nt_status = contact_winbind_auth_crap(opt_username, opt_domain, + opt_workstation, + &chall, + &lm_response, + &nt_response, + flags, + lm_key, + user_session_key, + &error_string, NULL); + + SAFE_FREE(nt_response.data); + SAFE_FREE(lm_response.data); + data_blob_free(&chall); + + if (!NT_STATUS_IS_OK(nt_status)) { + d_printf("%s (0x%x)\n", + error_string, + NT_STATUS_V(nt_status)); + SAFE_FREE(error_string); + return break_which == BREAK_NT; + } + + return break_which != BREAK_NT; +} + +static BOOL test_plaintext_none_broken(void) { + return test_plaintext(BREAK_NONE); +} + +static BOOL test_plaintext_lm_broken(void) { + return test_plaintext(BREAK_LM); +} + +static BOOL test_plaintext_nt_broken(void) { + return test_plaintext(BREAK_NT); +} + +static BOOL test_plaintext_nt_only(void) { + return test_plaintext(NO_LM); +} + +static BOOL test_plaintext_lm_only(void) { + return test_plaintext(NO_NT); +} + +/* + Tests: + + - LM only + - NT and LM + - NT + - NT in LM field + - NT in both fields + - NTLMv2 + - NTLMv2 and LMv2 + - LMv2 + - plaintext tests (in challenge-response feilds) + + check we get the correct session key in each case + check what values we get for the LM session key + +*/ + +static const struct ntlm_tests { + BOOL (*fn)(void); + const char *name; +} test_table[] = { + {test_lm, "LM"}, + {test_lm_ntlm, "LM and NTLM"}, + {test_ntlm, "NTLM"}, + {test_ntlm_in_lm, "NTLM in LM"}, + {test_ntlm_in_both, "NTLM in both"}, + {test_ntlmv2, "NTLMv2"}, + {test_lmv2_ntlmv2, "NTLMv2 and LMv2"}, + {test_lmv2, "LMv2"}, + {test_ntlmv2_lmv2_broken, "NTLMv2 and LMv2, LMv2 broken"}, + {test_ntlmv2_ntlmv2_broken, "NTLMv2 and LMv2, NTLMv2 broken"}, + {test_ntlm_lm_broken, "NTLM and LM, LM broken"}, + {test_ntlm_ntlm_broken, "NTLM and LM, NTLM broken"}, + {test_plaintext_none_broken, "Plaintext"}, + {test_plaintext_lm_broken, "Plaintext LM broken"}, + {test_plaintext_nt_broken, "Plaintext NT broken"}, + {test_plaintext_nt_only, "Plaintext NT only"}, + {test_plaintext_lm_only, "Plaintext LM only"} +}; + +BOOL diagnose_ntlm_auth(void) +{ + unsigned int i; + BOOL pass = True; + + for (i=0; test_table[i].fn; i++) { + if (!test_table[i].fn()) { + DEBUG(1, ("Test %s failed!\n", test_table[i].name)); + pass = False; + } + } + + return pass; +} + -- cgit From 9d084af77c2fee3682e86a12a19ee3942be9ed8d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 19 May 2004 11:50:01 +0000 Subject: r780: Fix segfault in ntlm_auth --diagnostics Andrew Bartlett (This used to be commit 5cdc7f0cd6888740d3de3535cd70c9681fa57600) --- source3/utils/ntlm_auth_diagnostics.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/utils/ntlm_auth_diagnostics.c') diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c index 40c627588d..3489dbca7c 100644 --- a/source3/utils/ntlm_auth_diagnostics.c +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -580,7 +580,8 @@ static const struct ntlm_tests { {test_plaintext_lm_broken, "Plaintext LM broken"}, {test_plaintext_nt_broken, "Plaintext NT broken"}, {test_plaintext_nt_only, "Plaintext NT only"}, - {test_plaintext_lm_only, "Plaintext LM only"} + {test_plaintext_lm_only, "Plaintext LM only"}, + {NULL, NULL} }; BOOL diagnose_ntlm_auth(void) -- cgit From b4cf9e95059071df49b34ff8574e48cb96f42da1 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 7 Oct 2004 04:01:18 +0000 Subject: r2835: Since we always have -I. and -I$(srcdir) in CFLAGS, we can get rid of '..' from all #include preprocessor commands. This fixes bugzilla #1880 where OpenVMS gets confused about the '.' characters. (This used to be commit 7f161702fa4916979602cc0295919b541912acd6) --- source3/utils/ntlm_auth_diagnostics.