[SCM] Samba Shared Repository - branch v3-6-test updated
Günther Deschner
gd at samba.org
Mon Sep 20 22:20:11 MDT 2010
The branch, v3-6-test has been updated
via 60f20fc s4:auth Move struct auth_usersupplied_info to a common location
via 0fe9f10 s4:ntlmssp Merge more aspects of the source3/ NTLMSSP layer
via 56ed536 s4:ntlmssp Re-add gensec_ntlmssp wrapper to allow merge with source3/
via c9bd856 s4:ntlmssp Always setup the session keys and signing state
via 2e5711f s4:ntlmssp Adjust Samba4 ntlmssp code to look more like the code in Samba3.
from 519e376 s4-smbtorture: print SVCCTL security descriptor in test_QueryServiceObjectSecurity().
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 60f20fcb52903e76e77bc8ac04d0541d825507bf
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue May 4 16:44:08 2010 +1000
s4:auth Move struct auth_usersupplied_info to a common location
This also changes the calling convention slightly - we should always
allocate this with talloc_zero() to allow some elements to be
optional. Some elements may only make sense in Samba3, which I hope
will use this common structure.
Andrew Bartlett
(cherry picked from commit 272e49e85c47d88ef0a84bce88e6f8d984f2eae4)
commit 0fe9f1056eb61ca87a3aeb8b84a81abdd1b6c8ec
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Aug 7 18:56:35 2010 +1000
s4:ntlmssp Merge more aspects of the source3/ NTLMSSP layer
This changes the talloc treatment of the session keys to avoid
memory duplication - the session key has always been allocated
onto the ntlmssp_context by the auth subsystem callback.
The remainder of the changes are cosmetics, such as avoiding
using lm_session_key as a pointer (and avoiding then doing an
if statement on something that is always true).
Andrew Bartlett
(cherry picked from commit 4b47245a9d7292255a5dca8286283b5519de12e6)
commit 56ed536574e61846d75415ded4071f17842ed438
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 6 17:53:44 2010 +1000
s4:ntlmssp Re-add gensec_ntlmssp wrapper to allow merge with source3/
By re-adding this wrapper, the actual guts of these functions are now very
similar to that found in source3/libsmb/ntlmssp.c
This should make it easier to merge the implementations.
Andrew Bartlett
(cherry picked from commit 6644f48d724085f839da86ef75bd814a46359ea5)
commit c9bd85601cdc593ef691c8559841311710ff6f93
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 6 17:51:34 2010 +1000
s4:ntlmssp Always setup the session keys and signing state
While it would save some CPU to only setup the session key when
requested (like windows does), this instead matches the
implementation in source3/libsmb/ntlmssp.c
We could re-add this later after the codebase is merged.
Andrew Bartlett
(cherry picked from commit 1979486c8ea9125cb8b16782acc0dcea9c6f552e)
commit 2e5711fd300e8e9a469f0e2a508824ad7b087681
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 6 16:14:11 2010 +1000
s4:ntlmssp Adjust Samba4 ntlmssp code to look more like the code in Samba3.
This does not change behaviour, and some of the whitespace isn't ideal, but
at the moment making this code more similar, even in cosmetics, will assist
later merge efforts.
Andrew Bartlett
(cherry picked from commit a2607a62f3ff359715e49fed93ec23f744e861b5)
-----------------------------------------------------------------------
Summary of changes:
auth/common_auth.h | 63 +++++
source4/auth/auth.h | 43 +----
source4/auth/ntlm/auth_simple.c | 2 +-
source4/auth/ntlm/auth_util.c | 6 +-
source4/auth/ntlmssp/ntlmssp.c | 4 +-
source4/auth/ntlmssp/ntlmssp_server.c | 309 +++++++++++++++----------
source4/auth/ntlmssp/wscript_build | 2 +-
source4/rpc_server/netlogon/dcerpc_netlogon.c | 6 +-
source4/smb_server/smb/sesssetup.c | 4 +-
9 files changed, 266 insertions(+), 173 deletions(-)
create mode 100644 auth/common_auth.h
Changeset truncated at 500 lines:
diff --git a/auth/common_auth.h b/auth/common_auth.h
new file mode 100644
index 0000000..5bade69
--- /dev/null
+++ b/auth/common_auth.h
@@ -0,0 +1,63 @@
+/*
+ Unix SMB/CIFS implementation.
