From 6195dfc0eb310a2362cb949a000979514a52c648 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 10 Dec 2010 12:12:23 +1100 Subject: [PATCH] s3-winbind Improve memory handling in NTLMv2-backend plaintext authentication Andrew Bartlett --- source3/winbindd/winbindd_pam.c | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 23ffb87b7e09..7ec0bff9a77f 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1166,36 +1166,25 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain, if (lp_client_ntlmv2_auth()) { DATA_BLOB server_chal; DATA_BLOB names_blob; - DATA_BLOB nt_response; - DATA_BLOB lm_response; - server_chal = data_blob_talloc(state->mem_ctx, chal, 8); + server_chal = data_blob_const(chal, 8); - /* note that the 'workgroup' here is a best guess - we don't know - the server's domain at this point. The 'server name' is also - dodgy... + /* note that the 'workgroup' here is for the local + machine. The 'server name' must match the + 'workstation' passed to the actual SamLogon call. */ names_blob = NTLMv2_generate_names_blob(state->mem_ctx, global_myname(), lp_workgroup()); - if (!SMBNTLMv2encrypt(NULL, name_user, name_domain, + if (!SMBNTLMv2encrypt(state->mem_ctx, name_user, name_domain, state->request->data.auth.pass, &server_chal, &names_blob, - &lm_response, &nt_response, NULL, NULL)) { + &lm_resp, &nt_resp, NULL, NULL)) { data_blob_free(&names_blob); - data_blob_free(&server_chal); DEBUG(0, ("winbindd_pam_auth: SMBNTLMv2encrypt() failed!\n")); result = NT_STATUS_NO_MEMORY; goto done; } data_blob_free(&names_blob); - data_blob_free(&server_chal); - lm_resp = data_blob_talloc(state->mem_ctx, lm_response.data, - lm_response.length); - nt_resp = data_blob_talloc(state->mem_ctx, nt_response.data, - nt_response.length); - data_blob_free(&lm_response); - data_blob_free(&nt_response); - } else { lm_resp = data_blob_null; SMBNTencrypt(state->request->data.auth.pass, -- 2.34.1