[SCM] Samba Shared Repository - branch master updated
Ralph Böhme
slow at samba.org
Tue Jan 3 18:57:03 UTC 2017
The branch, master has been updated
via 98bcdca torture-netlogon: Use "all_zero" where appropriate
via 015a41a torture-samlogon: Avoid static zeros
via b3d5fe9 torture-samlogon: Use "all_zero" where appropriate
via 6eeb3ec torture-dfs: Use "all_zero" where appropriate
via efb5f38 auth4: Use "all_zero" where appropriate
via a4bc275 kdc: Use "all_zero" where appropriate
via 80bb18d samr3: Use "all_zero" where appropriate
via c9955da libads: Use "all_zero" where appropriate
via 214abc9 lib: Use "all_zero" where appropriate
via 25465b1 librpc: Use "all_zero" where appropriate
via 20c56e2 libnet: Use "all_zero" where appropriate
via f5847b6 auth: Use "all_zero" where appropriate
via f46932a librpc: Use "all_zero" where appropriate
via 577418c libcli: Use "all_zero" where appropriate
via ac389ee passdb: Use "all_zero" where appropriate
via d3322cd auth3: Avoid some zeros footprint
via 9c72823 ntlm_auth: Use "all_zero" where appropriate
via 0eea65d libcli: Use "all_zero" where appropriate
via 38884b2 libcli: Use "all_zero" where appropriate
via f50b6e7 auth3: Use "all_zero" where appropriate
via 3d9b1bd libcli: Use "all_zero" where appropriate
via 66e4026 lib: Remove a duplicate prototype
via ebdce3c libsmb: Add name_status_lmhosts
from 5bcf3f1 WHATSNEW: Some small formal fixes.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 98bcdca632c7e508af2ecb3e8d6e005d04523c83
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
torture-netlogon: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Jan 3 19:56:17 CET 2017 on sn-devel-144
commit 015a41a5e358849bc5960f9bc7714f751ad0f7b7
Author: Volker Lendecke <vl at samba.org>
Date: Sun Jan 1 16:28:36 2017 +0000
torture-samlogon: Avoid static zeros
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit b3d5fe9679a56ba20e9627fecda36c60a471a20c
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
torture-samlogon: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 6eeb3ec3ab19ddee11829f1d5ac2d13ef1c7b18c
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
torture-dfs: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit efb5f38f1f03d3f1326a8fa115d19101c41db95a
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
auth4: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit a4bc275d947932c0a72e4f6d395634224f903e1a
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
kdc: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 80bb18d896a5609adb526a39c8512a4bc94cb409
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
samr3: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit c9955da65ad1befe51ad21dd884956c199b4c9b5
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
libads: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 214abc98e667bfa529eec86e5f1ef7e2c1cb8f37
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
lib: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 25465b118a32d0f4dea777da5880195ed7f27ecf
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
librpc: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 20c56e21ca4a5f2abcc618deb7d23e432721c88a
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
libnet: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit f5847b6e3484f7660535e60ba2d5df2fc8dad096
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
auth: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit f46932abfcd6461f4aa61302312ba13f641fc3d7
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
librpc: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 577418c87ef7ead24bcc09149c5a54840b7bc287
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
libcli: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit ac389eedece4ed9917cbac8b759b83f2111b3b66
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
