[SCM] Samba Shared Repository - branch master updated -
release-4-0-0alpha6-1052-ga3127ea
Volker Lendecke
vlendec at samba.org
Sat Feb 21 13:50:40 GMT 2009
The branch, master has been updated
via a3127ea9d7197af8ddde3f8e20a92794f389a992 (commit)
via 4aed9abbf84deb47e7a3aec025268a3c1e6b29bb (commit)
from e9467ff26ed429dbb2d4249da5bedf545664253b (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a3127ea9d7197af8ddde3f8e20a92794f389a992
Author: Volker Lendecke <vl at samba.org>
Date: Sat Feb 21 13:20:08 2009 +0100
Fix some nonempty blank lines
commit 4aed9abbf84deb47e7a3aec025268a3c1e6b29bb
Author: Volker Lendecke <vl at samba.org>
Date: Thu Feb 19 23:41:48 2009 +0100
Remove the static "chal" from ntlmssp.c:get_challenge()
-----------------------------------------------------------------------
Summary of changes:
source3/auth/auth.c | 76 ++++++++++++++++++-----------------
source3/auth/auth_compat.c | 5 +-
source3/auth/auth_ntlmssp.c | 6 ++-
source3/include/auth.h | 3 +-
source3/include/ntlmssp.h | 3 +-
source3/libsmb/ntlmssp.c | 12 ++---
source3/rpc_server/srv_netlog_nt.c | 4 +-
source3/smbd/negprot.c | 5 +-
source3/smbd/sesssetup.c | 7 ++-
9 files changed, 63 insertions(+), 58 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 505098c..fd4c503 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -2,17 +2,17 @@
Unix SMB/CIFS implementation.
Password and authentication handling
Copyright (C) Andrew Bartlett 2001-2002
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -49,7 +49,7 @@ NTSTATUS smb_register_auth(int version, const char *name, auth_init_function ini
DEBUG(0,("There already is an auth method registered with the name %s!\n", name));
return NT_STATUS_OBJECT_NAME_COLLISION;
}
-
+
entry = SMB_XMALLOC_P(struct auth_init_function_entry);
entry->name = smb_xstrdup(name);
entry->init = init;
@@ -67,7 +67,7 @@ static struct auth_init_function_entry *auth_find_backend_entry(const char *name
if (strcmp(entry->name, name)==0) return entry;
entry = entry->next;
}
-
+
return NULL;
}
@@ -76,7 +76,8 @@ static struct auth_init_function_entry *auth_find_backend_entry(const char *name
Returns a const char of length 8 bytes.
****************************************************************************/
-static const uint8 *get_ntlm_challenge(struct auth_context *auth_context)
+static void get_ntlm_challenge(struct auth_context *auth_context,
+ uint8_t chal[8])
{
DATA_BLOB challenge = data_blob_null;
const char *challenge_set_by = NULL;
@@ -86,7 +87,8 @@ static const uint8 *get_ntlm_challenge(struct auth_context *auth_context)
if (auth_context->challenge.length) {
DEBUG(5, ("get_ntlm_challenge (auth subsystem): returning previous challenge by module %s (normal)\n",
auth_context->challenge_set_by));
- return auth_context->challenge.data;
+ memcpy(chal, auth_context->challenge.data, 8);
+ return;
}
auth_context->challenge_may_be_modified = False;
@@ -108,7 +110,7 @@ static const uint8 *get_ntlm_challenge(struct auth_context *auth_context)
if (!mem_ctx) {
smb_panic("talloc_init() failed!");
}
-
+
challenge = auth_method->get_chal(auth_context, &auth_method->private_data, mem_ctx);
if (!challenge.length) {
DEBUG(3, ("auth_get_challenge: getting challenge from authentication method %s FAILED.\n",
@@ -121,27 +123,27 @@ static const uint8 *get_ntlm_challenge(struct auth_context *auth_context)
}
talloc_destroy(mem_ctx);
}
-
+
if (!challenge_set_by) {
- uchar chal[8];
-
- generate_random_buffer(chal, sizeof(chal));
+ uchar tmp[8];
+
+ generate_random_buffer(tmp, sizeof(tmp));
auth_context->challenge = data_blob_talloc(auth_context->mem_ctx,
- chal, sizeof(chal));
-
+ tmp, sizeof(tmp));
+
challenge_set_by = "random";
auth_context->challenge_may_be_modified = True;
}
-
+
DEBUG(5, ("auth_context challenge created by %s\n", challenge_set_by));
DEBUG(5, ("challenge is: \n"));
dump_data(5, auth_context->challenge.data, auth_context->challenge.length);
-
+
SMB_ASSERT(auth_context->challenge.length == 8);
auth_context->challenge_set_by=challenge_set_by;
- return auth_context->challenge.data;
+ memcpy(chal, auth_context->challenge.data, 8);
}
@@ -249,7 +251,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) {
NTSTATUS result;
-
+
mem_ctx = talloc_init("%s authentication for user %s\\%s", auth_method->name,
user_info->domain, user_info->smb_name);
@@ -281,7 +283,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
}
/* successful authentication */
-
+
if (NT_STATUS_IS_OK(nt_status)) {
