本文整理汇总了C++中data_blob_free函数的典型用法代码示例。如果您正苦于以下问题:C++ data_blob_free函数的具体用法?C++ data_blob_free怎么用?C++ data_blob_free使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了data_blob_free函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: close_normal_file
static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp,
enum file_close_type close_type)
{
NTSTATUS status = NT_STATUS_OK;
NTSTATUS tmp;
connection_struct *conn = fsp->conn;
bool is_durable = false;
if (fsp->num_aio_requests != 0) {
if (close_type != SHUTDOWN_CLOSE) {
/*
* reply_close and the smb2 close must have
* taken care of this. No other callers of
* close_file should ever have created async
* I/O.
*
* We need to panic here because if we close()
* the fd while we have outstanding async I/O
* requests, in the worst case we could end up
* writing to the wrong file.
*/
DEBUG(0, ("fsp->num_aio_requests=%u\n",
fsp->num_aio_requests));
smb_panic("can not close with outstanding aio "
"requests");
}
/*
* For shutdown close, just drop the async requests
* including a potential close request pending for
* this fsp. Drop the close request first, the
* destructor for the aio_requests would execute it.
*/
TALLOC_FREE(fsp->deferred_close);
while (fsp->num_aio_requests != 0) {
/*
* The destructor of the req will remove
* itself from the fsp.
* Don't use TALLOC_FREE here, this will overwrite
* what the destructor just wrote into
* aio_requests[0].
*/
talloc_free(fsp->aio_requests[0]);
}
}
/*
* If we're flushing on a close we can get a write
* error here, we must remember this.
*/
tmp = close_filestruct(fsp);
status = ntstatus_keeperror(status, tmp);
if (NT_STATUS_IS_OK(status) && fsp->op != NULL) {
is_durable = fsp->op->global->durable;
}
if (close_type != SHUTDOWN_CLOSE) {
is_durable = false;
}
if (is_durable) {
DATA_BLOB new_cookie = data_blob_null;
tmp = SMB_VFS_DURABLE_DISCONNECT(fsp,
fsp->op->global->backend_cookie,
fsp->op,
&new_cookie);
if (NT_STATUS_IS_OK(tmp)) {
struct timeval tv;
NTTIME now;
if (req != NULL) {
tv = req->request_time;
} else {
tv = timeval_current();
}
now = timeval_to_nttime(&tv);
data_blob_free(&fsp->op->global->backend_cookie);
fsp->op->global->backend_cookie = new_cookie;
fsp->op->compat = NULL;
tmp = smbXsrv_open_close(fsp->op, now);
if (!NT_STATUS_IS_OK(tmp)) {
DEBUG(1, ("Failed to update smbXsrv_open "
"record when disconnecting durable "
"handle for file %s: %s - "
"proceeding with normal close\n",
fsp_str_dbg(fsp), nt_errstr(tmp)));
}
scavenger_schedule_disconnected(fsp);
} else {
DEBUG(1, ("Failed to disconnect durable handle for "
"file %s: %s - proceeding with normal "
"close\n", fsp_str_dbg(fsp), nt_errstr(tmp)));
}
//.........这里部分代码省略.........
开发者ID:GSam,项目名称:samba,代码行数:101,代码来源:close.c
示例2: dcerpc_check_auth
//.........这里部分代码省略.........
*/
SMB_ASSERT(raw_pkt->length == pkt->frag_length);
SMB_ASSERT(header_size <= pkt->frag_length);
SMB_ASSERT(pkt_trailer->length < pkt->frag_length);
SMB_ASSERT((pkt_trailer->length + header_size) <= pkt->frag_length);
switch (auth->auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
DEBUG(10, ("Requested Privacy.\n"));
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
DEBUG(10, ("Requested Integrity.\n"));
break;
case DCERPC_AUTH_LEVEL_PACKET:
DEBUG(10, ("Requested packet.\n"));
break;
case DCERPC_AUTH_LEVEL_CONNECT:
if (pkt->auth_length != 0) {
break;
}
return NT_STATUS_OK;
case DCERPC_AUTH_LEVEL_NONE:
if (pkt->auth_length != 0) {
DEBUG(3, ("Got non-zero auth len on non "
"authenticated connection!\n"));
return NT_STATUS_INVALID_PARAMETER;
}
return NT_STATUS_OK;
default:
DEBUG(3, ("Unimplemented Auth Level %d",
auth->auth_level));
return NT_STATUS_INVALID_PARAMETER;
}
if (pkt->auth_length == 0) {
return NT_STATUS_INVALID_PARAMETER;
}
status = dcerpc_pull_auth_trailer(pkt, pkt, pkt_trailer,
&auth_info, &auth_length, false);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (auth_info.auth_type != auth->auth_type) {
return NT_STATUS_INVALID_PARAMETER;
}
if (auth_info.auth_level != auth->auth_level) {
return NT_STATUS_INVALID_PARAMETER;
}
if (auth_info.auth_context_id != auth->auth_context_id) {
return NT_STATUS_INVALID_PARAMETER;
}
pkt_trailer->length -= auth_length;
data = data_blob_const(raw_pkt->data + header_size,
pkt_trailer->length);
full_pkt = data_blob_const(raw_pkt->data, raw_pkt->length);
full_pkt.length -= auth_info.credentials.length;
switch (auth->auth_type) {
case DCERPC_AUTH_TYPE_NONE:
return NT_STATUS_OK;
default:
DEBUG(10, ("GENSEC auth\n"));
gensec_security = auth->auth_ctx;
status = get_generic_auth_footer(gensec_security,
auth->auth_level,
&data, &full_pkt,
&auth_info.credentials);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
break;
}
/* TODO: remove later
* this is still needed because in the server code the
* pkt_trailer actually has a copy of the raw data, and they
* are still both used in later calls */
if (auth->auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
if (pkt_trailer->length != data.length) {
return NT_STATUS_INVALID_PARAMETER;
}
memcpy(pkt_trailer->data, data.data, data.length);
}
pkt_trailer->length -= auth_info.auth_pad_length;
data_blob_free(&auth_info.credentials);
return NT_STATUS_OK;
}
开发者ID:Alexander--,项目名称:samba,代码行数:101,代码来源:dcerpc_helpers.c
示例3: cli_credentials_get_ntlm_response
//.........这里部分代码省略.........
