mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
Remove the static "chal" from ntlmssp.c:get_challenge()
This commit is contained in:
Volker Lendecke
parent
e9467ff26e
commit
4aed9abbf8
@ -76,7 +76,8 @@ static struct auth_init_function_entry *auth_find_backend_entry(const char *name
|
||||
Returns a const char of length 8 bytes.
|
||||
****************************************************************************/
|
||||
|
||||
static const uint8 *get_ntlm_challenge(struct auth_context *auth_context)
|
||||
static void get_ntlm_challenge(struct auth_context *auth_context,
|
||||
uint8_t chal[8])
|
||||
{
|
||||
DATA_BLOB challenge = data_blob_null;
|
||||
const char *challenge_set_by = NULL;
|
||||
@ -86,7 +87,8 @@ static const uint8 *get_ntlm_challenge(struct auth_context *auth_context)
|
||||
if (auth_context->challenge.length) {
|
||||
DEBUG(5, ("get_ntlm_challenge (auth subsystem): returning previous challenge by module %s (normal)\n",
|
||||
auth_context->challenge_set_by));
|
||||
return auth_context->challenge.data;
|
||||
memcpy(chal, auth_context->challenge.data, 8);
|
||||
return;
|
||||
}
|
||||
|
||||
auth_context->challenge_may_be_modified = False;
|
||||
@ -123,11 +125,11 @@ static const uint8 *get_ntlm_challenge(struct auth_context *auth_context)
|
||||
}
|
||||
|
||||
if (!challenge_set_by) {
|
||||
uchar chal[8];
|
||||
uchar tmp[8];
|
||||
|
||||
generate_random_buffer(chal, sizeof(chal));
|
||||
generate_random_buffer(tmp, sizeof(tmp));
|
||||
auth_context->challenge = data_blob_talloc(auth_context->mem_ctx,
|
||||
chal, sizeof(chal));
|
||||
tmp, sizeof(tmp));
|
||||
|
||||
challenge_set_by = "random";
|
||||
auth_context->challenge_may_be_modified = True;
|
||||
@ -141,7 +143,7 @@ static const uint8 *get_ntlm_challenge(struct auth_context *auth_context)
|
||||
|
||||
auth_context->challenge_set_by=challenge_set_by;
|
||||
|
||||
return auth_context->challenge.data;
|
||||
memcpy(chal, auth_context->challenge.data, 8);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -39,13 +39,14 @@ NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_pass
|
||||
{
|
||||
struct auth_context *plaintext_auth_context = NULL;
|
||||
auth_usersupplied_info *user_info = NULL;
|
||||
const uint8 *chal;
|
||||
uint8_t chal[8];
|
||||
NTSTATUS nt_status;
|
||||
if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&plaintext_auth_context))) {
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
chal = plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context);
|
||||
plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context,
|
||||
chal);
|
||||
|
||||
if (!make_user_info_for_reply(&user_info,
|
||||
smb_name, lp_workgroup(), chal,
|
||||
|
||||
@ -27,11 +27,13 @@
|
||||
* @return an 8 byte random challenge
|
||||
*/
|
||||
|
||||
static const uint8 *auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state)
|
||||
static void auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state,
|
||||
uint8_t chal[8])
|
||||
{
|
||||
AUTH_NTLMSSP_STATE *auth_ntlmssp_state =
|
||||
(AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context;
|
||||
return auth_ntlmssp_state->auth_context->get_ntlm_challenge(auth_ntlmssp_state->auth_context);
|
||||
return auth_ntlmssp_state->auth_context->get_ntlm_challenge(
|
||||
auth_ntlmssp_state->auth_context, chal);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -92,7 +92,8 @@ struct auth_context {
|
||||
struct auth_methods *auth_method_list;
|
||||
|
||||
TALLOC_CTX *mem_ctx;
|
||||
const uint8 *(*get_ntlm_challenge)(struct auth_context *auth_context);
|
||||
void (*get_ntlm_challenge)(struct auth_context *auth_context,
|
||||
uint8_t chal[8]);
|
||||
NTSTATUS (*check_ntlm_password)(const struct auth_context *auth_context,
|
||||
const struct auth_usersupplied_info *user_info,
|
||||