unix_username = (*server_info)->unix_name;
if (!(*server_info)->guest) {
@@ -289,7 +291,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
become_root();
nt_status = smb_pam_accountcheck(unix_username);
unbecome_root();
-
+
if (NT_STATUS_IS_OK(nt_status)) {
DEBUG(5, ("check_ntlm_password: PAM Account for user [%s] succeeded\n",
unix_username));
@@ -298,7 +300,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
unix_username, nt_errstr(nt_status)));
}
}
-
+
if (NT_STATUS_IS_OK(nt_status)) {
DEBUG((*server_info)->guest ? 5 : 2,
("check_ntlm_password: %sauthentication for user [%s] -> [%s] -> [%s] succeeded\n",
@@ -307,17 +309,17 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
user_info->internal_username,
unix_username));
}
-
+
return nt_status;
}
-
+
/* failed authentication; check for guest lapping */
-
+
DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n",
user_info->smb_name, user_info->internal_username,
nt_errstr(nt_status)));
ZERO_STRUCTP(server_info);
-
+
return nt_status;
}
@@ -349,7 +351,7 @@ static NTSTATUS make_auth_context(struct auth_context **auth_context)
TALLOC_CTX *mem_ctx;
mem_ctx = talloc_init("authentication context");
-
+
*auth_context = TALLOC_P(mem_ctx, struct auth_context);
if (!*auth_context) {
DEBUG(0,("make_auth_context: talloc failed!\n"));
@@ -362,7 +364,7 @@ static NTSTATUS make_auth_context(struct auth_context **auth_context)
(*auth_context)->check_ntlm_password = check_ntlm_password;
(*auth_context)->get_ntlm_challenge = get_ntlm_challenge;
(*auth_context)->free = free_auth_context;
-
+
return NT_STATUS_OK;
}
@@ -382,21 +384,21 @@ bool load_auth_module(struct auth_context *auth_context,
static_init_auth;
initialised_static_modules = True;
}
-
+
DEBUG(5,("load_auth_module: Attempting to find an auth method to match %s\n",
module));
-
+
p = strchr(module_name, ':');
if (p) {
*p = 0;
module_params = p+1;
trim_char(module_params, ' ', ' ');
}
-
+
trim_char(module_name, ' ', ' ');
-
+
entry = auth_find_backend_entry(module_name);
-
+
if (entry == NULL) {
if (NT_STATUS_IS_OK(smb_probe_module("auth", module_name))) {
entry = auth_find_backend_entry(module_name);
@@ -434,7 +436,7 @@ static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context,
DEBUG(2,("make_auth_context_text_list: No auth method list!?\n"));
return NT_STATUS_UNSUCCESSFUL;
}
-
+
if (!NT_STATUS_IS_OK(nt_status = make_auth_context(auth_context)))
return nt_status;
@@ -443,9 +445,9 @@ static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context,
DLIST_ADD_END(list, t, auth_methods *);
}
}
-
+
(*auth_context)->auth_method_list = list;
-
+
return nt_status;
}
@@ -523,7 +525,7 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context)
} else {
DEBUG(5,("Using specified auth order\n"));
}
-
+
nt_status = make_auth_context_text_list(auth_context,
auth_method_list);
@@ -541,7 +543,7 @@ NTSTATUS make_auth_context_fixed(struct auth_context **auth_context, uchar chal[
if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(auth_context))) {
return nt_status;
}
-
+
(*auth_context)->challenge = data_blob_talloc((*auth_context)->mem_ctx, chal, 8);
(*auth_context)->challenge_set_by = "fixed";
return nt_status;
diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c
index 00d9dea..925c0d4 100644
--- a/source3/auth/auth_compat.c
+++ b/source3/auth/auth_compat.c
@@ -39,13 +39,14 @@ NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_pass
{
struct auth_context *plaintext_auth_context = NULL;
auth_usersupplied_info *user_info = NULL;
- const uint8 *chal;
+ uint8_t chal[8];
NTSTATUS nt_status;
if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&plaintext_auth_context))) {
return nt_status;
}
- chal = plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context);
+ plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context,
+ chal);
if (!make_user_info_for_reply(&user_info,
smb_name, lp_workgroup(), chal,
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 0d46b14..98f5838 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -27,11 +27,13 @@
* @return an 8 byte random challenge
*/
-static const uint8 *auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state)
+static void auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state,
+ uint8_t chal[8])
{
AUTH_NTLMSSP_STATE *auth_ntlmssp_state =
(AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context;
- return auth_ntlmssp_state->auth_context->get_ntlm_challenge(auth_ntlmssp_state->auth_context);