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/ntlm_auth_diagnostics.c') diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c index 3489dbca7c..7fae0ede97 100644 --- a/source3/utils/ntlm_auth_diagnostics.c +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -23,7 +23,7 @@ */ #include "includes.h" -#include "../utils/ntlm_auth.h" +#include "utils/ntlm_auth.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND -- cgit From 8d7c88667190fe286971ac4fffb64ee5bd9eeeb0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 18 Oct 2005 03:24:00 +0000 Subject: r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4 x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208) --- source3/utils/ntlm_auth_diagnostics.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/ntlm_auth_diagnostics.c') diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c index 7fae0ede97..95f1355c2e 100644 --- a/source3/utils/ntlm_auth_diagnostics.c +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -476,7 +476,7 @@ static BOOL test_plaintext(enum ntlm_break break_which) SAFE_FREE(password); - lm_response.length = strlen(lm_response.data); + lm_response.length = strlen((const char *)lm_response.data); switch (break_which) { case BREAK_NONE: -- cgit From b32d2ecf9ce39140c726d4fe96f658e50d0665c9 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 14 Jun 2006 12:00:53 +0000 Subject: r16219: BUG 3836, 3837, 3004: compile warning fixes from Jason Mader. (This used to be commit 6c1f1c091f5e87bf9464fe8ad7eb2cb683819a62) --- source3/utils/ntlm_auth_diagnostics.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/ntlm_auth_diagnostics.c') diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c index 95f1355c2e..00149db9e2 100644 --- a/source3/utils/ntlm_auth_diagnostics.c +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -470,7 +470,7 @@ static BOOL test_plaintext(enum ntlm_break break_which) CH_DOS, password, strlen(password)+1, (void**)&lm_response.data,True)) == -1) { - DEBUG(0, ("push_ascii_allocate failed!\n")); + DEBUG(0, ("convert_string_allocate failed!\n")); exit(1); } -- cgit From 3d672717e084f7a26ef60321d614a686dd803dbd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 19 Jun 2006 20:00:51 +0000 Subject: r16363: Fix Klocwork ID 981 1652 Volker (This used to be commit ce1d8423ef7cd86fc64200002fde707bca621d44) --- source3/utils/ntlm_auth_diagnostics.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source3/utils/ntlm_auth_diagnostics.c') diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c index 00149db9e2..c8ea966a55 100644 --- a/source3/utils/ntlm_auth_diagnostics.c +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -464,7 +464,10 @@ static BOOL test_plaintext(enum ntlm_break break_which) nt_response.length = strlen_w(((void *)nt_response.data))*sizeof(smb_ucs2_t); - password = strdup_upper(opt_password); + if ((password = strdup_upper(opt_password)) == NULL) { + DEBUG(0, ("strdup_upper failed!\n")); + exit(1); + } if ((convert_string_allocate(NULL, CH_UNIX, CH_DOS, password, -- cgit From fbdcf2663b56007a438ac4f0d8d82436b1bfe688 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 11 Jul 2006 18:01:26 +0000 Subject: r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8) --- source3/utils/ntlm_auth_diagnostics.