This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "utils/ntlm_auth.h"
+#include "../libcli/auth/libcli_auth.h"
+#include "nsswitch/winbind_client.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
* Test the normal 'LM and NTLM' combination
*/
-static BOOL test_lm_ntlm_broken(enum ntlm_break break_which)
+static bool test_lm_ntlm_broken(enum ntlm_break break_which)
{
- BOOL pass = True;
+ bool pass = True;
NTSTATUS nt_status;
uint32 flags = 0;
DATA_BLOB lm_response = data_blob(NULL, 24);
SMBNTencrypt(opt_password,chall.data,nt_response.data);
E_md4hash(opt_password, nt_hash);
- SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
+ SMBsesskeygen_ntv1(nt_hash, session_key.data);
switch (break_which) {
case BREAK_NONE:
&chall,
&lm_response,
&nt_response,
- flags,
+ flags, 0,
lm_key,
user_session_key,
&error_string, NULL);
sizeof(lm_key)) != 0) {
DEBUG(1, ("LM Key does not match expectations!\n"));
DEBUG(1, ("lm_key:\n"));
- dump_data(1, (const char *)lm_key, 8);
+ dump_data(1, lm_key, 8);
DEBUG(1, ("expected:\n"));
- dump_data(1, (const char *)lm_hash, 8);
+ dump_data(1, lm_hash, 8);
pass = False;
}
8) != 0) {
DEBUG(1, ("NT Session Key does not match expectations (should be LM hash)!\n"));
DEBUG(1, ("user_session_key:\n"));
- dump_data(1, (const char *)user_session_key, sizeof(user_session_key));
+ dump_data(1, user_session_key, sizeof(user_session_key));
DEBUG(1, ("expected:\n"));
- dump_data(1, (const char *)lm_hash, sizeof(lm_hash));
+ dump_data(1, lm_hash, sizeof(lm_hash));
pass = False;
}
} else {
sizeof(user_session_key)) != 0) {
DEBUG(1, ("NT Session Key does not match expectations!\n"));
DEBUG(1, ("user_session_key:\n"));
- dump_data(1, (const char *)user_session_key, 16);
+ dump_data(1, user_session_key, 16);
DEBUG(1, ("expected:\n"));
- dump_data(1, (const char *)session_key.data, session_key.length);
+ dump_data(1, session_key.data, session_key.length);
pass = False;
}
}
* Test LM authentication, no NT response supplied
*/
-static BOOL test_lm(void)
+static bool test_lm(void)
{
return test_lm_ntlm_broken(NO_NT);
* Test the NTLM response only, no LM.
*/
-static BOOL test_ntlm(void)
+static bool test_ntlm(void)
{
return test_lm_ntlm_broken(NO_LM);
}
* Test the NTLM response only, but in the LM field.
*/
-static BOOL test_ntlm_in_lm(void)
+static bool test_ntlm_in_lm(void)
{
- BOOL pass = True;
+ bool pass = True;
NTSTATUS nt_status;
uint32 flags = 0;
DATA_BLOB nt_response = data_blob(NULL, 24);
&chall,
&nt_response,
NULL,
- flags,
+ flags, 0,
lm_key,
user_session_key,
&error_string, NULL);
sizeof(lm_key)) != 0) {
DEBUG(1, ("LM Key does not match expectations!\n"));
DEBUG(1, ("lm_key:\n"));
- dump_data(1, (const char *)lm_key, 8);
+ dump_data(1, lm_key, 8);
DEBUG(1, ("expected:\n"));
- dump_data(1, (const char *)lm_hash, 8);
+ dump_data(1, lm_hash, 8);
pass = False;
}
if (memcmp(lm_hash, user_session_key, 8) != 0) {
DEBUG(1, ("Session Key (first 8 lm hash) does not match expectations!\n"));
DEBUG(1, ("user_session_key:\n"));
- dump_data(1, (const char *)user_session_key, 16);
+ dump_data(1, user_session_key, 16);
DEBUG(1, ("expected:\n"));
- dump_data(1, (const char *)lm_hash, 8);
+ dump_data(1, lm_hash, 8);
pass = False;
}
return pass;
* Test the NTLM response only, but in the both the NT and LM fields.