uint8_t user_session_key[16];
lm_response = data_blob_talloc(mem_ctx, NULL, 24);
generate_random_buffer(lm_response.data, 8);
memset(lm_response.data+8, 0, 16);
memcpy(session_nonce, challenge.data, 8);
memcpy(&session_nonce[8], lm_response.data, 8);
MD5Init(&md5_session_nonce_ctx);
MD5Update(&md5_session_nonce_ctx, challenge.data, 8);
MD5Update(&md5_session_nonce_ctx, lm_response.data, 8);
MD5Final(session_nonce_hash, &md5_session_nonce_ctx);
DEBUG(5, ("NTLMSSP challenge set by NTLM2\n"));
DEBUG(5, ("challenge is: \n"));
dump_data(5, session_nonce_hash, 8);
nt_response = data_blob_talloc(mem_ctx, NULL, 24);
SMBOWFencrypt(nt_hash->hash,
session_nonce_hash,
nt_response.data);
session_key = data_blob_talloc(mem_ctx, NULL, 16);
SMBsesskeygen_ntv1(nt_hash->hash, user_session_key);
hmac_md5(user_session_key, session_nonce, sizeof(session_nonce), session_key.data);
dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length);
/* LM Key is incompatible... */
*flags &= ~CLI_CRED_LANMAN_AUTH;
} else {
uint8_t lm_hash[16];
nt_response = data_blob_talloc(mem_ctx, NULL, 24);
SMBOWFencrypt(nt_hash->hash, challenge.data,
nt_response.data);
session_key = data_blob_talloc(mem_ctx, NULL, 16);
SMBsesskeygen_ntv1(nt_hash->hash, session_key.data);
dump_data_pw("NT session key:\n", session_key.data, session_key.length);
/* lanman auth is insecure, it may be disabled.
We may also not have a password */
if (*flags & CLI_CRED_LANMAN_AUTH) {
const char *password;
password = cli_credentials_get_password(cred);
if (!password) {
lm_response = nt_response;
} else {
lm_response = data_blob_talloc(mem_ctx, NULL, 24);
if (!SMBencrypt(password,challenge.data,
lm_response.data)) {
/* If the LM password was too long (and therefore the LM hash being
of the first 14 chars only), don't send it.
We don't have any better options but to send the NT response
*/
data_blob_free(&lm_response);
lm_response = nt_response;
/* LM Key is incompatible with 'long' passwords */
*flags &= ~CLI_CRED_LANMAN_AUTH;
} else if (E_deshash(password, lm_hash)) {
lm_session_key = data_blob_talloc(mem_ctx, NULL, 16);
memcpy(lm_session_key.data, lm_hash, 8);
memset(&lm_session_key.data[8], '\0', 8);
if (!(*flags & CLI_CRED_NTLM_AUTH)) {
session_key = lm_session_key;
}
}
}
} else {
const char *password;
/* LM Key is incompatible... */
lm_response = nt_response;
*flags &= ~CLI_CRED_LANMAN_AUTH;
password = cli_credentials_get_password(cred);
if (password && E_deshash(password, lm_hash)) {
lm_session_key = data_blob_talloc(mem_ctx, NULL, 16);
memcpy(lm_session_key.data, lm_hash, 8);
memset(&lm_session_key.data[8], '\0', 8);
}
}
}
if (_lm_response) {
*_lm_response = lm_response;
}
if (_nt_response) {
*_nt_response = nt_response;
}
if (_lm_session_key) {
*_lm_session_key = lm_session_key;
}
if (_session_key) {
*_session_key = session_key;
}
return NT_STATUS_OK;
}
开发者ID:ajpuente,项目名称:samba,代码行数:101,代码来源:credentials_ntlm.c
示例4: winbindd_ccache_ntlm_auth
//.........这里部分代码省略.........