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'source3/utils/ntlm_auth_diagnostics.c') diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c index c8ea966a55..e69715affd 100644 --- a/source3/utils/ntlm_auth_diagnostics.c +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -445,6 +445,7 @@ static BOOL test_plaintext(enum ntlm_break break_which) DATA_BLOB nt_response = data_blob(NULL, 0); DATA_BLOB lm_response = data_blob(NULL, 0); char *password; + smb_ucs2_t *nt_response_ucs2; uchar user_session_key[16]; uchar lm_key[16]; @@ -457,12 +458,13 @@ static BOOL test_plaintext(enum ntlm_break break_which) flags |= WBFLAG_PAM_LMKEY; flags |= WBFLAG_PAM_USER_SESSION_KEY; - if ((push_ucs2_allocate((smb_ucs2_t **)&nt_response.data, opt_password)) == -1) { + if ((push_ucs2_allocate(&nt_response_ucs2, opt_password)) == -1) { DEBUG(0, ("push_ucs2_allocate failed!\n")); exit(1); } - nt_response.length = strlen_w(((void *)nt_response.data))*sizeof(smb_ucs2_t); + nt_response.data = (unsigned char *)nt_response_ucs2; + nt_response.length = strlen_w(nt_response_ucs2)*sizeof(smb_ucs2_t); if ((password = strdup_upper(opt_password)) == NULL) { DEBUG(0, ("strdup_upper failed!\n")); @@ -472,7 +474,7 @@ static BOOL test_plaintext(enum ntlm_break break_which) if ((convert_string_allocate(NULL, CH_UNIX, CH_DOS, password, strlen(password)+1, - (void**)&lm_response.data,True)) == -1) { + &lm_response.data,True)) == -1) { DEBUG(0, ("convert_string_allocate failed!\n")); exit(1); } -- cgit From 6655e1e997fa96408ce257f1c96773db4551f69f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 4 Sep 2006 09:51:47 +0000 Subject: r18029: More C++ stuff (This used to be commit 089b51e28cc5e3674e4edf5464c7a15673c5ec0f) --- source3/utils/ntlm_auth_diagnostics.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/ntlm_auth_diagnostics.c') diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c index e69715affd..f7997de711 100644 --- a/source3/utils/ntlm_auth_diagnostics.c +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -449,7 +449,7 @@ static BOOL test_plaintext(enum ntlm_break break_which) uchar user_session_key[16]; uchar lm_key[16]; - static const uchar zeros[8]; + static const uchar zeros[8] = { 0, }; DATA_BLOB chall = data_blob(zeros, sizeof(zeros)); char *error_string; -- cgit From 9bb40d7c6158090712d774e98654d80c888ca4f3 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 28 Mar 2007 13:31:52 +0000 Subject: r22000: remove useless casts metze (This used to be commit 8f55fe4e4614d73c2534ca87745972f7550875ee) --- source3/utils/ntlm_auth_diagnostics.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'source3/utils/ntlm_auth_diagnostics.c') diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c index f7997de711..6f829de1dd 100644 --- a/source3/utils/ntlm_auth_diagnostics.c +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -243,10 +243,10 @@ static BOOL test_ntlm_in_both(void) DATA_BLOB nt_response = data_blob(NULL, 24); DATA_BLOB session_key = data_blob(NULL, 16); - char lm_key[8]; - char lm_hash[16]; - char user_session_key[16]; - char nt_hash[16]; + uint8 lm_key[8]; + uint8 lm_hash[16]; + uint8 user_session_key[16]; + uint8 nt_hash[16]; DATA_BLOB chall = get_challenge(); char *error_string; @@ -257,10 +257,10 @@ static BOOL test_ntlm_in_both(void) flags |= WBFLAG_PAM_USER_SESSION_KEY; SMBNTencrypt(opt_password,chall.data,nt_response.data); - E_md4hash(opt_password, (unsigned