*/
-static BOOL test_ntlm_in_both(void)
+static bool test_ntlm_in_both(void)
{
- BOOL pass = True;
+ bool pass = True;
NTSTATUS nt_status;
uint32 flags = 0;
DATA_BLOB nt_response = data_blob(NULL, 24);
DATA_BLOB session_key = data_blob(NULL, 16);
- char lm_key[8];
- char lm_hash[16];
- char user_session_key[16];
- char nt_hash[16];
+ uint8 lm_key[8];
+ uint8 lm_hash[16];
+ uint8 user_session_key[16];
+ uint8 nt_hash[16];
DATA_BLOB chall = get_challenge();
char *error_string;
flags |= WBFLAG_PAM_USER_SESSION_KEY;
SMBNTencrypt(opt_password,chall.data,nt_response.data);
- E_md4hash(opt_password, (unsigned char *)nt_hash);
- SMBsesskeygen_ntv1((const unsigned char *)nt_hash, NULL, session_key.data);
+ E_md4hash(opt_password, nt_hash);
+ SMBsesskeygen_ntv1(nt_hash, session_key.data);
- E_deshash(opt_password, (unsigned char *)lm_hash);
+ E_deshash(opt_password, lm_hash);
nt_status = contact_winbind_auth_crap(opt_username, opt_domain,
opt_workstation,
&chall,
&nt_response,
&nt_response,
- flags,
- (unsigned char *)lm_key,
- (unsigned char *)user_session_key,
+ flags, 0,
+ lm_key,
+ user_session_key,
&error_string, NULL);
data_blob_free(&nt_response);
DEBUG(1, ("user_session_key:\n"));
dump_data(1, user_session_key, 16);
DEBUG(1, ("expected:\n"));
- dump_data(1, (const char *)session_key.data, session_key.length);
+ dump_data(1, session_key.data, session_key.length);
pass = False;
}
* Test the NTLMv2 and LMv2 responses
*/
-static BOOL test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
+static bool test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
{
- BOOL pass = True;
+ bool pass = True;
NTSTATUS nt_status;
uint32 flags = 0;
- DATA_BLOB ntlmv2_response = data_blob(NULL, 0);
- DATA_BLOB lmv2_response = data_blob(NULL, 0);
- DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0);
- DATA_BLOB names_blob = NTLMv2_generate_names_blob(get_winbind_netbios_name(), get_winbind_domain());
+ DATA_BLOB ntlmv2_response = data_blob_null;
+ DATA_BLOB lmv2_response = data_blob_null;
+ DATA_BLOB ntlmv2_session_key = data_blob_null;
+ DATA_BLOB names_blob = NTLMv2_generate_names_blob(NULL, get_winbind_netbios_name(), get_winbind_domain());
uchar user_session_key[16];
DATA_BLOB chall = get_challenge();
flags |= WBFLAG_PAM_USER_SESSION_KEY;
- if (!SMBNTLMv2encrypt(opt_username, opt_domain, opt_password, &chall,
+ if (!SMBNTLMv2encrypt(NULL, opt_username, opt_domain, opt_password, &chall,
&names_blob,
- &lmv2_response, &ntlmv2_response,
+ &lmv2_response, &ntlmv2_response, NULL,
&ntlmv2_session_key)) {
data_blob_free(&names_blob);
return False;
&chall,
&lmv2_response,
&ntlmv2_response,
- flags,
+ flags, 0,
NULL,
user_session_key,
&error_string, NULL);
sizeof(user_session_key)) != 0) {
DEBUG(1, ("USER (NTLMv2) Session Key does not match expectations!\n"));
DEBUG(1, ("user_session_key:\n"));
- dump_data(1, (const char *)user_session_key, 16);
+ dump_data(1, user_session_key, 16);
DEBUG(1, ("expected:\n"));
- dump_data(1, (const char *)ntlmv2_session_key.data, ntlmv2_session_key.length);
+ dump_data(1, ntlmv2_session_key.data, ntlmv2_session_key.length);
pass = False;
}
return pass;
* Test the NTLMv2 and LMv2 responses
*/
-static BOOL test_lmv2_ntlmv2(void)
+static bool test_lmv2_ntlmv2(void)
{
return test_lmv2_ntlmv2_broken(BREAK_NONE);
}
* Test the LMv2 response only
*/
-static BOOL test_lmv2(void)
+static bool test_lmv2(void)
{
return test_lmv2_ntlmv2_broken(NO_NT);
}
* Test the NTLMv2 response only
*/
-static BOOL test_ntlmv2(void)
+static bool test_ntlmv2(void)
{
return test_lmv2_ntlmv2_broken(NO_LM);
}
-static BOOL test_lm_ntlm(void)
+static bool test_lm_ntlm(void)
{
return test_lm_ntlm_broken(BREAK_NONE);
}
-static BOOL test_ntlm_lm_broken(void)
+static bool test_ntlm_lm_broken(void)
{
return test_lm_ntlm_broken(BREAK_LM);
}
-static BOOL test_ntlm_ntlm_broken(void)
