sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-02 00:22:11 +03:00
Code Activity

r69: Global rename of 'nt_session_key' -> 'user_session_key'. The session key could

Browse Source 
be anything, and may not be based on anything 'NT'.  This is also what microsoft
calls it.
This commit is contained in:
Andrew Bartlett
2004-04-06 08:11:16 +00:00
committed by Gerald (Jerry) Carter
parent b69e8e64d4
commit 724e8d3f33
12 changed files with 64 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
source/auth/auth_ntlmssp.c
View File

@ -75,7 +75,7 @@ static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state,
* Return the session keys used on the connection.
*/
static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key)
static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
{
AUTH_NTLMSSP_STATE *auth_ntlmssp_state = ntlmssp_state->auth_context;
auth_usersupplied_info *user_info = NULL;
@ -113,11 +113,11 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
if (auth_ntlmssp_state->server_info->nt_session_key.length) {
DEBUG(10, ("Got NT session key of length %u\n", auth_ntlmssp_state->server_info->nt_session_key.length));
*nt_session_key = data_blob_talloc(auth_ntlmssp_state->mem_ctx,
auth_ntlmssp_state->server_info->nt_session_key.data,
auth_ntlmssp_state->server_info->nt_session_key.length);
if (auth_ntlmssp_state->server_info->user_session_key.length) {
DEBUG(10, ("Got NT session key of length %u\n", auth_ntlmssp_state->server_info->user_session_key.length));
*user_session_key = data_blob_talloc(auth_ntlmssp_state->mem_ctx,
auth_ntlmssp_state->server_info->user_session_key.data,
auth_ntlmssp_state->server_info->user_session_key.length);
}
if (auth_ntlmssp_state->server_info->lm_session_key.length) {
DEBUG(10, ("Got LM session key of length %u\n", auth_ntlmssp_state->server_info->lm_session_key.length));

2
source/auth/auth_sam.c
View File

@ -261,7 +261,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
return nt_status;
}
(*server_info)->nt_session_key = user_sess_key;
(*server_info)->user_session_key = user_sess_key;
(*server_info)->lm_session_key = lm_sess_key;
return nt_status;

8
source/auth/auth_util.c
View File

@ -912,7 +912,7 @@ NTSTATUS make_server_info_guest(auth_serversupplied_info **server_info)
/* annoying, but the Guest really does have a session key,
and it is all zeros! */
(*server_info)->nt_session_key = data_blob(zeros, sizeof(zeros));
(*server_info)->user_session_key = data_blob(zeros, sizeof(zeros));
(*server_info)->lm_session_key = data_blob(zeros, sizeof(zeros));
}
@ -1276,9 +1276,9 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
/* ensure we are never given NULL session keys */
if (memcmp(info3->user_sess_key, zeros, sizeof(zeros)) == 0) {
(*server_info)->nt_session_key = data_blob(NULL, 0);
(*server_info)->user_session_key = data_blob(NULL, 0);
} else {
(*server_info)->nt_session_key = data_blob(info3->user_sess_key, sizeof(info3->user_sess_key));
(*server_info)->user_session_key = data_blob(info3->user_sess_key, sizeof(info3->user_sess_key));
}
if (memcmp(info3->padding, zeros, sizeof(zeros)) == 0) {
@ -1330,7 +1330,7 @@ void free_server_info(auth_serversupplied_info **server_info)
SAFE_FREE((*server_info)->groups);
SAFE_FREE((*server_info)->unix_name);
data_blob_free(&(*server_info)->lm_session_key);
data_blob_free(&(*server_info)->nt_session_key);
data_blob_free(&(*server_info)->user_session_key);
ZERO_STRUCT(**server_info);
}
SAFE_FREE(*server_info);

2
source/include/auth.h
View File

@ -67,7 +67,7 @@ typedef struct auth_serversupplied_info
NT_USER_TOKEN *ptok;
DATA_BLOB nt_session_key;
DATA_BLOB user_session_key;
DATA_BLOB lm_session_key;
uint32 sam_fill_level; /* How far is this structure filled? */

