Changeset 746 for vendor/current/libcli/auth

Timestamp:

Nov 27, 2012, 4:56:06 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: updated vendor to 3.6.9

Location:

vendor/current/libcli/auth

Files:

• credentials.c (modified) (1 diff)
• ntlm_check.c (modified) (16 diffs)
• ntlmssp_server.c (modified) (1 diff)
• ntlmssp_sign.c (modified) (1 diff)
• proto.h (modified) (1 diff)
• schannel_sign.c (modified) (1 diff)
• smbencrypt.c (modified) (7 diffs)

vendor/current/libcli/auth/credentials.c

@@ -70 +70 @@
         unsigned char zero[4], tmp[16];
         HMACMD5Context ctx;
-        struct MD5Context md5;
+        MD5_CTX md5;
 
         ZERO_STRUCT(creds->session_key);

vendor/current/libcli/auth/ntlm_check.c

@@ -88 +88 @@
                                  const DATA_BLOB *sec_blob,
                                  const char *user, const char *domain,
-                                 bool upper_case_domain, /* should the domain be transformed into upper case? */
                                  DATA_BLOB *user_sess_key)
 {
@@ -123 +122 @@
         */
 
-        if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) {
+        if (!ntv2_owf_gen(part_passwd, user, domain, kr)) {
                 return false;
         }
@@ -162 +161 @@
                                 const DATA_BLOB *sec_blob,
                                 const char *user, const char *domain,
-                                bool upper_case_domain, /* should the domain be transformed into upper case? */
                                 DATA_BLOB *user_sess_key)
 {
@@ -193 +191 @@
         client_key_data = data_blob_talloc(mem_ctx, ntv2_response->data+16, ntv2_response->length-16);
 
-        if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) {
+        if (!ntv2_owf_gen(part_passwd, user, domain, kr)) {
                 return false;
         }
@@ -298 +296 @@
         const static uint8_t zeros[8];
         DATA_BLOB tmp_sess_key;
+        const char *upper_client_domain = NULL;
+
+        if (client_domain != NULL) {
+                upper_client_domain = talloc_strdup_upper(mem_ctx, client_domain);
+                if (upper_client_domain == NULL) {
+                        return NT_STATUS_NO_MEMORY;
+                }
+        }
 
         if (stored_nt == NULL) {
@@ -349 +355 @@
                    use it 
                 */
-                DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n", client_domain));
+                DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n",
+                        client_domain ? client_domain : "<NULL>"));
                 if (smb_pwd_check_ntlmv2(mem_ctx,
                                          nt_response, 
@@ -355 +362 @@
                                          client_username, 
                                          client_domain,
-                                         false,
                                          user_sess_key)) {
                         if (user_sess_key->length) {
@@ -363 +369 @@
                 }
 
-                DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", client_domain));
+                DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n",
+                        upper_client_domain ? upper_client_domain : "<NULL>"));
                 if (smb_pwd_check_ntlmv2(mem_ctx,
                                          nt_response, 
                                          stored_nt->hash, challenge, 
                                          client_username, 
-                                         client_domain,
-                                         true,
+                                         upper_client_domain,
                                          user_sess_key)) {
                         if (user_sess_key->length) {
@@ -383 +389 @@
                                          client_username, 
                                          "",
-                                         false,
                                          user_sess_key)) {
                         if (user_sess_key->length) {
@@ -471 +476 @@
            - related to Win9X, legacy NAS pass-though authentication
         */
-        DEBUG(4,("ntlm_password_check: Checking LMv2 password with domain %s\n", client_domain));
+        DEBUG(4,("ntlm_password_check: Checking LMv2 password with domain %s\n",
+                client_domain ? client_domain : "<NULL>"));
         if (smb_pwd_check_ntlmv2(mem_ctx,
                                  lm_response, 
@@ -477 +483 @@
                                  client_username,
                                  client_domain,
-                                 false,
                                  &tmp_sess_key)) {
                 if (nt_response->length > 24) {
@@ -489 +494 @@
                                             client_username,
                                             client_domain,
-                                            false,
                                             user_sess_key);
                 } else {
@@ -501 +505 @@
         }
 