DEBUG(5,("winbindd_ccache_ntlm_auth: cannot parse domain and user from name [%s]\n",
state->request->data.ccache_ntlm_auth.user));
request_error(state);
return;
}
domain = find_auth_domain(state->request->flags, name_domain);
if (domain == NULL) {
DEBUG(5,("winbindd_ccache_ntlm_auth: can't get domain [%s]\n",
name_domain));
request_error(state);
return;
}
if (!check_client_uid(state, state->request->data.ccache_ntlm_auth.uid)) {
request_error(state);
return;
}
/* validate blob lengths */
initial_blob_len = state->request->data.ccache_ntlm_auth.initial_blob_len;
challenge_blob_len = state->request->data.ccache_ntlm_auth.challenge_blob_len;
extra_len = state->request->extra_len;
if (initial_blob_len > extra_len || challenge_blob_len > extra_len ||
initial_blob_len + challenge_blob_len > extra_len ||
initial_blob_len + challenge_blob_len < initial_blob_len ||
initial_blob_len + challenge_blob_len < challenge_blob_len) {
DEBUG(10,("winbindd_dual_ccache_ntlm_auth: blob lengths overrun "
"or wrap. Buffer [%d+%d > %d]\n",
initial_blob_len,
challenge_blob_len,
extra_len));
goto process_result;
}
/* Parse domain and username */
if (!parse_domain_user(state->request->data.ccache_ntlm_auth.user, name_domain, name_user)) {
DEBUG(10,("winbindd_dual_ccache_ntlm_auth: cannot parse "
"domain and user from name [%s]\n",
state->request->data.ccache_ntlm_auth.user));
goto process_result;
}
entry = find_memory_creds_by_name(state->request->data.ccache_ntlm_auth.user);
if (entry == NULL || entry->nt_hash == NULL || entry->lm_hash == NULL) {
DEBUG(10,("winbindd_dual_ccache_ntlm_auth: could not find "
"credentials for user %s\n",
state->request->data.ccache_ntlm_auth.user));
goto process_result;
}
DEBUG(10,("winbindd_dual_ccache_ntlm_auth: found ccache [%s]\n", entry->username));
if (!client_can_access_ccache_entry(state->request->data.ccache_ntlm_auth.uid, entry)) {
goto process_result;
}
if (initial_blob_len == 0 && challenge_blob_len == 0) {
/* this is just a probe to see if credentials are available. */
result = NT_STATUS_OK;
state->response->data.ccache_ntlm_auth.auth_blob_len = 0;
goto process_result;
}
initial = data_blob_const(state->request->extra_data.data,
initial_blob_len);
challenge = data_blob_const(
state->request->extra_data.data + initial_blob_len,
state->request->data.ccache_ntlm_auth.challenge_blob_len);
result = do_ntlm_auth_with_stored_pw(
name_user, name_domain, entry->pass,
initial, challenge, &auth,
state->response->data.ccache_ntlm_auth.session_key);
if (!NT_STATUS_IS_OK(result)) {
goto process_result;
}
state->response->extra_data.data = talloc_memdup(
state->mem_ctx, auth.data, auth.length);
if (!state->response->extra_data.data) {
result = NT_STATUS_NO_MEMORY;
goto process_result;
}
state->response->length += auth.length;
state->response->data.ccache_ntlm_auth.auth_blob_len = auth.length;
data_blob_free(&auth);
process_result:
if (!NT_STATUS_IS_OK(result)) {
request_error(state);
return;
}
request_ok(state);
}
开发者ID:JiangWeiGitHub,项目名称:Samba,代码行数:101,代码来源:winbindd_ccache_access.c
示例5: add_generic_auth_footer
static NTSTATUS add_generic_auth_footer(struct gensec_security *gensec_security,
enum dcerpc_AuthLevel auth_level,
DATA_BLOB *rpc_out)
{
uint16_t data_and_pad_len = rpc_out->length
- DCERPC_RESPONSE_LENGTH
- DCERPC_AUTH_TRAILER_LENGTH;
DATA_BLOB auth_blob;
NTSTATUS status;
if (!gensec_security) {
return NT_STATUS_INVALID_PARAMETER;
}
switch (auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */
status = gensec_seal_packet(gensec_security,
rpc_out->data,
rpc_out->data
+ DCERPC_RESPONSE_LENGTH,
data_and_pad_len,
rpc_out->data,
rpc_out->length,
&auth_blob);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
case DCERPC_AUTH_LEVEL_PACKET:
/* Data is signed. */
status = gensec_sign_packet(gensec_security,
rpc_out->data,
rpc_out->data
+ DCERPC_RESPONSE_LENGTH,
data_and_pad_len,
rpc_out->data,
rpc_out->length,
&auth_blob);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
break;
default:
/* Can't happen. */
smb_panic("bad auth level");
/* Notreached. */
return NT_STATUS_INVALID_PARAMETER;
}
/* Finally attach the blob. */
if (!data_blob_append(NULL, rpc_out,
auth_blob.data, auth_blob.length)) {
DEBUG(0, ("Failed to add %u bytes auth blob.\n",
(unsigned int)auth_blob.length));
return NT_STATUS_NO_MEMORY;
}
data_blob_free(&auth_blob);
return NT_STATUS_OK;
}
开发者ID:Alexander--,项目名称:samba,代码行数:64,代码来源:dcerpc_helpers.c
示例6: dcerpc_check_auth
//.........这里部分代码省略.........