20
source/libsmb/ntlmssp.c
View File

@ -500,7 +500,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
const DATA_BLOB request, DATA_BLOB *reply)
{
DATA_BLOB encrypted_session_key = data_blob(NULL, 0);
DATA_BLOB nt_session_key = data_blob(NULL, 0);
DATA_BLOB user_session_key = data_blob(NULL, 0);
DATA_BLOB lm_session_key = data_blob(NULL, 0);
DATA_BLOB session_key = data_blob(NULL, 0);
uint32 ntlmssp_command, auth_flags;
@ -663,19 +663,19 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
/* Finally, actually ask if the password is OK */
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_state->check_password(ntlmssp_state,
&nt_session_key, &lm_session_key))) {
&user_session_key, &lm_session_key))) {
data_blob_free(&encrypted_session_key);
return nt_status;
}
dump_data_pw("NT session key:\n", nt_session_key.data, nt_session_key.length);
dump_data_pw("NT session key:\n", user_session_key.data, user_session_key.length);
dump_data_pw("LM first-8:\n", lm_session_key.data, lm_session_key.length);
/* Handle the different session key derivation for NTLM2 */
if (doing_ntlm2) {
if (nt_session_key.data && nt_session_key.length == 16) {
if (user_session_key.data && user_session_key.length == 16) {
session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16);
hmac_md5(nt_session_key.data, session_nonce,
hmac_md5(user_session_key.data, session_nonce,
sizeof(session_nonce), session_key.data);
DEBUG(10,("ntlmssp_server_auth: Created NTLM2 session key.\n"));
dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length);
@ -702,8 +702,8 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
DEBUG(10,("ntlmssp_server_auth: Failed to create NTLM session key.\n"));
session_key = data_blob(NULL, 0);
}
} else if (nt_session_key.data) {
session_key = nt_session_key;
} else if (user_session_key.data) {
session_key = user_session_key;
DEBUG(10,("ntlmssp_server_auth: Using unmodified nt session key.\n"));
dump_data_pw("unmodified session key:\n", session_key.data, session_key.length);
} else if (lm_session_key.data) {
@ -958,7 +958,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
uchar nt_hash[16];
uchar session_nonce[16];
uchar session_nonce_hash[16];
uchar nt_session_key[16];
uchar user_session_key[16];
E_md4hash(ntlmssp_state->password, nt_hash);
lm_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24);
@ -984,8 +984,8 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16);
SMBsesskeygen_ntv1(nt_hash, NULL, nt_session_key);
hmac_md5(nt_session_key, session_nonce, sizeof(session_nonce), session_key.data);
SMBsesskeygen_ntv1(nt_hash, NULL, user_session_key);
hmac_md5(user_session_key, session_nonce, sizeof(session_nonce), session_key.data);
dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length);
} else {

8
source/libsmb/smbencrypt.c
View File

@ -420,7 +420,7 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password
const DATA_BLOB *server_chal,
const DATA_BLOB *names_blob,
DATA_BLOB *lm_response, DATA_BLOB *nt_response,
DATA_BLOB *nt_session_key)
DATA_BLOB *user_session_key)
{
uchar nt_hash[16];
uchar ntlm_v2_hash[16];
@ -437,12 +437,12 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password
if (nt_response) {
*nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal,
names_blob);
if (nt_session_key) {
*nt_session_key = data_blob(NULL, 16);
if (user_session_key) {
*user_session_key = data_blob(NULL, 16);
/* The NTLMv2 calculations also provide a session key, for signing etc later */
/* use only the first 16 bytes of nt_response for session key */
SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, nt_session_key->data);
SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, user_session_key->data);
}
}