char *)nt_hash); - SMBsesskeygen_ntv1((const unsigned char *)nt_hash, NULL, session_key.data); + E_md4hash(opt_password, nt_hash); + SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data); - E_deshash(opt_password, (unsigned char *)lm_hash); + E_deshash(opt_password, lm_hash); nt_status = contact_winbind_auth_crap(opt_username, opt_domain, opt_workstation, @@ -268,8 +268,8 @@ static BOOL test_ntlm_in_both(void) &nt_response, &nt_response, flags, - (unsigned char *)lm_key, - (unsigned char *)user_session_key, + lm_key, + user_session_key, &error_string, NULL); data_blob_free(&nt_response); -- cgit From 56ba44766854ed7cda265bdaf85913f2a1008282 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 28 Mar 2007 13:34:59 +0000 Subject: r22001: change prototype of dump_data(), so that it takes unsigned char * now, which matches what samba4 has. also fix all the callers to prevent compiler warnings metze (This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7) --- source3/utils/ntlm_auth_diagnostics.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'source3/utils/ntlm_auth_diagnostics.c') diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c index 6f829de1dd..0ebe77b0d1 100644 --- a/source3/utils/ntlm_auth_diagnostics.c +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -116,9 +116,9 @@ static BOOL test_lm_ntlm_broken(enum ntlm_break break_which) sizeof(lm_key)) != 0) { DEBUG(1, ("LM Key does not match expectations!\n")); DEBUG(1, ("lm_key:\n")); - dump_data(1, (const char *)lm_key, 8); + dump_data(1, lm_key, 8); DEBUG(1, ("expected:\n")); - dump_data(1, (const char *)lm_hash, 8); + dump_data(1, lm_hash, 8); pass = False; } @@ -127,9 +127,9 @@ static BOOL test_lm_ntlm_broken(enum ntlm_break break_which) 8) != 0) { DEBUG(1, ("NT Session Key does not match expectations (should be LM hash)!\n")); DEBUG(1, ("user_session_key:\n")); - dump_data(1, (const char *)user_session_key, sizeof(user_session_key)); + dump_data(1, user_session_key, sizeof(user_session_key)); DEBUG(1, ("expected:\n")); - dump_data(1, (const char *)lm_hash, sizeof(lm_hash)); + dump_data(1, lm_hash, sizeof(lm_hash)); pass = False; } } else { @@ -137,9 +137,9 @@ static BOOL test_lm_ntlm_broken(enum ntlm_break break_which) sizeof(user_session_key)) != 0) { DEBUG(1, ("NT Session Key does not match expectations!\n")); DEBUG(1, ("user_session_key:\n")); - dump_data(1, (const char *)user_session_key, 16); + dump_data(1, user_session_key, 16); DEBUG(1, ("expected:\n")); - dump_data(1, (const char *)session_key.data, session_key.length); + dump_data(1, session_key.data, session_key.length); pass = False; } } @@ -215,17 +215,17 @@ static BOOL test_ntlm_in_lm(void) sizeof(lm_key)) != 0) { DEBUG(1, ("LM Key does not match expectations!\n")); DEBUG(1, ("lm_key:\n")); - dump_data(1, (const char *)lm_key, 8); + dump_data(1, lm_key, 8); DEBUG(1, ("expected:\n")); - dump_data(1, (const char *)lm_hash, 8); + dump_data(1, lm_hash, 8); pass = False; } if (memcmp(lm_hash, user_session_key, 8) != 0) { DEBUG(1, ("Session Key (first 8 lm hash) does not match expectations!