passdb: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit d3322cdd21a28968fb6442843cbf169dc1ae0737
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 13:11:10 2016 +0000
auth3: Avoid some zeros footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 9c72823a99c4355af23530db2f6e263ac2b58458
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
ntlm_auth: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 0eea65d3728aaac3a443f5b57172d7486ca1c893
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
libcli: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 38884b2b2b08d54311d3b927900c5a9b071f8a5e
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
libcli: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit f50b6e7cb4aa1891f4a6808cc7008f64aee79e49
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
auth3: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 3d9b1bdf6c8f969c5075f1e0b47714a8a534bc2a
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:45:51 2016 +0000
libcli: Use "all_zero" where appropriate
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 66e402653f9a7991d03c7d483a9186a5400ab70e
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 12:38:45 2016 +0000
lib: Remove a duplicate prototype
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit ebdce3c489a856f233067d806fa4e3fb35976919
Author: Volker Lendecke <vl at samba.org>
Date: Mon Dec 19 20:18:41 2016 +0100
libsmb: Add name_status_lmhosts
Don't ask... Oh, you did? :-)
Try to figure out a hosts' name from lmhosts. This is for a setup I've
come across where for several reasons kerberos and ldap were unusable
(very organically grown but unchangeable Solaris 10 installation with
tons of ancient libs that ./configure incorrectly finds and where tar xf
samba-4.5.3.tar takes 5 minutes...), so I had to fall back to compile
with --without-ads. Unfortunately in that environment NetBIOS was also
turned off, but the "winbind rpc only" code relies on name_status to
get a DC's name from its IP address for the netlogon calls. This walks
the local lmhosts file to scan for the same information.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/krb5_wrap/krb5_samba.c | 8 ++----
libcli/auth/credentials.c | 33 +++++++++------------
libcli/auth/ntlm_check.c | 5 ++--
libcli/samsync/decrypt.c | 15 ++++------
libcli/smb/smbXcli_base.c | 10 ++-----
librpc/ndr/ndr_sec_helper.c | 12 ++------
source3/auth/auth_util.c | 10 +++----
source3/auth/check_samsec.c | 5 ++--
source3/include/proto.h | 1 -
source3/libads/kerberos_keytab.c | 30 ++++---------------
source3/libnet/libnet_dssync_passdb.c | 7 ++---
source3/libnet/libnet_keytab.h | 1 -
source3/libnet/libnet_samsync_display.c | 6 ++--
source3/libnet/libnet_samsync_keytab.c | 2 +-
source3/libnet/libnet_samsync_ldif.c | 7 ++---
source3/libnet/libnet_samsync_passdb.c | 7 ++---
source3/librpc/crypto/gse_krb5.c | 38 +++++++-----------------
source3/libsmb/namequery.c | 43 ++++++++++++++++++++++++++++
source3/passdb/pdb_samba_dsdb.c | 4 +--
source3/rpc_server/samr/srv_samr_chgpasswd.c | 8 ++----
source3/utils/ntlm_auth.c | 22 ++++++--------
source4/auth/ntlm/auth_sam.c | 5 ++--
source4/kdc/pac-glue.c | 10 +++----
source4/torture/dfs/domaindfs.c | 7 ++---
source4/torture/rpc/netlogon.c | 7 ++---
source4/torture/rpc/samlogon.c | 16 +++--------
26 files changed, 131 insertions(+), 188 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 307be93..f8f3b16 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1229,17 +1229,13 @@ krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context,
{
krb5_error_code ret;
krb5_kt_cursor cursor;
- krb5_kt_cursor zero_csr;
krb5_keytab_entry kt_entry;
- krb5_keytab_entry zero_kt_entry;
char *ktprinc = NULL;
krb5_kvno old_kvno = kvno - 1;
TALLOC_CTX *tmp_ctx;
ZERO_STRUCT(cursor);
- ZERO_STRUCT(zero_csr);
ZERO_STRUCT(kt_entry);