if (((unsigned int)pkt->auth_length
+ DCERPC_AUTH_TRAILER_LENGTH < (unsigned int)pkt->auth_length) ||
((unsigned int)pkt->auth_length
+ DCERPC_AUTH_TRAILER_LENGTH < DCERPC_AUTH_TRAILER_LENGTH)) {
/* Integer wrap attempt. */
return NT_STATUS_INFO_LENGTH_MISMATCH;
}
status = dcerpc_pull_auth_trailer(pkt, pkt, pkt_trailer,
&auth_info, &auth_length, false);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
data = data_blob_const(raw_pkt->data + header_size,
pkt_trailer->length - auth_length);
full_pkt = data_blob_const(raw_pkt->data,
raw_pkt->length - auth_info.credentials.length);
switch (auth->auth_type) {
case DCERPC_AUTH_TYPE_NONE:
case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
return NT_STATUS_OK;
case DCERPC_AUTH_TYPE_SPNEGO:
spnego_ctx = talloc_get_type_abort(auth->auth_ctx,
struct spnego_context);
status = get_spnego_auth_footer(pkt, spnego_ctx,
auth->auth_level,
&data, &full_pkt,
&auth_info.credentials);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
break;
case DCERPC_AUTH_TYPE_NTLMSSP:
DEBUG(10, ("NTLMSSP auth\n"));
ntlmssp_ctx = talloc_get_type_abort(auth->auth_ctx,
struct auth_ntlmssp_state);
status = get_ntlmssp_auth_footer(ntlmssp_ctx,
auth->auth_level,
&data, &full_pkt,
&auth_info.credentials);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
break;
case DCERPC_AUTH_TYPE_SCHANNEL:
DEBUG(10, ("SCHANNEL auth\n"));
schannel_auth = talloc_get_type_abort(auth->auth_ctx,
struct schannel_state);
status = get_schannel_auth_footer(pkt, schannel_auth,
auth->auth_level,
&data, &full_pkt,
&auth_info.credentials);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
break;
case DCERPC_AUTH_TYPE_KRB5:
DEBUG(10, ("KRB5 auth\n"));
gse_ctx = talloc_get_type_abort(auth->auth_ctx,
struct gse_context);
status = get_gssapi_auth_footer(pkt, gse_ctx,
auth->auth_level,
&data, &full_pkt,
&auth_info.credentials);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
break;
default:
DEBUG(0, ("process_request_pdu: "
"unknown auth type %u set.\n",
(unsigned int)auth->auth_type));
return NT_STATUS_INVALID_PARAMETER;
}
/* TODO: remove later
* this is still needed because in the server code the
* pkt_trailer actually has a copy of the raw data, and they
* are still both used in later calls */
if (auth->auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
memcpy(pkt_trailer->data, data.data, data.length);
}
*pad_len = auth_info.auth_pad_length;
data_blob_free(&auth_info.credentials);
return NT_STATUS_OK;
}
开发者ID:Alexandr-Galko,项目名称:samba,代码行数:101,代码来源:dcerpc_helpers.c
示例7: cli_list_new
//.........这里部分代码省略.........
if (cli_is_error(cli) || !rdata || !rparam) {
SAFE_FREE(rdata);
SAFE_FREE(rparam);
break;
}
if (total_received == -1)
total_received = 0;
/* parse out some important return info */
p = rparam;
if (First) {
ff_dir_handle = SVAL(p,0);
ff_searchcount = SVAL(p,2);
ff_eos = SVAL(p,4);
} else {
ff_searchcount = SVAL(p,0);
ff_eos = SVAL(p,2);
}
if (ff_searchcount == 0) {
SAFE_FREE(rdata);
SAFE_FREE(rparam);
break;
}
/* point to the data bytes */
p = rdata;
/* we might need the lastname for continuations */
for (p2=p,i=0;i<ff_searchcount;i++) {
if ((info_level == 260) && (i == ff_searchcount-1)) {
/* Last entry - fixup the last offset length. */
SIVAL(p2,0,PTR_DIFF((rdata + data_len),p2));
}
p2 += interpret_long_filename(cli,info_level,p2,&finfo,
&resume_key,&last_name_raw,&last_name_raw_len);
if (!First && *mask && strcsequal(finfo.name, mask)) {
DEBUG(0,("Error: Looping in FIND_NEXT as name %s has already been seen?\n",
finfo.name));
ff_eos = 1;
break;
}
}
if (ff_searchcount > 0) {
pstrcpy(mask, finfo.name);
} else {
pstrcpy(mask,"");
}
/* grab the data for later use */
/* and add them to the dirlist pool */
dirlist = (char *)SMB_REALLOC(dirlist,dirlist_len + data_len);
if (!dirlist) {
DEBUG(0,("cli_list_new: Failed to expand dirlist\n"));
SAFE_FREE(rdata);
SAFE_FREE(rparam);
break;
}
memcpy(dirlist+dirlist_len,p,data_len);
dirlist_len += data_len;
total_received += ff_searchcount;
SAFE_FREE(rdata);
SAFE_FREE(rparam);
DEBUG(3,("received %d entries (eos=%d)\n",
ff_searchcount,ff_eos));
if (ff_searchcount > 0)
loop_count = 0;