\n")); DEBUG(1, ("user_session_key:\n")); - dump_data(1, (const char *)user_session_key, 16); + dump_data(1, user_session_key, 16); DEBUG(1, ("expected:\n")); - dump_data(1, (const char *)lm_hash, 8); + dump_data(1, lm_hash, 8); pass = False; } return pass; @@ -297,7 +297,7 @@ static BOOL test_ntlm_in_both(void) DEBUG(1, ("user_session_key:\n")); dump_data(1, user_session_key, 16); DEBUG(1, ("expected:\n")); - dump_data(1, (const char *)session_key.data, session_key.length); + dump_data(1, session_key.data, session_key.length); pass = False; } @@ -378,9 +378,9 @@ static BOOL test_lmv2_ntlmv2_broken(enum ntlm_break break_which) sizeof(user_session_key)) != 0) { DEBUG(1, ("USER (NTLMv2) Session Key does not match expectations!\n")); DEBUG(1, ("user_session_key:\n")); - dump_data(1, (const char *)user_session_key, 16); + dump_data(1, user_session_key, 16); DEBUG(1, ("expected:\n")); - dump_data(1, (const char *)ntlmv2_session_key.data, ntlmv2_session_key.length); + dump_data(1, ntlmv2_session_key.data, ntlmv2_session_key.length); pass = False; } return pass; -- cgit From b4a7b7a8889737e2891fc1176feabd4ce47f2737 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 14 May 2007 12:16:20 +0000 Subject: r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and replace all data_blob(NULL, 0) calls. (This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e) --- source3/utils/ntlm_auth_diagnostics.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/utils/ntlm_auth_diagnostics.c') diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c index 0ebe77b0d1..a4e0d6b1ba 100644 --- a/source3/utils/ntlm_auth_diagnostics.c +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -314,9 +314,9 @@ static BOOL test_lmv2_ntlmv2_broken(enum ntlm_break break_which) BOOL pass = True; NTSTATUS nt_status; uint32 flags = 0; - DATA_BLOB ntlmv2_response = data_blob(NULL, 0); - DATA_BLOB lmv2_response = data_blob(NULL, 0); - DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0); + DATA_BLOB ntlmv2_response = data_blob_null; + DATA_BLOB lmv2_response = data_blob_null; + DATA_BLOB ntlmv2_session_key = data_blob_null; DATA_BLOB names_blob = NTLMv2_generate_names_blob(get_winbind_netbios_name(), get_winbind_domain()); uchar user_session_key[16]; @@ -442,8 +442,8 @@ static BOOL test_plaintext(enum ntlm_break break_which) { NTSTATUS nt_status; uint32 flags = 0; - DATA_BLOB nt_response = data_blob(NULL, 0); - DATA_BLOB lm_response = data_blob(NULL, 0); + DATA_BLOB nt_response = data_blob_null; + DATA_BLOB lm_response = data_blob_null; char *password; smb_ucs2_t *nt_response_ucs2; -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/utils/ntlm_auth_diagnostics.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/ntlm_auth_diagnostics.c') diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c index a4e0d6b1ba..51c7e116bd 100644 --- a/source3/utils/ntlm_auth_diagnostics.c +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -9,7 +9,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/utils/ntlm_auth_diagnostics.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/utils/ntlm_auth_diagnostics.c') diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c index 51c7e116bd..0762e6c8ae 100644 --- a/source3/utils/ntlm_auth_diagnostics.c +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -18,8 +18,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/utils/ntlm_auth_diagnostics.c | 54 +++++++++++++++++------------------ 1 file changed, 27 insertions(+), 27 deletions(-) (limited to 'source3/utils/ntlm_auth_diagnostics.c') diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c index 0762e6c8ae..846b5ef42b 100644 --- a/source3/utils/ntlm_auth_diagnostics.c +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -44,9 +44,9 @@ enum ntlm_break { * Test the normal 'LM and NTLM' combination */ -static BOOL test_lm_ntlm_broken(enum ntlm_break break_which) +static bool test_lm_ntlm_broken(enum ntlm_break break_which) { - BOOL pass = True; + bool pass = True; NTSTATUS nt_status; uint32 flags = 0; DATA_BLOB lm_response = data_blob(NULL, 24); @@ -149,7 +149,7 @@ static BOOL test_lm_ntlm_broken(enum ntlm_break break_which) * Test LM authentication, no NT response supplied */ -static BOOL test_lm(void) +static bool test_lm(void) { return test_lm_ntlm_broken(NO_NT); @@ -159,7 +159,7 @@ static BOOL test_lm(void) * Test the NTLM response only, no LM. */ -static BOOL test_ntlm(void) +static bool test_ntlm(void) { return test_lm_ntlm_broken(NO_LM); } @@ -168,9 +168,9 @@ static BOOL test_ntlm(void) * Test the NTLM response only, but in the LM field. */ -static BOOL test_ntlm_in_lm(void) +static bool test_ntlm_in_lm(void) { - BOOL pass = True; + bool pass = True; NTSTATUS nt_status; uint32 flags = 0; DATA_BLOB nt_response = data_blob(NULL, 24); @@ -234,9 +234,9 @@ static BOOL test_ntlm_in_lm(void) * Test the NTLM response only, but in the both the NT and LM fields. */ -static BOOL test_ntlm_in_both(void) +static bool test_ntlm_in_both(void) { - BOOL pass = True; + bool pass = True; NTSTATUS nt_status; uint32 flags = 0; DATA_BLOB nt_response = data_blob(NULL, 24); @@ -308,9 +308,9 @@ static BOOL test_ntlm_in_both(void) * Test the NTLMv2 and LMv2 responses */ -static BOOL test_lmv2_ntlmv2_broken(enum ntlm_break break_which) +static bool test_lmv2_ntlmv2_broken(enum ntlm_break break_which) { - BOOL pass = True; + bool pass = True; NTSTATUS nt_status; uint32 flags = 0; DATA_BLOB ntlmv2_response = data_blob_null; @@ -389,7 +389,7 @@ static BOOL test_lmv2_ntlmv2_broken(enum ntlm_break break_which) * Test the NTLMv2 and LMv2 responses */ -static BOOL test_lmv2_ntlmv2(void) +static bool test_lmv2_ntlmv2(void) { return test_lmv2_ntlmv2_broken(BREAK_NONE); } @@ -398,7 +398,7 @@ static BOOL test_lmv2_ntlmv2(void) * Test the LMv2 response only */ -static BOOL test_lmv2(void) +static bool test_lmv2(void) { return test_lmv2_ntlmv2_broken(NO_NT); } @@ -407,37 +407,37 @@ static BOOL test_lmv2(void) * Test the NTLMv2 response only */ -static BOOL test_ntlmv2(void) +static bool test_ntlmv2(void) { return test_lmv2_ntlmv2_broken(NO_LM); } -static BOOL test_lm_ntlm(void) +static bool test_lm_ntlm(void) { return test_lm_ntlm_broken(BREAK_NONE); } -static BOOL test_ntlm_lm_broken(void) +static bool test_ntlm_lm_broken(void) { return test_lm_ntlm_broken(BREAK_LM); } -static BOOL test_ntlm_ntlm_broken(void) +static bool test_ntlm_ntlm_broken(void) { return test_lm_ntlm_broken(BREAK_NT); } -static BOOL test_ntlmv2_lmv2_broken(void) +static bool test_ntlmv2_lmv2_broken(void) { return test_lmv2_ntlmv2_broken(BREAK_LM); } -static BOOL test_ntlmv2_ntlmv2_broken(void) +static bool test_ntlmv2_ntlmv2_broken(void) { return test_lmv2_ntlmv2_broken(BREAK_NT); } -static BOOL test_plaintext(enum ntlm_break break_which) +static bool test_plaintext(enum ntlm_break break_which) { NTSTATUS nt_status; uint32 flags = 0; @@ -526,23 +526,23 @@ static BOOL test_plaintext(enum ntlm_break break_which) return break_which != BREAK_NT; } -static BOOL test_plaintext_none_broken(void) { +static bool test_plaintext_none_broken(void) { return test_plaintext(BREAK_NONE); } -static BOOL test_plaintext_lm_broken(void) { +static bool