1
0
mirror of https://github.com/samba-team/samba.git synced 2025-07-29 15:42:04 +03:00

This is a farily large patch (3300 lines) and reworks most of the AuthRewrite

code.

In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.

Major Changes:
	- Fully malloc'ed structures.
	  - Massive rework of the code so that all structures are made and destroyed
	    using malloc and free, rather than hanging around on the stack.
	- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
	   to be declared 'invalid' without the chance that people might get ROOT by
	   default.

	- kill off some of the "DOMAIN\user" lookups.  These can be readded at a more
	  appropriate place (probably domain_client_validate.c) in the future. They
	  don't belong in session setups.

	- Massive introduction of DATA_BLOB structures, particularly for passwords.

	- Use NTLMSSP flags to tell the backend what its getting, rather than magic
	  lenghths.

	- Fix winbind back up again, but tpot is redoing this soon anyway.

	- Abstract much of the work in srv_netlog_nt back into auth helper functions.

This is a LARGE change, and any assistance is testing it is appriciated.

Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.

Needs testing with a wide variety of MS clients.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett
-
parent ceba373aa3
commit f70fb819b2
32 changed files with 2224 additions and 1147 deletions

View File

@ -216,27 +216,27 @@ BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[
/* Does the md5 encryption from the NT hash for NTLMv2. */
void SMBOWFencrypt_ntv2(const uchar kr[16],
const uchar * srv_chal, int srv_chal_len,
const uchar * cli_chal, int cli_chal_len,
const DATA_BLOB srv_chal,
const DATA_BLOB cli_chal,
char resp_buf[16])
{
HMACMD5Context ctx;
hmac_md5_init_limK_to_64(kr, 16, &ctx);
hmac_md5_update(srv_chal, srv_chal_len, &ctx);
hmac_md5_update(cli_chal, cli_chal_len, &ctx);
hmac_md5_update(srv_chal.data, srv_chal.length, &ctx);
hmac_md5_update(cli_chal.data, cli_chal.length, &ctx);
hmac_md5_final((unsigned char *)resp_buf, &ctx);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("SMBOWFencrypt_ntv2: srv_chal, cli_chal, resp_buf\n"));
dump_data(100, srv_chal, srv_chal_len);
dump_data(100, cli_chal, cli_chal_len);
dump_data(100, srv_chal.data, srv_chal.length);
dump_data(100, cli_chal.data, cli_chal.length);
dump_data(100, resp_buf, 16);
#endif
}
void SMBsesskeygen_ntv2(const uchar kr[16],
const uchar * nt_resp, char sess_key[16])
const uchar * nt_resp, uint8 sess_key[16])
{
HMACMD5Context ctx;
@ -251,7 +251,7 @@ void SMBsesskeygen_ntv2(const uchar kr[16],
}
void SMBsesskeygen_ntv1(const uchar kr[16],
const uchar * nt_resp, char sess_key[16])
const uchar * nt_resp, uint8 sess_key[16])
{
mdfour((unsigned char *)sess_key, kr, 16);