+ Standardised Authentication types
+ Copyright (C) Andrew Bartlett 2001-2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "librpc/gen_ndr/krb5pac.h"
+
+#define USER_INFO_CASE_INSENSITIVE_USERNAME 0x01 /* username may be in any case */
+#define USER_INFO_CASE_INSENSITIVE_PASSWORD 0x02 /* password may be in any case */
+#define USER_INFO_DONT_CHECK_UNIX_ACCOUNT 0x04 /* don't check unix account status */
+#define USER_INFO_INTERACTIVE_LOGON 0x08 /* don't check unix account status */
+
+enum auth_password_state {
+ AUTH_PASSWORD_RESPONSE,
+ AUTH_PASSWORD_HASH,
+ AUTH_PASSWORD_PLAIN
+};
+
+struct auth_usersupplied_info
+{
+ const char *workstation_name;
+ const struct tsocket_address *remote_host;
+
+ uint32_t logon_parameters;
+
+ bool mapped_state;
+ bool was_mapped;
+ /* the values the client gives us */
+ struct {
+ const char *account_name;
+ const char *domain_name;
+ } client, mapped;
+
+ enum auth_password_state password_state;
+
+ struct {
+ struct {
+ DATA_BLOB lanman;
+ DATA_BLOB nt;
+ } response;
+ struct {
+ struct samr_Password *lanman;
+ struct samr_Password *nt;
+ } hash;
+
+ char *plaintext;
+ } password;
+ uint32_t flags;
+};
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 9ce338c..ce583c8 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -22,6 +22,7 @@
#define _SAMBA_AUTH_H
#include "librpc/gen_ndr/ndr_krb5pac.h"
+#include "../auth/common_auth.h"
extern const char *krbtgt_attrs[];
extern const char *server_attrs[];
@@ -43,52 +44,10 @@ struct loadparm_context;
/* version 0 - till samba4 is stable - metze */
#define AUTH_INTERFACE_VERSION 0
-#define USER_INFO_CASE_INSENSITIVE_USERNAME 0x01 /* username may be in any case */
-#define USER_INFO_CASE_INSENSITIVE_PASSWORD 0x02 /* password may be in any case */
-#define USER_INFO_DONT_CHECK_UNIX_ACCOUNT 0x04 /* don't check unix account status */
-#define USER_INFO_INTERACTIVE_LOGON 0x08 /* don't check unix account status */
-
#define AUTH_SESSION_INFO_DEFAULT_GROUPS 0x01 /* Add the user to the default world and network groups */
#define AUTH_SESSION_INFO_AUTHENTICATED 0x02 /* Add the user to the 'authenticated users' group */
#define AUTH_SESSION_INFO_ENTERPRISE_DC 0x04 /* Add the user to the 'enterprise DC' group */
-enum auth_password_state {
- AUTH_PASSWORD_RESPONSE,
- AUTH_PASSWORD_HASH,
- AUTH_PASSWORD_PLAIN
-};
-
-struct auth_usersupplied_info
-{
- const char *workstation_name;
- const struct tsocket_address *remote_host;
-
- uint32_t logon_parameters;
-
- bool mapped_state;
- /* the values the client gives us */
- struct {
- const char *account_name;
- const char *domain_name;
- } client, mapped;
-
- enum auth_password_state password_state;
-
- union {
- struct {
- DATA_BLOB lanman;
- DATA_BLOB nt;
- } response;
- struct {
- struct samr_Password *lanman;
- struct samr_Password *nt;
- } hash;
-
- char *plaintext;
- } password;
- uint32_t flags;
-};
-
struct auth_serversupplied_info
{
struct dom_sid *account_sid;
diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c
index 9c8f7f6..65a08cd 100644
--- a/source4/auth/ntlm/auth_simple.c
+++ b/source4/auth/ntlm/auth_simple.c
@@ -56,7 +56,7 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
return nt_status;
}
- user_info = talloc(tmp_ctx, struct auth_usersupplied_info);
+ user_info = talloc_zero(tmp_ctx, struct auth_usersupplied_info);