First = False;
}
mnt = cli_cm_get_mntpoint( cli );
/* see if the server disconnected or the connection otherwise failed */
if (cli_is_error(cli)) {
total_received = -1;
} else {
/* no connection problem. let user function add each entry */
for (p=dirlist,i=0;i<total_received;i++) {
p += interpret_long_filename(cli, info_level, p,
&finfo,NULL,NULL,NULL);
fn( mnt,&finfo, Mask, state );
}
}
/* free up the dirlist buffer and last name raw blob */
SAFE_FREE(dirlist);
data_blob_free(&last_name_raw);
return(total_received);
}
开发者ID:edwacode,项目名称:r6300v2,代码行数:101,代码来源:clilist.c
示例8: test_ntlm_in_both
static bool test_ntlm_in_both(void)
{
bool pass = True;
NTSTATUS nt_status;
uint32 flags = 0;
DATA_BLOB nt_response = data_blob(NULL, 24);
DATA_BLOB session_key = data_blob(NULL, 16);
uint8 lm_key[8];
uint8 lm_hash[16];
uint8 user_session_key[16];
uint8 nt_hash[16];
DATA_BLOB chall = get_challenge();
char *error_string;
ZERO_STRUCT(lm_key);
ZERO_STRUCT(user_session_key);
flags |= WBFLAG_PAM_LMKEY;
flags |= WBFLAG_PAM_USER_SESSION_KEY;
SMBNTencrypt(opt_password,chall.data,nt_response.data);
E_md4hash(opt_password, nt_hash);
SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
E_deshash(opt_password, lm_hash);
nt_status = contact_winbind_auth_crap(opt_username, opt_domain,
opt_workstation,
&chall,
&nt_response,
&nt_response,
flags,
lm_key,
user_session_key,
&error_string, NULL);
data_blob_free(&nt_response);
if (!NT_STATUS_IS_OK(nt_status)) {
d_printf("%s (0x%x)\n",
error_string,
NT_STATUS_V(nt_status));
SAFE_FREE(error_string);
return False;
}
if (memcmp(lm_hash, lm_key,
sizeof(lm_key)) != 0) {
DEBUG(1, ("LM Key does not match expectations!\n"));
DEBUG(1, ("lm_key:\n"));
dump_data(1, lm_key, 8);
DEBUG(1, ("expected:\n"));
dump_data(1, lm_hash, 8);
pass = False;
}
if (memcmp(session_key.data, user_session_key,
sizeof(user_session_key)) != 0) {
DEBUG(1, ("NT Session Key does not match expectations!\n"));
DEBUG(1, ("user_session_key:\n"));
dump_data(1, user_session_key, 16);
DEBUG(1, ("expected:\n"));
dump_data(1, session_key.data, session_key.length);
pass = False;
}
return pass;
}
开发者ID:berte,项目名称:mediaplayer,代码行数:69,代码来源:ntlm_auth_diagnostics.c
示例9: test_lmv2_ntlmv2_broken
static bool test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
{
bool pass = True;
NTSTATUS nt_status;
uint32 flags = 0;
DATA_BLOB ntlmv2_response = data_blob_null;
DATA_BLOB lmv2_response = data_blob_null;
DATA_BLOB ntlmv2_session_key = data_blob_null;
DATA_BLOB names_blob = NTLMv2_generate_names_blob(get_winbind_netbios_name(), get_winbind_domain());
uchar user_session_key[16];
DATA_BLOB chall = get_challenge();
char *error_string;
ZERO_STRUCT(user_session_key);
flags |= WBFLAG_PAM_USER_SESSION_KEY;
if (!SMBNTLMv2encrypt(opt_username, opt_domain, opt_password, &chall,
&names_blob,
&lmv2_response, &ntlmv2_response,
&ntlmv2_session_key)) {
data_blob_free(&names_blob);
return False;
}
data_blob_free(&names_blob);
switch (break_which) {
case BREAK_NONE:
break;
case BREAK_LM:
lmv2_response.data[0]++;
break;
case BREAK_NT:
ntlmv2_response.data[0]++;
break;
case NO_LM:
data_blob_free(&lmv2_response);
break;
case NO_NT:
data_blob_free(&ntlmv2_response);
break;
}
nt_status = contact_winbind_auth_crap(opt_username, opt_domain,
opt_workstation,
&chall,
&lmv2_response,
&ntlmv2_response,
flags,
NULL,
user_session_key,
&error_string, NULL);
data_blob_free(&lmv2_response);
data_blob_free(&ntlmv2_response);
if (!NT_STATUS_IS_OK(nt_status)) {
d_printf("%s (0x%x)\n",
error_string,
NT_STATUS_V(nt_status));
SAFE_FREE(error_string);
return break_which == BREAK_NT;
}
if (break_which != NO_NT && break_which != BREAK_NT && memcmp(ntlmv2_session_key.data, user_session_key,
sizeof(user_session_key)) != 0) {
DEBUG(1, ("USER (NTLMv2) Session Key does not match expectations!\n"));
DEBUG(1, ("user_session_key:\n"));
dump_data(1, user_session_key, 16);
DEBUG(1, ("expected:\n"));
dump_data(1, ntlmv2_session_key.data, ntlmv2_session_key.length);
pass = False;
}
return pass;
}
开发者ID:berte,项目名称:mediaplayer,代码行数:76,代码来源:ntlm_auth_diagnostics.c
示例10: dcerpc_check_auth
//.........这里部分代码省略.........