- ZERO_STRUCT(zero_kt_entry);
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if (ret == KRB5_KT_END || ret == ENOENT ) {
@@ -1374,10 +1370,10 @@ krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context,
out:
talloc_free(tmp_ctx);
- if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) {
+ if (!all_zero((uint8_t *)&kt_entry, sizeof(kt_entry))) {
smb_krb5_kt_free_entry(context, &kt_entry);
}
- if (memcmp(&cursor, &zero_csr, sizeof(krb5_kt_cursor)) != 0) {
+ if (!all_zero((uint8_t *)&cursor, sizeof(cursor))) {
krb5_kt_end_seq_get(context, keytab, &cursor);
}
return ret;
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 91f37b7..ddff5e9 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -512,7 +512,6 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede
union netr_Validation *validation,
bool do_encrypt)
{
- static const char zeros[16];
struct netr_SamBaseInfo *base = NULL;
if (validation == NULL) {
@@ -549,8 +548,7 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede
/* they aren't encrypted! */
} else if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
- if (memcmp(base->key.key, zeros,
- sizeof(base->key.key)) != 0) {
+ if (!all_zero(base->key.key, sizeof(base->key.key))) {
if (do_encrypt) {
netlogon_creds_aes_encrypt(creds,
base->key.key,
@@ -562,8 +560,8 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede
}
}
- if (memcmp(base->LMSessKey.key, zeros,
- sizeof(base->LMSessKey.key)) != 0) {
+ if (!all_zero(base->LMSessKey.key,
+ sizeof(base->LMSessKey.key))) {
if (do_encrypt) {
netlogon_creds_aes_encrypt(creds,
base->LMSessKey.key,
@@ -577,23 +575,22 @@ static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_Crede
}
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
- if (memcmp(base->key.key, zeros,
- sizeof(base->key.key)) != 0) {
+ if (!all_zero(base->key.key, sizeof(base->key.key))) {
netlogon_creds_arcfour_crypt(creds,
base->key.key,
sizeof(base->key.key));
}
- if (memcmp(base->LMSessKey.key, zeros,
- sizeof(base->LMSessKey.key)) != 0) {
+ if (!all_zero(base->LMSessKey.key,
+ sizeof(base->LMSessKey.key))) {
netlogon_creds_arcfour_crypt(creds,
base->LMSessKey.key,
sizeof(base->LMSessKey.key));
}
} else {
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
- if (memcmp(base->LMSessKey.key, zeros,
- sizeof(base->LMSessKey.key)) != 0) {
+ if (!all_zero(base->LMSessKey.key,
+ sizeof(base->LMSessKey.key))) {
if (do_encrypt) {
netlogon_creds_des_encrypt_LMKey(creds,
&base->LMSessKey);
@@ -626,8 +623,6 @@ static void netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Credential
union netr_LogonLevel *logon,
bool do_encrypt)
{
- static const char zeros[16];
-
if (logon == NULL) {
return;
}
@@ -645,7 +640,7 @@ static void netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Credential
uint8_t *h;
h = logon->password->lmpassword.hash;
- if (memcmp(h, zeros, 16) != 0) {
+ if (!all_zero(h, 16)) {
if (do_encrypt) {
netlogon_creds_aes_encrypt(creds, h, 16);
} else {
@@ -654,7 +649,7 @@ static void netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Credential
}
h = logon->password->ntpassword.hash;
- if (memcmp(h, zeros, 16) != 0) {
+ if (!all_zero(h, 16)) {
if (do_encrypt) {
netlogon_creds_aes_encrypt(creds, h, 16);
} else {
@@ -665,19 +660,19 @@ static void netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Credential
uint8_t *h;
h = logon->password->lmpassword.hash;
- if (memcmp(h, zeros, 16) != 0) {
+ if (!all_zero(h, 16)) {
netlogon_creds_arcfour_crypt(creds, h, 16);
}
h = logon->password->ntpassword.hash;
- if (memcmp(h, zeros, 16) != 0) {
+ if (!all_zero(h, 16)) {
netlogon_creds_arcfour_crypt(creds, h, 16);
}
} else {
struct samr_Password *p;
p = &logon->password->lmpassword;
- if (memcmp(p->hash, zeros, 16) != 0) {
+ if (!all_zero(p->hash, 16)) {
if (do_encrypt) {
netlogon_creds_des_encrypt(creds, p);
} else {