if (!user_info) {
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
diff --git a/source4/auth/ntlm/auth_util.c b/source4/auth/ntlm/auth_util.c
index 7da68a2..605cd98 100644
--- a/source4/auth/ntlm/auth_util.c
+++ b/source4/auth/ntlm/auth_util.c
@@ -74,7 +74,7 @@ NTSTATUS map_user_info(TALLOC_CTX *mem_ctx,
domain = default_domain;
}
- *user_info_mapped = talloc(mem_ctx, struct auth_usersupplied_info);
+ *user_info_mapped = talloc_zero(mem_ctx, struct auth_usersupplied_info);
if (!*user_info_mapped) {
return NT_STATUS_NO_MEMORY;
}
@@ -124,7 +124,7 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_contex
{
uint8_t chal[8];
DATA_BLOB chall_blob;
- user_info_temp = talloc(mem_ctx, struct auth_usersupplied_info);
+ user_info_temp = talloc_zero(mem_ctx, struct auth_usersupplied_info);
if (!user_info_temp) {
return NT_STATUS_NO_MEMORY;
}
@@ -190,7 +190,7 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_contex
struct samr_Password lanman;
struct samr_Password nt;
- user_info_temp = talloc(mem_ctx, struct auth_usersupplied_info);
+ user_info_temp = talloc_zero(mem_ctx, struct auth_usersupplied_info);
if (!user_info_temp) {
return NT_STATUS_NO_MEMORY;
}
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c
index e55527a..74fa62f 100644
--- a/source4/auth/ntlmssp/ntlmssp.c
+++ b/source4/auth/ntlmssp/ntlmssp.c
@@ -47,7 +47,7 @@ static const struct ntlmssp_callbacks {
},{
.role = NTLMSSP_SERVER,
.command = NTLMSSP_NEGOTIATE,
- .sync_fn = ntlmssp_server_negotiate,
+ .sync_fn = gensec_ntlmssp_server_negotiate,
},{
.role = NTLMSSP_CLIENT,
.command = NTLMSSP_CHALLENGE,
@@ -55,7 +55,7 @@ static const struct ntlmssp_callbacks {
},{
.role = NTLMSSP_SERVER,
.command = NTLMSSP_AUTH,
- .sync_fn = ntlmssp_server_auth,
+ .sync_fn = gensec_ntlmssp_server_auth,
}
};
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index a6ade25..deb4f97 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -26,6 +26,7 @@
#include "lib/tsocket/tsocket.h"
#include "auth/ntlmssp/ntlmssp.h"
#include "../librpc/gen_ndr/ndr_ntlmssp.h"
+#include "../libcli/auth/ntlmssp_ndr.h"
#include "../libcli/auth/libcli_auth.h"
#include "../lib/crypto/crypto.h"
#include "auth/gensec/gensec.h"
@@ -34,9 +35,9 @@
#include "param/param.h"
/**
- * Determine correct target name flags for reply, given server role
+ * Determine correct target name flags for reply, given server role
* and negotiated flags
- *
+ *
* @param ntlmssp_state NTLMSSP State
* @param neg_flags The flags from the packet
* @param chal_flags The flags to be set in the reply packet
@@ -44,7 +45,7 @@
*/
static const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state,
- uint32_t neg_flags, uint32_t *chal_flags)
+ uint32_t neg_flags, uint32_t *chal_flags)
{
if (neg_flags & NTLMSSP_REQUEST_TARGET) {
*chal_flags |= NTLMSSP_NEGOTIATE_TARGET_INFO;
@@ -66,21 +67,17 @@ static const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state,
/**
* Next state function for the Negotiate packet
*
- * @param gensec_security GENSEC state
+ * @param ntlmssp_state NTLMSSP state
* @param out_mem_ctx Memory context for *out
* @param in The request, as a DATA_BLOB. reply.data must be NULL
* @param out The reply, as an allocated DATA_BLOB, caller to free.
* @return Errors or MORE_PROCESSING_REQUIRED if (normal) a reply is required.