4
source/nsswitch/winbindd_nss.h
View File

@ -150,7 +150,7 @@ typedef struct winbindd_gr {
#define WBFLAG_PAM_INFO3_NDR 0x0001
#define WBFLAG_PAM_INFO3_TEXT 0x0002
#define WBFLAG_PAM_NTKEY 0x0004
#define WBFLAG_PAM_USER_SESSION_KEY 0x0004
#define WBFLAG_PAM_LMKEY 0x0008
#define WBFLAG_PAM_CONTACT_TRUSTDOM 0x0010
#define WBFLAG_QUERY_ONLY 0x0020
@ -264,7 +264,7 @@ struct winbindd_response {
fstring nt_status_string;
fstring error_string;
int pam_error;
char nt_session_key[16];
char user_session_key[16];
char first_8_lm_hash[8];
} auth;
uint32 rid; /* create user or group */

4
source/nsswitch/winbindd_pam.c
View File

@ -464,8 +464,8 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
state->response.length += strlen(state->response.extra_data)+1;
}
if (state->request.flags & WBFLAG_PAM_NTKEY) {
memcpy(state->response.data.auth.nt_session_key, info3.user_sess_key, sizeof(state->response.data.auth.nt_session_key) /* 16 */);
if (state->request.flags & WBFLAG_PAM_USER_SESSION_KEY) {
memcpy(state->response.data.auth.user_session_key, info3.user_sess_key, sizeof(state->response.data.auth.user_session_key) /* 16 */);
}
if (state->request.flags & WBFLAG_PAM_LMKEY) {
memcpy(state->response.data.auth.first_8_lm_hash, info3.padding, sizeof(state->response.data.auth.first_8_lm_hash) /* 8 */);

6
source/rpc_parse/parse_net.c
View File

@ -1349,7 +1349,7 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr,
uint16 logon_count, uint16 bad_pw_count,
uint32 num_groups, const DOM_GID *gids,
uint32 user_flgs, uchar nt_session_key[16],
uint32 user_flgs, uchar user_session_key[16],
uchar lm_session_key[16],
const char *logon_srv, const char *logon_dom,
const DOM_SID *dom_sid, const char *other_sids)
@ -1392,8 +1392,8 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr,
usr->buffer_groups = 1; /* indicates fill in groups, below, even if there are none */
usr->user_flgs = user_flgs;
if (nt_session_key != NULL)
memcpy(usr->user_sess_key, nt_session_key, sizeof(usr->user_sess_key));
if (user_session_key != NULL)
memcpy(usr->user_sess_key, user_session_key, sizeof(usr->user_sess_key));
else
memset((char *)usr->user_sess_key, '\0', sizeof(usr->user_sess_key));

14
source/rpc_server/srv_netlog_nt.c
View File

@ -691,7 +691,7 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
pstring my_name;
fstring user_sid_string;
fstring group_sid_string;
uchar nt_session_key[16];
uchar user_session_key[16];
uchar lm_session_key[16];
uchar netlogon_sess_key[16];
@ -727,10 +727,10 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
ZERO_STRUCT(netlogon_sess_key);
memcpy(netlogon_sess_key, p->dc.sess_key, 8);
if (server_info->nt_session_key.length) {
memcpy(nt_session_key, server_info->nt_session_key.data,
MIN(sizeof(nt_session_key), server_info->nt_session_key.length));
SamOEMhash(nt_session_key, netlogon_sess_key, 16);
if (server_info->user_session_key.length) {
memcpy(user_session_key, server_info->user_session_key.data,
MIN(sizeof(user_session_key), server_info->user_session_key.length));
SamOEMhash(user_session_key, netlogon_sess_key, 16);
}
if (server_info->lm_session_key.length) {
memcpy(lm_session_key, server_info->lm_session_key.data,
@ -760,7 +760,7 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
num_gids, /* uint32 num_groups */
gids , /* DOM_GID *gids */
0x20 , /* uint32 user_flgs (?) */
server_info->nt_session_key.length ? nt_session_key : NULL,
server_info->user_session_key.length ? user_session_key : NULL,
server_info->lm_session_key.length ? lm_session_key : NULL,
my_name , /* char *logon_srv */
pdb_get_domain(sampw),
@ -768,7 +768,7 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
/* Should be users domain sid, not servers - for trusted domains */
NULL); /* char *other_sids */
ZERO_STRUCT(nt_session_key);
ZERO_STRUCT(user_session_key);
ZERO_STRUCT(lm_session_key);
}
free_server_info(&server_info);