struct auth_serversupplied_info **server_info);
|
||||
|
||||
@ -109,7 +109,8 @@ typedef struct ntlmssp_state
|
||||
* @return 8 bytes of challnege data, determined by the server to be the challenge for NTLM authentication
|
||||
*
|
||||
*/
|
||||
const uint8 *(*get_challenge)(const struct ntlmssp_state *ntlmssp_state);
|
||||
void (*get_challenge)(const struct ntlmssp_state *ntlmssp_state,
|
||||
uint8_t challenge[8]);
|
||||
|
||||
/**
|
||||
* Callback to find if the challenge used by NTLM authentication may be modified
|
||||
|
||||
@ -110,12 +110,10 @@ void debug_ntlmssp_flags(uint32 neg_flags)
|
||||
*
|
||||
*/
|
||||
|
||||
static const uint8 *get_challenge(const struct ntlmssp_state *ntlmssp_state)
|
||||
static void get_challenge(const struct ntlmssp_state *ntlmssp_state,
|
||||
uint8_t chal[8])
|
||||
{
|
||||
static uchar chal[8];
|
||||
generate_random_buffer(chal, sizeof(chal));
|
||||
|
||||
return chal;
|
||||
generate_random_buffer(chal, 8);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -517,7 +515,7 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
|
||||
char *dnsdomname = NULL;
|
||||
uint32 neg_flags = 0;
|
||||
uint32 ntlmssp_command, chal_flags;
|
||||
const uint8 *cryptkey;
|
||||
uint8_t cryptkey[8];
|
||||
const char *target_name;
|
||||
|
||||
/* parse the NTLMSSP packet */
|
||||
@ -541,7 +539,7 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
|
||||
ntlmssp_handle_neg_flags(ntlmssp_state, neg_flags, lp_lanman_auth());
|
||||
|
||||
/* Ask our caller what challenge they would like in the packet */
|
||||
cryptkey = ntlmssp_state->get_challenge(ntlmssp_state);
|
||||
ntlmssp_state->get_challenge(ntlmssp_state, cryptkey);
|
||||
|
||||
/* Check if we may set the challenge */
|
||||
if (!ntlmssp_state->may_set_challenge(ntlmssp_state)) {
|
||||
|
||||
@ -990,13 +990,13 @@ NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
|
||||
this to challenge/response for the auth subsystem to chew
|
||||
on */
|
||||
{
|
||||
const uint8 *chal;
|
||||
uint8_t chal[8];
|
||||
|
||||
if (!NT_STATUS_IS_OK(status = make_auth_context_subsystem(&auth_context))) {
|
||||
return status;
|
||||
}
|
||||
|
||||
chal = auth_context->get_ntlm_challenge(auth_context);
|
||||
auth_context->get_ntlm_challenge(auth_context, chal);
|
||||
|
||||
if (!make_user_info_netlogon_interactive(&user_info,
|
||||
nt_username, nt_domain,
|
||||
|
||||
@ -27,7 +27,6 @@ extern enum protocol_types Protocol;
|
||||
static void get_challenge(uint8 buff[8])
|
||||
{
|
||||
NTSTATUS nt_status;
|
||||
const uint8 *cryptkey;
|
||||
|
||||
/* We might be called more than once, multiple negprots are
|
||||
* permitted */
|
||||
@ -42,8 +41,8 @@ static void get_challenge(uint8 buff[8])
|
||||
smb_panic("cannot make_negprot_global_auth_context!");
|
||||
}
|
||||
DEBUG(10, ("get challenge: getting challenge\n"));
|
||||
cryptkey = negprot_global_auth_context->get_ntlm_challenge(negprot_global_auth_context);
|
||||
memcpy(buff, cryptkey, 8);
|
||||
negprot_global_auth_context->get_ntlm_challenge(
|
||||
negprot_global_auth_context, buff);
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
|
||||
@ -1691,14 +1691,15 @@ void reply_sesssetup_and_X(struct smb_request *req)
|
||||
}
|
||||
} else {
|
||||
struct auth_context *plaintext_auth_context = NULL;
|
||||
const uint8 *chal;
|
||||
|
||||
nt_status = make_auth_context_subsystem(
|
||||
&plaintext_auth_context);
|
||||
|
||||
if (NT_STATUS_IS_OK(nt_status)) {
|
||||
chal = plaintext_auth_context->get_ntlm_challenge(
|
||||
plaintext_auth_context);
|
||||
uint8_t chal[8];
|
||||
|
||||
plaintext_auth_context->get_ntlm_challenge(
|
||||
plaintext_auth_context, chal);
|
||||
|
||||
if (!make_user_info_for_reply(&user_info,
|
||||
user, domain, chal,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user