* @return A NTSTATUS error code
*/
NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
struct ncacn_packet *pkt,
DATA_BLOB *pkt_trailer,
size_t header_size,
DATA_BLOB *raw_pkt,
size_t *pad_len)
{
struct gensec_security *gensec_security;
NTSTATUS status;
struct dcerpc_auth auth_info;
uint32_t auth_length;
DATA_BLOB full_pkt;
DATA_BLOB data;
switch (auth->auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
DEBUG(10, ("Requested Privacy.\n"));
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
DEBUG(10, ("Requested Integrity.\n"));
break;
case DCERPC_AUTH_LEVEL_CONNECT:
if (pkt->auth_length != 0) {
break;
}
*pad_len = 0;
return NT_STATUS_OK;
case DCERPC_AUTH_LEVEL_NONE:
if (pkt->auth_length != 0) {
DEBUG(3, ("Got non-zero auth len on non "
"authenticated connection!\n"));
return NT_STATUS_INVALID_PARAMETER;
}
*pad_len = 0;
return NT_STATUS_OK;
default:
DEBUG(3, ("Unimplemented Auth Level %d",
auth->auth_level));
return NT_STATUS_INVALID_PARAMETER;
}
/* Paranioa checks for auth_length. */
if (pkt->auth_length > pkt->frag_length) {
return NT_STATUS_INFO_LENGTH_MISMATCH;
}
if (((unsigned int)pkt->auth_length
+ DCERPC_AUTH_TRAILER_LENGTH < (unsigned int)pkt->auth_length) ||
((unsigned int)pkt->auth_length
+ DCERPC_AUTH_TRAILER_LENGTH < DCERPC_AUTH_TRAILER_LENGTH)) {
/* Integer wrap attempt. */
return NT_STATUS_INFO_LENGTH_MISMATCH;
}
status = dcerpc_pull_auth_trailer(pkt, pkt, pkt_trailer,
&auth_info, &auth_length, false);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
data = data_blob_const(raw_pkt->data + header_size,
pkt_trailer->length - auth_length);
full_pkt = data_blob_const(raw_pkt->data,
raw_pkt->length - auth_info.credentials.length);
switch (auth->auth_type) {
case DCERPC_AUTH_TYPE_NONE:
return NT_STATUS_OK;
default:
DEBUG(10, ("GENSEC auth\n"));
gensec_security = auth->auth_ctx;
status = get_generic_auth_footer(gensec_security,
auth->auth_level,
&data, &full_pkt,
&auth_info.credentials);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
break;
}
/* TODO: remove later
* this is still needed because in the server code the
* pkt_trailer actually has a copy of the raw data, and they
* are still both used in later calls */
if (auth->auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
memcpy(pkt_trailer->data, data.data, data.length);
}
*pad_len = auth_info.auth_pad_length;
data_blob_free(&auth_info.credentials);
return NT_STATUS_OK;
}
开发者ID:285858315,项目名称:samba,代码行数:101,代码来源:dcerpc_helpers.c
示例11: encrypt_user_info
NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_context,
enum auth_password_state to_state,
const struct auth_usersupplied_info *user_info_in,
const struct auth_usersupplied_info **user_info_encrypted)
{
NTSTATUS nt_status;
struct auth_usersupplied_info *user_info_temp;
switch (to_state) {
case AUTH_PASSWORD_RESPONSE:
switch (user_info_in->password_state) {
case AUTH_PASSWORD_PLAIN:
{
const struct auth_usersupplied_info *user_info_temp2;
nt_status = encrypt_user_info(mem_ctx, auth_context,
AUTH_PASSWORD_HASH,
user_info_in, &user_info_temp2);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
user_info_in = user_info_temp2;
/* fall through */
}
case AUTH_PASSWORD_HASH:
{
const uint8_t *challenge;
DATA_BLOB chall_blob;
user_info_temp = talloc(mem_ctx, struct auth_usersupplied_info);
if (!user_info_temp) {
return NT_STATUS_NO_MEMORY;
}
if (!talloc_reference(user_info_temp, user_info_in)) {
return NT_STATUS_NO_MEMORY;
}
*user_info_temp = *user_info_in;
user_info_temp->mapped_state = to_state;
nt_status = auth_get_challenge(auth_context, &challenge);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
chall_blob = data_blob_talloc(mem_ctx, challenge, 8);
if (lp_client_ntlmv2_auth(auth_context->lp_ctx)) {
DATA_BLOB names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(auth_context->lp_ctx), lp_workgroup(auth_context->lp_ctx));
DATA_BLOB lmv2_response, ntlmv2_response, lmv2_session_key, ntlmv2_session_key;
if (!SMBNTLMv2encrypt_hash(user_info_temp,
user_info_in->client.account_name,
user_info_in->client.domain_name,
user_info_in->password.hash.nt->hash, &chall_blob,
&names_blob,
&lmv2_response, &ntlmv2_response,
&lmv2_session_key, &ntlmv2_session_key)) {
data_blob_free(&names_blob);
return NT_STATUS_NO_MEMORY;
}
data_blob_free(&names_blob);
user_info_temp->password.response.lanman = lmv2_response;
user_info_temp->password.response.nt = ntlmv2_response;
data_blob_free(&lmv2_session_key);
data_blob_free(&ntlmv2_session_key);
} else {
DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, 24);
SMBOWFencrypt(user_info_in->password.hash.nt->hash, challenge, blob.data);
user_info_temp->password.response.nt = blob;
if (lp_client_lanman_auth(auth_context->lp_ctx) && user_info_in->password.hash.lanman) {
DATA_BLOB lm_blob = data_blob_talloc(mem_ctx, NULL, 24);
SMBOWFencrypt(user_info_in->password.hash.lanman->hash, challenge, blob.data);
user_info_temp->password.response.lanman = lm_blob;
} else {
/* if not sending the LM password, send the NT password twice */
user_info_temp->password.response.lanman = user_info_temp->password.response.nt;
}
}
user_info_in = user_info_temp;
/* fall through */
}
case AUTH_PASSWORD_RESPONSE:
*user_info_encrypted = user_info_in;
}
break;
case AUTH_PASSWORD_HASH:
{
switch (user_info_in->password_state) {
case AUTH_PASSWORD_PLAIN:
{
struct samr_Password lanman;
struct samr_Password nt;
user_info_temp = talloc(mem_ctx, struct auth_usersupplied_info);
if (!user_info_temp) {
return NT_STATUS_NO_MEMORY;
}
if (!talloc_reference(user_info_temp, user_info_in)) {
return NT_STATUS_NO_MEMORY;
}
*user_info_temp = *user_info_in;
//.........这里部分代码省略.........