+static bool test_ntlm_ntlm_broken(void)
{
return test_lm_ntlm_broken(BREAK_NT);
}
-static BOOL test_ntlmv2_lmv2_broken(void)
+static bool test_ntlmv2_lmv2_broken(void)
{
return test_lmv2_ntlmv2_broken(BREAK_LM);
}
-static BOOL test_ntlmv2_ntlmv2_broken(void)
+static bool test_ntlmv2_ntlmv2_broken(void)
{
return test_lmv2_ntlmv2_broken(BREAK_NT);
}
-static BOOL test_plaintext(enum ntlm_break break_which)
+static bool test_plaintext(enum ntlm_break break_which)
{
NTSTATUS nt_status;
uint32 flags = 0;
- DATA_BLOB nt_response = data_blob(NULL, 0);
- DATA_BLOB lm_response = data_blob(NULL, 0);
+ DATA_BLOB nt_response = data_blob_null;
+ DATA_BLOB lm_response = data_blob_null;
char *password;
+ smb_ucs2_t *nt_response_ucs2;
+ size_t converted_size;
uchar user_session_key[16];
uchar lm_key[16];
- static const uchar zeros[8];
+ static const uchar zeros[8] = { 0, };
DATA_BLOB chall = data_blob(zeros, sizeof(zeros));
char *error_string;
flags |= WBFLAG_PAM_LMKEY;
flags |= WBFLAG_PAM_USER_SESSION_KEY;
- if ((push_ucs2_allocate((smb_ucs2_t **)&nt_response.data, opt_password)) == -1) {
- DEBUG(0, ("push_ucs2_allocate failed!\n"));
+ if (!push_ucs2_talloc(talloc_tos(), &nt_response_ucs2, opt_password,
+ &converted_size))
+ {
+ DEBUG(0, ("push_ucs2_talloc failed!\n"));
exit(1);
}
- nt_response.length = strlen_w(((void *)nt_response.data))*sizeof(smb_ucs2_t);
+ nt_response.data = (unsigned char *)nt_response_ucs2;
+ nt_response.length = strlen_w(nt_response_ucs2)*sizeof(smb_ucs2_t);
- if ((password = strdup_upper(opt_password)) == NULL) {
- DEBUG(0, ("strdup_upper failed!\n"));
+ if ((password = strupper_talloc(talloc_tos(), opt_password)) == NULL) {
+ DEBUG(0, ("strupper_talloc() failed!\n"));
exit(1);
}
- if ((convert_string_allocate(NULL, CH_UNIX,
- CH_DOS, password,
- strlen(password)+1,
- (void**)&lm_response.data,True)) == -1) {
- DEBUG(0, ("convert_string_allocate failed!\n"));
+ if (!convert_string_talloc(talloc_tos(), CH_UNIX,
+ CH_DOS, password,
+ strlen(password)+1,
+ &lm_response.data,
+ &lm_response.length)) {
+ DEBUG(0, ("convert_string_talloc failed!\n"));
exit(1);
}
- SAFE_FREE(password);
-
- lm_response.length = strlen((const char *)lm_response.data);
+ TALLOC_FREE(password);
switch (break_which) {
case BREAK_NONE:
nt_response.data[0]++;
break;
case NO_LM:
- SAFE_FREE(lm_response.data);
+ TALLOC_FREE(lm_response.data);
lm_response.length = 0;
break;
case NO_NT:
- SAFE_FREE(nt_response.data);
+ TALLOC_FREE(nt_response.data);
nt_response.length = 0;
break;
}
&chall,
&lm_response,
&nt_response,
- flags,
+ flags, MSV1_0_CLEARTEXT_PASSWORD_ALLOWED,
lm_key,
user_session_key,
&error_string, NULL);
- SAFE_FREE(nt_response.data);
- SAFE_FREE(lm_response.data);
+ TALLOC_FREE(nt_response.data);
+ TALLOC_FREE(lm_response.data);
data_blob_free(&chall);
if (!NT_STATUS_IS_OK(nt_status)) {
return break_which != BREAK_NT;
}
-static BOOL test_plaintext_none_broken(void) {
+static bool test_plaintext_none_broken(void) {
return test_plaintext(BREAK_NONE);
}
-static BOOL test_plaintext_lm_broken(void) {
+static bool test_plaintext_lm_broken(void) {
return test_plaintext(BREAK_LM);
}
-static BOOL test_plaintext_nt_broken(void) {
+static bool test_plaintext_nt_broken(void) {
return test_plaintext(BREAK_NT);
}
-static BOOL test_plaintext_nt_only(void) {
+static bool test_plaintext_nt_only(void) {
return test_plaintext(NO_LM);
}
-static BOOL test_plaintext_lm_only(void) {
+static bool test_plaintext_lm_only(void) {
return test_plaintext(NO_NT);
}
*/
static const struct ntlm_tests {
- BOOL (*fn)(void);
+ bool (*fn)(void);
const char *name;
} test_table[] = {
{test_lm, "LM"},
{NULL, NULL}
};
-BOOL diagnose_ntlm_auth(void)
+bool diagnose_ntlm_auth(void)
{
unsigned int i;
- BOOL pass = True;
+ bool pass = True;
for (i=0; test_table[i].fn; i++) {
if (!test_table[i].fn()) {
git.samba.org / kai / samba.git / blobdiff