4
source/smbd/sesssetup.c
View File

@ -881,8 +881,8 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
return ERROR_NT(nt_status_squash(nt_status));
}
if (server_info->nt_session_key.data) {
session_key = data_blob(server_info->nt_session_key.data, server_info->nt_session_key.length);
if (server_info->user_session_key.data) {
session_key = data_blob(server_info->user_session_key.data, server_info->user_session_key.length);
} else {
session_key = data_blob(NULL, 0);
}

44
source/utils/ntlm_auth.c
View File

@ -297,11 +297,11 @@ static NTSTATUS contact_winbind_auth_crap(const char *username,
memcpy(lm_key, response.data.auth.first_8_lm_hash,
sizeof(response.data.auth.first_8_lm_hash));
}
if ((flags & WBFLAG_PAM_NTKEY) && nt_key
&& (memcmp(zeros, response.data.auth.nt_session_key,
sizeof(response.data.auth.nt_session_key)) != 0)) {
memcpy(nt_key, response.data.auth.nt_session_key,
sizeof(response.data.auth.nt_session_key));
if ((flags & WBFLAG_PAM_USER_SESSION_KEY) && nt_key
&& (memcmp(zeros, response.data.auth.user_session_key,
sizeof(response.data.auth.user_session_key)) != 0)) {
memcpy(nt_key, response.data.auth.user_session_key,
sizeof(response.data.auth.user_session_key));
}
if (flags & WBFLAG_PAM_UNIX_NAME) {
@ -313,7 +313,7 @@ static NTSTATUS contact_winbind_auth_crap(const char *username,
return nt_status;
}
static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key)
static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
{
static const char zeros[16];
NTSTATUS nt_status;
@ -327,7 +327,7 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB
&ntlmssp_state->chal,
&ntlmssp_state->lm_resp,
&ntlmssp_state->nt_resp,
WBFLAG_PAM_LMKEY | WBFLAG_PAM_NTKEY | WBFLAG_PAM_UNIX_NAME,
WBFLAG_PAM_LMKEY | WBFLAG_PAM_USER_SESSION_KEY | WBFLAG_PAM_UNIX_NAME,
lm_key, nt_key,
&error_string, &unix_name);
@ -339,7 +339,7 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB
}
if (memcmp(nt_key, zeros, 16) != 0) {
*nt_session_key = data_blob(nt_key, 16);
*user_session_key = data_blob(nt_key, 16);
}
ntlmssp_state->auth_context = talloc_strdup(ntlmssp_state->mem_ctx, unix_name);
SAFE_FREE(unix_name);
@ -352,7 +352,7 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB
return nt_status;
}
static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key)
static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
{
static const char zeros[16];
NTSTATUS nt_status;
@ -370,7 +370,7 @@ static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *n
ntlmssp_state->user,
ntlmssp_state->user,
ntlmssp_state->domain,
lm_pw, nt_pw, nt_session_key, lm_session_key);
lm_pw, nt_pw, user_session_key, lm_session_key);
if (NT_STATUS_IS_OK(nt_status)) {
if (memcmp(lm_key, zeros, 8) != 0) {
@ -380,7 +380,7 @@ static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *n
}
if (memcmp(nt_key, zeros, 16) != 0) {
*nt_session_key = data_blob(nt_key, 16);
*user_session_key = data_blob(nt_key, 16);
}