开发者ID:0x24bin,项目名称:winexe-1,代码行数:101,代码来源:auth_util.c
示例12: gssapi_seal_packet
NTSTATUS gssapi_seal_packet(gss_ctx_id_t gssapi_context,
const gss_OID mech,
bool hdr_signing, size_t sig_size,
uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
TALLOC_CTX *mem_ctx,
DATA_BLOB *sig)
{
OM_uint32 maj_stat, min_stat;
gss_iov_buffer_desc iov[4];
int req_seal = 1;
int sealed = 0;
const uint8_t *pre_sign_ptr = NULL;
size_t pre_sign_len = 0;
const uint8_t *post_sign_ptr = NULL;
size_t post_sign_len = 0;
if (hdr_signing) {
const uint8_t *de = data + length;
const uint8_t *we = whole_pdu + pdu_length;
if (data < whole_pdu) {
return NT_STATUS_INVALID_PARAMETER;
}
if (de > we) {
return NT_STATUS_INVALID_PARAMETER;
}
pre_sign_len = data - whole_pdu;
if (pre_sign_len > 0) {
pre_sign_ptr = whole_pdu;
}
post_sign_len = we - de;
if (post_sign_len > 0) {
post_sign_ptr = de;
}
}
sig->length = sig_size;
if (sig->length == 0) {
return NT_STATUS_ACCESS_DENIED;
}
sig->data = talloc_zero_array(mem_ctx, uint8_t, sig->length);
if (sig->data == NULL) {
return NT_STATUS_NO_MEMORY;
}
iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER;
iov[0].buffer.length = sig->length;
iov[0].buffer.value = sig->data;
if (pre_sign_ptr != NULL) {
iov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY;
iov[1].buffer.length = pre_sign_len;
iov[1].buffer.value = discard_const(pre_sign_ptr);
} else {
iov[1].type = GSS_IOV_BUFFER_TYPE_EMPTY;
iov[1].buffer.length = 0;
iov[1].buffer.value = NULL;
}
/* data is encrypted in place, which is ok */
iov[2].type = GSS_IOV_BUFFER_TYPE_DATA;
iov[2].buffer.length = length;
iov[2].buffer.value = data;
if (post_sign_ptr != NULL) {
iov[3].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY;
iov[3].buffer.length = post_sign_len;
iov[3].buffer.value = discard_const(post_sign_ptr);
} else {
iov[3].type = GSS_IOV_BUFFER_TYPE_EMPTY;
iov[3].buffer.length = 0;
iov[3].buffer.value = NULL;
}
maj_stat = gss_wrap_iov(&min_stat,
gssapi_context,
req_seal,
GSS_C_QOP_DEFAULT,
&sealed,
iov, ARRAY_SIZE(iov));
if (GSS_ERROR(maj_stat)) {
char *error_string = gssapi_error_string(mem_ctx,
maj_stat,
min_stat,
mech);
DEBUG(1, ("gss_wrap_iov failed: %s\n", error_string));
talloc_free(error_string);
data_blob_free(sig);
return NT_STATUS_ACCESS_DENIED;
}
if (req_seal == 1 && sealed == 0) {
DEBUG(0, ("gss_wrap_iov says data was not sealed!\n"));
data_blob_free(sig);
return NT_STATUS_ACCESS_DENIED;
}
//.........这里部分代码省略.........
