Changeset 988 for vendor/current/libcli/auth/smbencrypt.c

Timestamp:

Nov 24, 2016, 1:14:11 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to version 4.4.3

File:

• vendor/current/libcli/auth/smbencrypt.c (modified) (15 diffs)

vendor/current/libcli/auth/smbencrypt.c

@@ -117 +117 @@
 bool E_deshash(const char *passwd, uint8_t p16[16])
 {
-        bool ret = true;
-        char dospwd[256];
+        bool ret;
+        uint8_t dospwd[14];
+        TALLOC_CTX *frame = talloc_stackframe();
+
+        size_t converted_size;
+
+        char *tmpbuf;
+
         ZERO_STRUCT(dospwd);
 
-        /* Password must be converted to DOS charset - null terminated, uppercase. */
-        push_string(dospwd, passwd, sizeof(dospwd), STR_ASCII|STR_UPPER|STR_TERMINATE);
-
-        /* Only the first 14 chars are considered, password need not be null terminated. */
+        tmpbuf = strupper_talloc(frame, passwd);
+        if (tmpbuf == NULL) {
+                /* Too many callers don't check this result, we need to fill in the buffer with something */
+                strlcpy((char *)dospwd, passwd ? passwd : "", sizeof(dospwd));
+                E_P16(dospwd, p16);
+                talloc_free(frame);
+                return false;
+        }
+
+        ZERO_STRUCT(dospwd);
+
+        ret = convert_string_error(CH_UNIX, CH_DOS, tmpbuf, strlen(tmpbuf), dospwd, sizeof(dospwd), &converted_size);
+        talloc_free(frame);
+
+        /* Only the first 14 chars are considered, password need not
+         * be null terminated.  We do this in the error and success
+         * case to avoid returning a fixed 'password' buffer, but
+         * callers should not use it when E_deshash returns false */
+
         E_P16((const uint8_t *)dospwd, p16);
-
-        if (strlen(dospwd) > 14) {
-                ret = false;
-        }
 
         ZERO_STRUCT(dospwd);
@@ -249 +266 @@
 /* Does the des encryption. */
 
-void SMBNTencrypt_hash(const uint8_t nt_hash[16], uint8_t *c8, uint8_t *p24)
+void SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p24)
 {
         uint8_t p21[21];
@@ -267 +284 @@
 /* Does the NT MD4 hash then des encryption. Plaintext version of the above. */
 
-void SMBNTencrypt(const char *passwd, uint8_t *c8, uint8_t *p24)
+void SMBNTencrypt(const char *passwd, const uint8_t *c8, uint8_t *p24)
 {
         uint8_t nt_hash[16];
@@ -371 +388 @@
 }
 
-static DATA_BLOB NTLMv2_generate_client_data(TALLOC_CTX *mem_ctx, const DATA_BLOB *names_blob)
+static DATA_BLOB NTLMv2_generate_client_data(TALLOC_CTX *mem_ctx,
+                                             NTTIME nttime,
+                                             const DATA_BLOB *names_blob)
 {
         uint8_t client_chal[8];
         DATA_BLOB response = data_blob(NULL, 0);
         uint8_t long_date[8];
-        NTTIME nttime;
-
-        unix_to_nt_time(&nttime, time(NULL));
 
         generate_random_buffer(client_chal, sizeof(client_chal));
@@ -401 +417 @@
                                           const uint8_t ntlm_v2_hash[16],
                                           const DATA_BLOB *server_chal,
+                                          NTTIME nttime,
                                           const DATA_BLOB *names_blob)
 {
@@ -417 +434 @@
         /* generate some data to pass into the response function - including
            the hostname and domain name of the server */
-        ntlmv2_client_data = NTLMv2_generate_client_data(mem_ctx, names_blob);
+        ntlmv2_client_data = NTLMv2_generate_client_data(mem_ctx, nttime, names_blob);
 
         /* Given that data, and the challenge from the server, generate a response */
@@ -463 +480 @@
                            const char *user, const char *domain, const uint8_t nt_hash[16],
                            const DATA_BLOB *server_chal,
+                           const NTTIME *server_timestamp,
                            const DATA_BLOB *names_blob,
                            DATA_BLOB *lm_response, DATA_BLOB *nt_response,
@@ -478 +496 @@
 
         if (nt_response) {
+                const NTTIME *nttime = server_timestamp;
+                NTTIME _now = 0;
+
+                if (nttime == NULL) {
+                        struct timeval tv_now = timeval_current();
+                        _now = timeval_to_nttime(&tv_now);
+                        nttime = &_now;
+                }
+
                 *nt_response = NTLMv2_generate_response(mem_ctx,
-                                                        ntlm_v2_hash, server_chal,
+                                                        ntlm_v2_hash,
+                                                        server_chal,
+                                                        *nttime,
                                                         names_blob);
                 if (user_session_key) {
@@ -493 +522 @@
 
         if (lm_response) {
-                *lm_response = LMv2_generate_response(mem_ctx,
-                                                      ntlm_v2_hash, server_chal);
+                if (server_timestamp != NULL) {
+                        *lm_response = data_blob_talloc_zero(mem_ctx, 24);
+                } else {
+                        *lm_response = LMv2_generate_response(mem_ctx,
+                                                              ntlm_v2_hash,
+                                                              server_chal);
+                }
                 if (lm_session_key) {
                         *lm_session_key = data_blob_talloc(mem_ctx, NULL, 16);
@@ -519 +553 @@
 
         return SMBNTLMv2encrypt_hash(mem_ctx,
-                                     user, domain, nt_hash, server_chal, names_blob,
+                                     user, domain, nt_hash,
+                                     server_chal, NULL, names_blob,
                                      lm_response, nt_response, lm_session_key, user_session_key);
 }
@@ -611 +646 @@
                 }
 
-#ifdef SAMBA4_INTERNAL_HEIMDAL /* smbtorture4 for make test */
                 cmp = strcasecmp_m(a, v);
-#else /* smbd */
-                cmp = StrCaseCmp(a, v);
-#endif
                 if (cmp != 0) {
                         DEBUG(2,("%s: NTLMv2_RESPONSE with "
@@ -637 +668 @@
                 v = av_nb_dn->Value.AvNbDomainName;
 
-#ifdef SAMBA4_INTERNAL_HEIMDAL /* smbtorture4 for make test */
                 cmp = strcasecmp_m(workgroup, v);
-#else /* smbd */
-                cmp = StrCaseCmp(workgroup, v);
-#endif
                 if (cmp != 0) {
                         DEBUG(2,("%s: NTLMv2_RESPONSE with "
@@ -740 +767 @@
                                    byte_len,
                                    (void *)pp_new_pwrd,
-                                   new_pw_len,
-                                   false)) {
+                                   new_pw_len)) {
                 DEBUG(0, ("decode_pw_buffer: failed to convert incoming password\n"));
                 return false;
@@ -891 +917 @@
 
         if (!pwd_buf) {
-                return WERR_BAD_PASSWORD;
+                return WERR_INVALID_PASSWORD;
         }
 
         if (session_key->length != 16) {
                 DEBUG(10,("invalid session key\n"));
-                return WERR_BAD_PASSWORD;
+                return WERR_INVALID_PASSWORD;
         }
 
@@ -913 +939 @@
         if (!decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, CH_UTF16)) {
                 data_blob_free(&confounded_session_key);
-                return WERR_BAD_PASSWORD;
+                return WERR_INVALID_PASSWORD;
         }