test_plaintext_lm_broken(void) { return test_plaintext(BREAK_LM); } -static BOOL test_plaintext_nt_broken(void) { +static bool test_plaintext_nt_broken(void) { return test_plaintext(BREAK_NT); } -static BOOL test_plaintext_nt_only(void) { +static bool test_plaintext_nt_only(void) { return test_plaintext(NO_LM); } -static BOOL test_plaintext_lm_only(void) { +static bool test_plaintext_lm_only(void) { return test_plaintext(NO_NT); } @@ -565,7 +565,7 @@ static BOOL test_plaintext_lm_only(void) { */ static const struct ntlm_tests { - BOOL (*fn)(void); + bool (*fn)(void); const char *name; } test_table[] = { {test_lm, "LM"}, @@ -588,10 +588,10 @@ static const struct ntlm_tests { {NULL, NULL} }; -BOOL diagnose_ntlm_auth(void) +bool diagnose_ntlm_auth(void) { unsigned int i; - BOOL pass = True; + bool pass = True; for (i=0; test_table[i].fn; i++) { if (!test_table[i].fn()) { -- cgit From bb869741ddc3d82da02c96bef592dab6074ff142 Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Mon, 3 Mar 2008 13:32:54 -0800 Subject: Cleanup size_t return values in convert_string_allocate This patch is the first iteration of an inside-out conversion to cleanup functions in charcnv.c returning size_t == -1 to indicate failure. (This used to be commit 59124382d2894a1b194b48dd82bc5f956959eb48) --- source3/utils/ntlm_auth_diagnostics.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'source3/utils/ntlm_auth_diagnostics.c') diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c index 846b5ef42b..dfd05ad51c 100644 --- a/source3/utils/ntlm_auth_diagnostics.c +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -470,18 +470,17 @@ static bool test_plaintext(enum ntlm_break break_which) exit(1); } - if ((convert_string_allocate(NULL, CH_UNIX, + if (!convert_string_allocate(NULL, CH_UNIX, CH_DOS, password, strlen(password)+1, - &lm_response.data,True)) == -1) { + &lm_response.data, + &lm_response.length, True)) { DEBUG(0, ("convert_string_allocate failed!\n")); exit(1); } SAFE_FREE(password); - lm_response.length = strlen((const char *)lm_response.data); - switch (break_which) { case BREAK_NONE: break; -- cgit From fb37f156009611af0dd454a0fb0829a09cd638ac Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Tue, 29 Apr 2008 14:36:24 -0700 Subject: Cleanup size_t return values in callers of convert_string_allocate This patch is the second iteration of an inside-out conversion to cleanup functions in charcnv.c returning size_t == -1 to indicate failure. (This used to be commit 6b189dabc562d86dcaa685419d0cb6ea276f100d) --- source3/utils/ntlm_auth_diagnostics.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source3/utils/ntlm_auth_diagnostics.c') diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c index dfd05ad51c..dcdc8e9a40 100644 --- a/source3/utils/ntlm_auth_diagnostics.c +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -445,6 +445,7 @@ static bool test_plaintext(enum ntlm_break break_which) DATA_BLOB lm_response = data_blob_null; char *password; smb_ucs2_t *nt_response_ucs2; + size_t converted_size; uchar user_session_key[16]; uchar lm_key[16]; @@ -457,7 +458,9 @@ static bool test_plaintext(enum ntlm_break break_which) flags |= WBFLAG_PAM_LMKEY; flags |= WBFLAG_PAM_USER_SESSION_KEY; - if ((push_ucs2_allocate(&nt_response_ucs2, opt_password)) == -1) { + if (!push_ucs2_allocate(&nt_response_ucs2, opt_password, + &converted_size)) + { DEBUG(0, ("push_ucs2_allocate failed!\n")); exit(1); } -- cgit