-        DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n", client_domain));
+        DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n",
+                upper_client_domain ? upper_client_domain : "<NULL>"));
         if (smb_pwd_check_ntlmv2(mem_ctx,
                                  lm_response, 
                                  stored_nt->hash, challenge, 
                                  client_username,
-                                 client_domain,
-                                 true,
+                                 upper_client_domain,
                                  &tmp_sess_key)) {
                 if (nt_response->length > 24) {
@@ -518 +522 @@
                                             stored_nt->hash, challenge, 
                                             client_username,
-                                            client_domain,
-                                            true,
+                                            upper_client_domain,
                                             user_sess_key);
                 } else {
@@ -537 +540 @@
                                  client_username,
                                  "",
-                                 false,
                                  &tmp_sess_key)) {
                 if (nt_response->length > 24) {
@@ -549 +551 @@
                                             client_username,
                                             "",
-                                            false,
                                             user_sess_key);
                 } else {

vendor/current/libcli/auth/ntlmssp_server.c

@@ -360 +360 @@
         if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
                 if (ntlmssp_state->nt_resp.length == 24 && ntlmssp_state->lm_resp.length == 24) {
-                        struct MD5Context md5_session_nonce_ctx;
+                        MD5_CTX md5_session_nonce_ctx;
                         state->doing_ntlm2 = true;
 

vendor/current/libcli/auth/ntlmssp_sign.c

@@ -52 +52 @@
                             const char *constant)
 {
-        struct MD5Context ctx3;
+        MD5_CTX ctx3;
         MD5Init(&ctx3);
         MD5Update(&ctx3, session_key.data, session_key.length);

vendor/current/libcli/auth/proto.h

@@ -110 +110 @@
 bool ntv2_owf_gen(const uint8_t owf[16],
                   const char *user_in, const char *domain_in,
-                  bool upper_case_domain, /* Transform the domain into UPPER case */
                   uint8_t kr_buf[16]);
 void SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]);

vendor/current/libcli/auth/schannel_sign.c

@@ -111 +111 @@
         uint8_t packet_digest[16];
         static const uint8_t zeros[4];
-        struct MD5Context ctx;
+        MD5_CTX ctx;
 
         MD5Init(&ctx);

vendor/current/libcli/auth/smbencrypt.c

@@ -100 +100 @@
 void E_md5hash(const uint8_t salt[16], const uint8_t nthash[16], uint8_t hash_out[16])
 {
-        struct MD5Context tctx;
+        MD5_CTX tctx;
         MD5Init(&tctx);
         MD5Update(&tctx, salt, 16);
@@ -169 +169 @@
 bool ntv2_owf_gen(const uint8_t owf[16],
                   const char *user_in, const char *domain_in,
-                  bool upper_case_domain, /* Transform the domain into UPPER case */
                   uint8_t kr_buf[16])
 {
@@ -197 +196 @@
                 talloc_free(mem_ctx);
                 return false;
-        }
-
-        if (upper_case_domain) {
-                domain_in = strupper_talloc(mem_ctx, domain_in);
-                if (domain_in == NULL) {
-                        talloc_free(mem_ctx);
-                        return false;
-                }
         }
 
@@ -475 +466 @@
            This prevents username swapping during the auth exchange
         */
-        if (!ntv2_owf_gen(nt_hash, user, domain, true, ntlm_v2_hash)) {
+        if (!ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash)) {
                 return false;
         }
@@ -624 +615 @@
 void encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532], const DATA_BLOB *psession_key)
 {
-        struct MD5Context tctx;
+        MD5_CTX tctx;
         unsigned char key_out[16];
 
@@ -704 +695 @@
 {
         uint8_t buffer[516];
-        struct MD5Context ctx;
+        MD5_CTX ctx;
         struct wkssvc_PasswordBuffer *my_pwd_buf = NULL;
         DATA_BLOB confounded_session_key;
@@ -742 +733 @@
 {
         uint8_t buffer[516];
-        struct MD5Context ctx;
+        MD5_CTX ctx;
         size_t pwd_len;