*/
-NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
+NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
TALLOC_CTX *out_mem_ctx,
- const DATA_BLOB in, DATA_BLOB *out)
+ const DATA_BLOB request, DATA_BLOB *reply)
{
- struct gensec_ntlmssp_context *gensec_ntlmssp =
- talloc_get_type_abort(gensec_security->private_data,
- struct gensec_ntlmssp_context);
- struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
DATA_BLOB struct_blob;
uint32_t neg_flags = 0;
uint32_t ntlmssp_command, chal_flags;
@@ -93,19 +90,31 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
file_save("ntlmssp_negotiate.dat", request.data, request.length);
#endif
- if (in.length) {
- if ((in.length < 16) || !msrpc_parse(out_mem_ctx,
- &in, "Cdd",
- "NTLMSSP",
- &ntlmssp_command,
- &neg_flags)) {
- DEBUG(1, ("ntlmssp_server_negotiate: failed to parse "
- "NTLMSSP Negotiate of length %u:\n",
- (unsigned int)in.length ));
- dump_data(2, in.data, in.length);
+ if (request.length) {
+ if ((request.length < 16) || !msrpc_parse(ntlmssp_state, &request, "Cdd",
+ "NTLMSSP",
+ &ntlmssp_command,
+ &neg_flags)) {
+ DEBUG(1, ("ntlmssp_server_negotiate: failed to parse NTLMSSP Negotiate of length %u\n",
+ (unsigned int)request.length));
+ dump_data(2, request.data, request.length);
return NT_STATUS_INVALID_PARAMETER;
}
debug_ntlmssp_flags(neg_flags);
+
+ if (DEBUGLEVEL >= 10) {
+ struct NEGOTIATE_MESSAGE *negotiate = talloc(
+ ntlmssp_state, struct NEGOTIATE_MESSAGE);
+ if (negotiate != NULL) {
+ status = ntlmssp_pull_NEGOTIATE_MESSAGE(
+ &request, negotiate, negotiate);
+ if (NT_STATUS_IS_OK(status)) {
+ NDR_PRINT_DEBUG(NEGOTIATE_MESSAGE,
+ negotiate);
+ }
+ TALLOC_FREE(negotiate);
+ }
+ }
}
ntlmssp_handle_neg_flags(ntlmssp_state, neg_flags, ntlmssp_state->allow_lm_key);
@@ -125,31 +134,32 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
/* The flags we send back are not just the negotiated flags,
* they are also 'what is in this packet'. Therfore, we
- * operate on 'chal_flags' from here on
+ * operate on 'chal_flags' from here on
*/
chal_flags = ntlmssp_state->neg_flags;
/* get the right name to fill in as 'target' */
target_name = ntlmssp_target_name(ntlmssp_state,
- neg_flags, &chal_flags);
- if (target_name == NULL)
+ neg_flags, &chal_flags);
+ if (target_name == NULL)
return NT_STATUS_INVALID_PARAMETER;
ntlmssp_state->chal = data_blob_talloc(ntlmssp_state, cryptkey, 8);
- ntlmssp_state->internal_chal = data_blob_talloc(ntlmssp_state, cryptkey, 8);
+ ntlmssp_state->internal_chal = data_blob_talloc(ntlmssp_state,
+ cryptkey, 8);
/* This creates the 'blob' of names that appears at the end of the packet */
- if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
- msrpc_gen(out_mem_ctx,
- &struct_blob, "aaaaa",
+ if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO)
+ {
+ msrpc_gen(ntlmssp_state, &struct_blob, "aaaaa",
MsvAvNbDomainName, target_name,
MsvAvNbComputerName, ntlmssp_state->server.netbios_name,
MsvAvDnsDomainName, ntlmssp_state->server.dns_domain,
MsvAvDnsComputerName, ntlmssp_state->server.dns_name,
MsvAvEOL, "");
} else {
- struct_blob = data_blob(NULL, 0);
+ struct_blob = data_blob_null;
}
{
@@ -169,11 +179,12 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
vers.NTLMRevisionCurrent = NTLMSSP_REVISION_W2K3;
err = ndr_push_struct_blob(&version_blob,
- out_mem_ctx,
+ ntlmssp_state,
&vers,
(ndr_push_flags_fn_t)ndr_push_VERSION);
if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
+ data_blob_free(&struct_blob);
return NT_STATUS_NO_MEMORY;
}
}
@@ -183,21 +194,37 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
} else {
gen_string = "CdAdbddBb";
}
-
- msrpc_gen(out_mem_ctx,
- out, gen_string,
- "NTLMSSP",
- NTLMSSP_CHALLENGE,
- target_name,
- chal_flags,
- cryptkey, 8,
- 0, 0,
- struct_blob.data, struct_blob.length,
- version_blob.data, version_blob.length);
+
+ msrpc_gen(out_mem_ctx, reply, gen_string,
+ "NTLMSSP",
+ NTLMSSP_CHALLENGE,
+ target_name,
+ chal_flags,
+ cryptkey, 8,
+ 0, 0,
+ struct_blob.data, struct_blob.length,