+ return auth_ntlmssp_state->auth_context->get_ntlm_challenge(
+ auth_ntlmssp_state->auth_context, chal);
}
/**
diff --git a/source3/include/auth.h b/source3/include/auth.h
index 17bccce..7d778b9 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -92,7 +92,8 @@ struct auth_context {
struct auth_methods *auth_method_list;
TALLOC_CTX *mem_ctx;
- const uint8 *(*get_ntlm_challenge)(struct auth_context *auth_context);
+ void (*get_ntlm_challenge)(struct auth_context *auth_context,
+ uint8_t chal[8]);
NTSTATUS (*check_ntlm_password)(const struct auth_context *auth_context,
const struct auth_usersupplied_info *user_info,
struct auth_serversupplied_info **server_info);
diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h
index 55b9249..f3414fe 100644
--- a/source3/include/ntlmssp.h
+++ b/source3/include/ntlmssp.h
@@ -109,7 +109,8 @@ typedef struct ntlmssp_state
* @return 8 bytes of challnege data, determined by the server to be the challenge for NTLM authentication
*
*/
- const uint8 *(*get_challenge)(const struct ntlmssp_state *ntlmssp_state);
+ void (*get_challenge)(const struct ntlmssp_state *ntlmssp_state,
+ uint8_t challenge[8]);
/**
* Callback to find if the challenge used by NTLM authentication may be modified
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index cc13476..0764f97 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -110,12 +110,10 @@ void debug_ntlmssp_flags(uint32 neg_flags)
*
*/
-static const uint8 *get_challenge(const struct ntlmssp_state *ntlmssp_state)
+static void get_challenge(const struct ntlmssp_state *ntlmssp_state,
+ uint8_t chal[8])
{
- static uchar chal[8];
- generate_random_buffer(chal, sizeof(chal));
-
- return chal;
+ generate_random_buffer(chal, 8);
}
/**
@@ -517,7 +515,7 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
char *dnsdomname = NULL;
uint32 neg_flags = 0;
uint32 ntlmssp_command, chal_flags;
- const uint8 *cryptkey;
+ uint8_t cryptkey[8];
const char *target_name;
/* parse the NTLMSSP packet */
@@ -541,7 +539,7 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
ntlmssp_handle_neg_flags(ntlmssp_state, neg_flags, lp_lanman_auth());
/* Ask our caller what challenge they would like in the packet */
- cryptkey = ntlmssp_state->get_challenge(ntlmssp_state);
+ ntlmssp_state->get_challenge(ntlmssp_state, cryptkey);
/* Check if we may set the challenge */
if (!ntlmssp_state->may_set_challenge(ntlmssp_state)) {
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index a38c717..0c83144 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -990,13 +990,13 @@ NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
this to challenge/response for the auth subsystem to chew
on */
{
- const uint8 *chal;
+ uint8_t chal[8];
if (!NT_STATUS_IS_OK(status = make_auth_context_subsystem(&auth_context))) {
return status;
}
- chal = auth_context->get_ntlm_challenge(auth_context);
+ auth_context->get_ntlm_challenge(auth_context, chal);
if (!make_user_info_netlogon_interactive(&user_info,
nt_username, nt_domain,
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 57608a9..a921954 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -27,7 +27,6 @@ extern enum protocol_types Protocol;
static void get_challenge(uint8 buff[8])
{
NTSTATUS nt_status;
- const uint8 *cryptkey;
/* We might be called more than once, multiple negprots are
* permitted */
@@ -42,8 +41,8 @@ static void get_challenge(uint8 buff[8])
smb_panic("cannot make_negprot_global_auth_context!");
}
DEBUG(10, ("get challenge: getting challenge\n"));
- cryptkey = negprot_global_auth_context->get_ntlm_challenge(negprot_global_auth_context);
- memcpy(buff, cryptkey, 8);
+ negprot_global_auth_context->get_ntlm_challenge(
+ negprot_global_auth_context, buff);
}
/****************************************************************************
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 7a03ef7..8a09ed3 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -1691,14 +1691,15 @@ void reply_sesssetup_and_X(struct smb_request *req)
}
} else {
struct auth_context *plaintext_auth_context = NULL;
- const uint8 *chal;
nt_status = make_auth_context_subsystem(
&plaintext_auth_context);
if (NT_STATUS_IS_OK(nt_status)) {
- chal = plaintext_auth_context->get_ntlm_challenge(
- plaintext_auth_context);
+ uint8_t chal[8];
+
+ plaintext_auth_context->get_ntlm_challenge(
+ plaintext_auth_context, chal);
if (!make_user_info_for_reply(&user_info,
user, domain, chal,
--
Samba Shared Repository
More information about the samba-cvs
mailing list