@@ -685,7 +680,7 @@ static void netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Credential
}
}
p = &logon->password->ntpassword;
- if (memcmp(p->hash, zeros, 16) != 0) {
+ if (!all_zero(p->hash, 16)) {
if (do_encrypt) {
netlogon_creds_des_encrypt(creds, p);
} else {
diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c
index 7f91b52..d7fba34 100644
--- a/libcli/auth/ntlm_check.c
+++ b/libcli/auth/ntlm_check.c
@@ -293,7 +293,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
DATA_BLOB *user_sess_key,
DATA_BLOB *lm_sess_key)
{
- const static uint8_t zeros[8];
DATA_BLOB tmp_sess_key;
const char *upper_client_domain = NULL;
@@ -314,8 +313,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
/* Check for cleartext netlogon. Used by Exchange 5.5. */
if ((logon_parameters & MSV1_0_CLEARTEXT_PASSWORD_ALLOWED)
- && challenge->length == sizeof(zeros)
- && (memcmp(challenge->data, zeros, challenge->length) == 0 )) {
+ && challenge->length == 8
+ && (all_zero(challenge->data, challenge->length))) {
struct samr_Password client_nt;
struct samr_Password client_lm;
char *unix_pw = NULL;
diff --git a/libcli/samsync/decrypt.c b/libcli/samsync/decrypt.c
index 117151e..66cc915 100644
--- a/libcli/samsync/decrypt.c
+++ b/libcli/samsync/decrypt.c
@@ -44,15 +44,12 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
struct netr_DELTA_USER *user = delta->delta_union.user;
struct samr_Password lm_hash;
struct samr_Password nt_hash;
- unsigned char zero_buf[16];
-
- memset(zero_buf, '\0', sizeof(zero_buf));
/* Note that win2000 may send us all zeros
* for the hashes if it doesn't
* think this channel is secure enough. */
if (user->lm_password_present) {
- if (memcmp(user->lmpassword.hash, zero_buf, 16) != 0) {
+ if (!all_zero(user->lmpassword.hash, 16)) {
sam_rid_crypt(rid, user->lmpassword.hash, lm_hash.hash, 0);
} else {
memset(lm_hash.hash, '\0', sizeof(lm_hash.hash));
@@ -61,7 +58,7 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
}
if (user->nt_password_present) {
- if (memcmp(user->ntpassword.hash, zero_buf, 16) != 0) {
+ if (!all_zero(user->ntpassword.hash, 16)) {
sam_rid_crypt(rid, user->ntpassword.hash, nt_hash.hash, 0);
} else {
memset(nt_hash.hash, '\0', sizeof(nt_hash.hash));
@@ -90,8 +87,8 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
* for the hashes if it doesn't
* think this channel is secure enough. */
if (keys.keys.keys2.lmpassword.length == 16) {
- if (memcmp(keys.keys.keys2.lmpassword.pwd.hash,
- zero_buf, 16) != 0) {
+ if (!all_zero(keys.keys.keys2.lmpassword.pwd.hash,
+ 16)) {
sam_rid_crypt(rid,
keys.keys.keys2.lmpassword.pwd.hash,
lm_hash.hash, 0);
@@ -102,8 +99,8 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
user->lm_password_present = true;
}
if (keys.keys.keys2.ntpassword.length == 16) {
- if (memcmp(keys.keys.keys2.ntpassword.pwd.hash,
- zero_buf, 16) != 0) {
+ if (!all_zero(keys.keys.keys2.ntpassword.pwd.hash,
+ 16)) {
sam_rid_crypt(rid,
keys.keys.keys2.ntpassword.pwd.hash,
nt_hash.hash, 0);
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index e24090d..a7b24f0 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -3851,13 +3851,9 @@ static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
}
}
if (signing_key) {
- int cmp;
- static const uint8_t zeros[16];
-
- cmp = memcmp(inhdr+SMB2_HDR_SIGNATURE,
- zeros,
- 16);
- if (cmp == 0) {
+ bool zero;
+ zero = all_zero(inhdr+SMB2_HDR_SIGNATURE, 16);
+ if (zero) {
state->smb2.signing_skipped = true;
signing_key = NULL;
}
diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c
index ea082d1..ecc0511 100644
--- a/librpc/ndr/ndr_sec_helper.c
+++ b/librpc/ndr/ndr_sec_helper.c
@@ -128,13 +128,9 @@ size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags)
size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags)
{
- struct dom_sid zero_sid;
-
if (!sid) return 0;
- ZERO_STRUCT(zero_sid);