+ version_blob.data, version_blob.length);
data_blob_free(&version_blob);
+
+ if (DEBUGLEVEL >= 10) {
+ struct CHALLENGE_MESSAGE *challenge = talloc(
+ ntlmssp_state, struct CHALLENGE_MESSAGE);
+ if (challenge != NULL) {
+ challenge->NegotiateFlags = chal_flags;
+ status = ntlmssp_pull_CHALLENGE_MESSAGE(
+ reply, challenge, challenge);
+ if (NT_STATUS_IS_OK(status)) {
+ NDR_PRINT_DEBUG(CHALLENGE_MESSAGE,
+ challenge);
+ }
+ TALLOC_FREE(challenge);
+ }
+ }
}
-
+
+ data_blob_free(&struct_blob);
+
ntlmssp_state->expected_state = NTLMSSP_AUTH;
return NT_STATUS_MORE_PROCESSING_REQUIRED;
@@ -252,10 +279,9 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->client.netbios_name = NULL;
/* now the NTLMSSP encoded auth hashes */
- if (!msrpc_parse(ntlmssp_state,
- &request, parse_string,
- "NTLMSSP",
- &ntlmssp_command,
+ if (!msrpc_parse(ntlmssp_state, &request, parse_string,
+ "NTLMSSP",
+ &ntlmssp_command,
&ntlmssp_state->lm_resp,
&ntlmssp_state->nt_resp,
&ntlmssp_state->domain,
@@ -278,16 +304,15 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state,
}
/* now the NTLMSSP encoded auth hashes */
- if (!msrpc_parse(ntlmssp_state,
- &request, parse_string,
- "NTLMSSP",
- &ntlmssp_command,
+ if (!msrpc_parse(ntlmssp_state, &request, parse_string,
+ "NTLMSSP",
+ &ntlmssp_command,
&ntlmssp_state->lm_resp,
&ntlmssp_state->nt_resp,
&ntlmssp_state->domain,
&ntlmssp_state->user,
&ntlmssp_state->client.netbios_name)) {
- DEBUG(1, ("ntlmssp_server_auth: failed to parse NTLMSSP:\n"));
+ DEBUG(1, ("ntlmssp_server_auth: failed to parse NTLMSSP (tried both formats):\n"));
dump_data(2, request.data, request.length);
return NT_STATUS_INVALID_PARAMETER;
@@ -299,48 +324,64 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state,
if (auth_flags)
ntlmssp_handle_neg_flags(ntlmssp_state, auth_flags, ntlmssp_state->allow_lm_key);
+ if (DEBUGLEVEL >= 10) {
+ struct AUTHENTICATE_MESSAGE *authenticate = talloc(
+ ntlmssp_state, struct AUTHENTICATE_MESSAGE);
+ if (authenticate != NULL) {
+ NTSTATUS status;
+ authenticate->NegotiateFlags = auth_flags;
+ status = ntlmssp_pull_AUTHENTICATE_MESSAGE(
+ &request, authenticate, authenticate);
+ if (NT_STATUS_IS_OK(status)) {
+ NDR_PRINT_DEBUG(AUTHENTICATE_MESSAGE,
+ authenticate);
+ }
+ TALLOC_FREE(authenticate);
+ }
+ }
+
DEBUG(3,("Got user=[%s] domain=[%s] workstation=[%s] len1=%lu len2=%lu\n",
- ntlmssp_state->user, ntlmssp_state->domain, ntlmssp_state->client.netbios_name, (unsigned long)ntlmssp_state->lm_resp.length, (unsigned long)ntlmssp_state->nt_resp.length));
+ ntlmssp_state->user, ntlmssp_state->domain,
+ ntlmssp_state->client.netbios_name,
+ (unsigned long)ntlmssp_state->lm_resp.length,
+ (unsigned long)ntlmssp_state->nt_resp.length));
#if 0
file_save("nthash1.dat", &ntlmssp_state->nt_resp.data, &ntlmssp_state->nt_resp.length);
file_save("lmhash1.dat", &ntlmssp_state->lm_resp.data, &ntlmssp_state->lm_resp.length);
#endif
- /* NTLM2 uses a 'challenge' that is made of up both the server challenge, and a
- client challenge
-
+ /* NTLM2 uses a 'challenge' that is made of up both the server challenge, and a
+ client challenge
+
However, the NTLM2 flag may still be set for the real NTLMv2 logins, be careful.
*/
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
if (ntlmssp_state->nt_resp.length == 24 && ntlmssp_state->lm_resp.length == 24) {
struct MD5Context md5_session_nonce_ctx;
- SMB_ASSERT(ntlmssp_state->internal_chal.data
- && ntlmssp_state->internal_chal.length == 8);
-
state->doing_ntlm2 = true;
memcpy(state->session_nonce, ntlmssp_state->internal_chal.data, 8);
memcpy(&state->session_nonce[8], ntlmssp_state->lm_resp.data, 8);
+ SMB_ASSERT(ntlmssp_state->internal_chal.data && ntlmssp_state->internal_chal.length == 8);
+
MD5Init(&md5_session_nonce_ctx);
MD5Update(&md5_session_nonce_ctx, state->session_nonce, 16);
MD5Final(session_nonce_hash, &md5_session_nonce_ctx);
-
- ntlmssp_state->chal = data_blob_talloc(ntlmssp_state,
- session_nonce_hash, 8);
--
Samba Shared Repository
More information about the samba-cvs
mailing list