ntlmssp_state->auth_context = talloc_asprintf(ntlmssp_state->mem_ctx, "%s%c%s", ntlmssp_state->domain, *lp_winbind_separator(), ntlmssp_state->user);
} else {
@ -1379,7 +1379,7 @@ static BOOL check_auth_crap(void)
flags |= WBFLAG_PAM_LMKEY;
if (request_nt_key)
flags |= WBFLAG_PAM_NTKEY;
flags |= WBFLAG_PAM_USER_SESSION_KEY;
nt_status = contact_winbind_auth_crap(opt_username, opt_domain,
opt_workstation,
@ -1462,7 +1462,7 @@ static BOOL test_lm_ntlm_broken(enum ntlm_break break_which)
ZERO_STRUCT(nt_key);
flags |= WBFLAG_PAM_LMKEY;
flags |= WBFLAG_PAM_NTKEY;
flags |= WBFLAG_PAM_USER_SESSION_KEY;
SMBencrypt(opt_password,chall.data,lm_response.data);
E_deshash(opt_password, lm_hash);
@ -1582,7 +1582,7 @@ static BOOL test_ntlm_in_lm(void)
ZERO_STRUCT(nt_key);
flags |= WBFLAG_PAM_LMKEY;
flags |= WBFLAG_PAM_NTKEY;
flags |= WBFLAG_PAM_USER_SESSION_KEY;
SMBNTencrypt(opt_password,chall.data,nt_response.data);
@ -1651,7 +1651,7 @@ static BOOL test_ntlm_in_both(void)
ZERO_STRUCT(nt_key);
flags |= WBFLAG_PAM_LMKEY;
flags |= WBFLAG_PAM_NTKEY;
flags |= WBFLAG_PAM_USER_SESSION_KEY;
SMBNTencrypt(opt_password,chall.data,nt_response.data);
E_md4hash(opt_password, (unsigned char *)nt_hash);
@ -1713,7 +1713,7 @@ static BOOL test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
uint32 flags = 0;
DATA_BLOB ntlmv2_response = data_blob(NULL, 0);
DATA_BLOB lmv2_response = data_blob(NULL, 0);
DATA_BLOB nt_session_key = data_blob(NULL, 0);
DATA_BLOB user_session_key = data_blob(NULL, 0);
DATA_BLOB names_blob = NTLMv2_generate_names_blob(get_winbind_netbios_name(), get_winbind_domain());
uchar nt_key[16];
@ -1722,12 +1722,12 @@ static BOOL test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
ZERO_STRUCT(nt_key);
flags |= WBFLAG_PAM_NTKEY;
flags |= WBFLAG_PAM_USER_SESSION_KEY;
if (!SMBNTLMv2encrypt(opt_username, opt_domain, opt_password, &chall,
&names_blob,
&lmv2_response, &ntlmv2_response,
&nt_session_key)) {
&user_session_key)) {
data_blob_free(&names_blob);
return False;
}
@ -1771,13 +1771,13 @@ static BOOL test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
return break_which == BREAK_NT;
}
if (break_which != NO_NT && break_which != BREAK_NT && memcmp(nt_session_key.data, nt_key,
if (break_which != NO_NT && break_which != BREAK_NT && memcmp(user_session_key.data, nt_key,
sizeof(nt_key)) != 0) {
DEBUG(1, ("NT Session Key does not match expectations!\n"));
DEBUG(1, ("USER Session Key does not match expectations!\n"));
DEBUG(1, ("nt_key:\n"));
dump_data(1, (const char *)nt_key, 16);
DEBUG(1, ("expected:\n"));
dump_data(1, (const char *)nt_session_key.data, nt_session_key.length);
dump_data(1, (const char *)user_session_key.data, user_session_key.length);
pass = False;
}
return pass;
@ -1851,8 +1851,8 @@ static BOOL test_plaintext(enum ntlm_break break_which)
ZERO_STRUCT(nt_key);
flags |= WBFLAG_PAM_NTKEY;
flags |= WBFLAG_PAM_LMKEY;
flags |= WBFLAG_PAM_USER_SESSION_KEY;
if ((push_ucs2_allocate((smb_ucs2_t **)&nt_response.data, opt_password)) == -1) {
DEBUG(0, ("push_ucs2_allocate failed!\n"));