-
- if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) {
+ if (all_zero((const uint8_t *)sid, sizeof(struct dom_sid))) {
return 0;
}
@@ -287,8 +283,6 @@ enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct
*/
enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
{
- struct dom_sid zero_sid;
-
if (!(ndr_flags & NDR_SCALARS)) {
return NDR_ERR_SUCCESS;
}
@@ -297,9 +291,7 @@ enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const s
return NDR_ERR_SUCCESS;
}
- ZERO_STRUCT(zero_sid);
-
- if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) {
+ if (all_zero((const uint8_t *)sid, sizeof(struct dom_sid))) {
return NDR_ERR_SUCCESS;
}
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 25f27e8..ae6bfb3 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -811,7 +811,6 @@ static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx,
static NTSTATUS make_new_session_info_guest(struct auth_session_info **session_info, struct auth_serversupplied_info **server_info)
{
- static const char zeros[16] = {0};
const char *guest_account = lp_guest_account();
const char *domain = lp_netbios_name();
struct netr_SamInfo3 info3;
@@ -861,7 +860,7 @@ static NTSTATUS make_new_session_info_guest(struct auth_session_info **session_i
/* annoying, but the Guest really does have a session key, and it is
all zeros! */
- (*session_info)->session_key = data_blob(zeros, sizeof(zeros));
+ (*session_info)->session_key = data_blob_talloc_zero(NULL, 16);
status = NT_STATUS_OK;
done:
@@ -1358,8 +1357,6 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
struct auth_serversupplied_info **server_info,
const struct netr_SamInfo3 *info3)
{
- static const char zeros[16] = {0, };
-
NTSTATUS nt_status = NT_STATUS_OK;
char *found_username = NULL;
const char *nt_domain;
@@ -1460,7 +1457,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
/* ensure we are never given NULL session keys */
- if (memcmp(info3->base.key.key, zeros, sizeof(zeros)) == 0) {
+ if (all_zero(info3->base.key.key, sizeof(info3->base.key.key))) {
result->session_key = data_blob_null;
} else {
result->session_key = data_blob_talloc(
@@ -1468,7 +1465,8 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
sizeof(info3->base.key.key));
}
- if (memcmp(info3->base.LMSessKey.key, zeros, 8) == 0) {
+ if (all_zero(info3->base.LMSessKey.key,
+ sizeof(info3->base.LMSessKey.key))) {
result->lm_session_key = data_blob_null;
} else {
result->lm_session_key = data_blob_talloc(
diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
index cbcde08..53b6da5 100644
--- a/source3/auth/check_samsec.c
+++ b/source3/auth/check_samsec.c
@@ -322,7 +322,6 @@ static bool need_to_increment_bad_pw_count(
username = pdb_get_username(sampass);
for (i=1; i < MIN(MIN(3, policy_pwhistory_len), pwhistory_len); i++) {
- static const uint8_t zero16[SALTED_MD5_HASH_LEN];
const uint8_t *salt;
const uint8_t *nt_pw;
NTSTATUS status;
@@ -332,12 +331,12 @@ static bool need_to_increment_bad_pw_count(
salt = &pwhistory[i*PW_HISTORY_ENTRY_LEN];
nt_pw = salt + PW_HISTORY_SALT_LEN;
- if (memcmp(zero16, nt_pw, NT_HASH_LEN) == 0) {
+ if (all_zero(nt_pw, NT_HASH_LEN)) {
/* skip zero password hash */
continue;
}
- if (memcmp(zero16, salt, PW_HISTORY_SALT_LEN) != 0) {
+ if (!all_zero(salt, PW_HISTORY_SALT_LEN)) {
/* skip nonzero salt (old format entry) */
continue;
}
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 4535a14..642900e 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -324,7 +324,6 @@ const char *my_sam_name(void);
enum protocol_types get_Protocol(void);
void set_Protocol(enum protocol_types p);
-bool all_zero(const uint8_t *ptr, size_t size);
void gfree_names(void);
void gfree_all( void );
const char *my_netbios_names(int i);
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 8c7c1c3..3c73b08 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -553,18 +553,10 @@ done:
TALLOC_FREE(frame);
if (context) {
- krb5_keytab_entry zero_kt_entry;
- krb5_kt_cursor zero_csr;
-
- ZERO_STRUCT(zero_kt_entry);
- ZERO_STRUCT(zero_csr);
-
- if (memcmp(&zero_kt_entry, &kt_entry,
- sizeof(krb5_keytab_entry))) {
+ if (!all_zero((uint8_t *)&kt_entry, sizeof(kt_entry))) {
smb_krb5_kt_free_entry(context, &kt_entry);
}
- if ((memcmp(&cursor, &zero_csr,
- sizeof(krb5_kt_cursor)) != 0) && keytab) {
+ if (!all_zero((uint8_t *)&cursor, sizeof(cursor)) && keytab) {
krb5_kt_end_seq_get(context, keytab, &cursor);
}
if (keytab) {
@@ -657,21 +649,11 @@ int ads_keytab_list(const char *keytab_name)
ZERO_STRUCT(cursor);
out:
- {
- krb5_keytab_entry zero_kt_entry;
- ZERO_STRUCT(zero_kt_entry);
- if (memcmp(&zero_kt_entry, &kt_entry,
- sizeof(krb5_keytab_entry))) {
- smb_krb5_kt_free_entry(context, &kt_entry);
- }
+ if (!all_zero((uint8_t *)&kt_entry, sizeof(kt_entry))) {
+ smb_krb5_kt_free_entry(context, &kt_entry);
}
- {
- krb5_kt_cursor zero_csr;
- ZERO_STRUCT(zero_csr);
- if ((memcmp(&cursor, &zero_csr,
- sizeof(krb5_kt_cursor)) != 0) && keytab) {
- krb5_kt_end_seq_get(context, keytab, &cursor);
- }
+ if (!all_zero((uint8_t *)&cursor, sizeof(cursor)) && keytab) {
+ krb5_kt_end_seq_get(context, keytab, &cursor);
}
if (keytab) {
diff --git a/source3/libnet/libnet_dssync_passdb.c b/source3/libnet/libnet_dssync_passdb.c
index 99e65c2..8e2a459 100644
--- a/source3/libnet/libnet_dssync_passdb.c
+++ b/source3/libnet/libnet_dssync_passdb.c
@@ -1105,7 +1105,6 @@ static NTSTATUS sam_account_from_object(struct samu *account,
TALLOC_CTX *mem_ctx = account;
const char *old_string, *new_string;
time_t unix_time, stored_time;
- uchar zero_buf[16];
NTSTATUS status;
NTTIME lastLogon;
@@ -1134,8 +1133,6 @@ static NTSTATUS sam_account_from_object(struct samu *account,
uint32_t acct_flags;
uint32_t units_per_week;
- memset(zero_buf, '\0', sizeof(zero_buf));
-
objectSid = cur->object.identifier->sid;
GET_STRING_EX(sAMAccountName, true);
DEBUG(0,("sam_account_from_object(%s, %s) start\n",
@@ -1329,11 +1326,11 @@ static NTSTATUS sam_account_from_object(struct samu *account,
think this channel is secure enough - don't set the passwords at all
in that case
*/
- if (dBCSPwd.length == 16 && memcmp(dBCSPwd.data, zero_buf, 16) != 0) {
+ if (dBCSPwd.length == 16 && !all_zero(dBCSPwd.data, 16)) {
pdb_set_lanman_passwd(account, dBCSPwd.data, PDB_CHANGED);
}
- if (unicodePwd.length == 16 && memcmp(unicodePwd.data, zero_buf, 16) != 0) {
+ if (unicodePwd.length == 16 && !all_zero(unicodePwd.data, 16)) {
pdb_set_nt_passwd(account, unicodePwd.data, PDB_CHANGED);
}
diff --git a/source3/libnet/libnet_keytab.h b/source3/libnet/libnet_keytab.h
index 43071ce..df6e957 100644
--- a/source3/libnet/libnet_keytab.h
+++ b/source3/libnet/libnet_keytab.h
@@ -35,7 +35,6 @@ struct libnet_keytab_context {
const char *keytab_name;
struct ads_struct *ads;
const char *dns_domain_name;
- uint8_t zero_buf[16];
uint32_t count;
struct libnet_keytab_entry *entries;
bool clean_old_entries;
diff --git a/source3/libnet/libnet_samsync_display.c b/source3/libnet/libnet_samsync_display.c
index 034a23f..040742d 100644
--- a/source3/libnet/libnet_samsync_display.c
+++ b/source3/libnet/libnet_samsync_display.c
@@ -60,19 +60,17 @@ static void display_account_info(uint32_t rid,
struct netr_DELTA_USER *r)
{
fstring hex_nt_passwd, hex_lm_passwd;
- uchar zero_buf[16];
- memset(zero_buf, '\0', sizeof(zero_buf));
/* Decode hashes from password hash (if they are not NULL) */
- if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
+ if (!all_zero(r->lmpassword.hash, 16)) {
pdb_sethexpwd(hex_lm_passwd, r->lmpassword.hash, r->acct_flags);
} else {
pdb_sethexpwd(hex_lm_passwd, NULL, 0);
}
- if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
+ if (!all_zero(r->ntpassword.hash, 16)) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list