开发者ID:Alexander--,项目名称:samba,代码行数:101,代码来源:gssapi_helper.c
示例13: reply_nt1
//.........这里部分代码省略.........
capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_W2K_SMBS;
if (SMB_OFF_T_BITS == 64)
capabilities |= CAP_LARGE_FILES;
if (lp_readraw() && lp_writeraw())
capabilities |= CAP_RAW_MODE;
if (lp_nt_status_support())
capabilities |= CAP_STATUS32;
if (lp_host_msdfs())
capabilities |= CAP_DFS;
if (lp_security() >= SEC_USER) {
secword |= NEGOTIATE_SECURITY_USER_LEVEL;
}
if (sconn->smb1.negprot.encrypted_passwords) {
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
}
if (lp_server_signing()) {
if (lp_security() >= SEC_USER) {
secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
/* No raw mode with smb signing. */
capabilities &= ~CAP_RAW_MODE;
if (lp_server_signing() == Required)
secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
srv_set_signing_negotiated(sconn);
} else {
DEBUG(0,("reply_nt1: smb signing is incompatible with share level security !\n"));
if (lp_server_signing() == Required) {
exit_server_cleanly("reply_nt1: smb signing required and share level security selected.");
}
}
}
SSVAL(req->outbuf,smb_vwv0,choice);
SCVAL(req->outbuf,smb_vwv1,secword);
set_Protocol(PROTOCOL_NT1);
SSVAL(req->outbuf,smb_vwv1+1,lp_maxmux()); /* maxmpx */
SSVAL(req->outbuf,smb_vwv2+1,1); /* num vcs */
SIVAL(req->outbuf,smb_vwv3+1,
sconn->smb1.negprot.max_recv); /* max buffer. LOTS! */
SIVAL(req->outbuf,smb_vwv5+1,0x10000); /* raw size. full 64k */
SIVAL(req->outbuf,smb_vwv7+1,sys_getpid()); /* session key */
SIVAL(req->outbuf,smb_vwv9+1,capabilities); /* capabilities */
clock_gettime(CLOCK_REALTIME,&ts);
put_long_date_timespec(TIMESTAMP_SET_NT_OR_BETTER,(char *)req->outbuf+smb_vwv11+1,ts);
SSVALS(req->outbuf,smb_vwv15+1,set_server_zone_offset(ts.tv_sec)/60);
if (!negotiate_spnego) {
/* Create a token value and add it to the outgoing packet. */
if (sconn->smb1.negprot.encrypted_passwords) {
uint8 chal[8];
/* note that we do not send a challenge at all if
we are using plaintext */
get_challenge(sconn, chal);
ret = message_push_blob(
&req->outbuf, data_blob_const(chal, sizeof(chal)));
if (ret == -1) {
DEBUG(0, ("Could not push challenge\n"));
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
SCVAL(req->outbuf, smb_vwv16+1, ret);
}
ret = message_push_string(&req->outbuf, lp_workgroup(),
STR_UNICODE|STR_TERMINATE
|STR_NOALIGN);
if (ret == -1) {
DEBUG(0, ("Could not push workgroup string\n"));
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
DEBUG(3,("not using SPNEGO\n"));
} else {
DATA_BLOB spnego_blob = negprot_spnego(req, req->sconn);
if (spnego_blob.data == NULL) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
ret = message_push_blob(&req->outbuf, spnego_blob);
if (ret == -1) {
DEBUG(0, ("Could not push spnego blob\n"));
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
data_blob_free(&spnego_blob);
SCVAL(req->outbuf,smb_vwv16+1, 0);
DEBUG(3,("using SPNEGO\n"));
}
return;
}
开发者ID:Alexandr-Galko,项目名称:samba,代码行数:101,代码来源:negprot.c
示例14: negprot_spnego
DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
{
DATA_BLOB blob = data_blob_null;
DATA_BLOB blob_out = data_blob_null;
nstring dos_name;
fstring unix_name;
#ifdef DEVELOPER
size_t slen;
#endif
const char *OIDs_krb5[] = {OID_KERBEROS5,
OID_KERBEROS5_OLD,
OID_NTLMSSP,
NULL};
const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
sconn->smb1.negprot.spnego = true;
/* strangely enough, NT does not sent the single OID NTLMSSP when
not a ADS member, it sends no OIDs at all
OLD COMMENT : "we can't do this until we teach our sesssion setup parser to know
about raw NTLMSSP (clients send no ASN.1 wrapping if we do this)"
Our sessionsetup code now handles raw NTLMSSP connects, so we can go
back to doing what W2K3 does here. This is needed to make PocketPC 2003
CIFS connections work with SPNEGO. See bugzilla bugs #1828 and #3133
for details. JRA.
*/
if (lp_security() != SEC_ADS && !USE_KERBEROS_KEYTAB) {
#if 0
/* Code for PocketPC client */
blob = data_blob(guid, 16);
#else
/* Code for standalone WXP client */
blob = spnego_gen_negTokenInit(ctx, OIDs_ntlm, NULL, "NONE");
#endif
} else if (!lp_send_spnego_principal()) {
/* By default, Windows 2008 and later sends [email protected]_ignore */
blob = spnego_gen_negTokenInit(ctx, OIDs_krb5, NULL, ADS_IGNORE_PRINCIPAL);
} else {
fstring myname;
char *host_princ_s = NULL;
name_to_fqdn(myname, global_myname());
strlower_m(myname);
if (asprintf(&host_princ_s, "cifs/%[email protected]%s", myname, lp_realm())
== -1) {
return data_blob_null;
}
blob = spnego_gen_negTokenInit(ctx, OIDs_krb5, NULL, host_princ_s);
SAFE_FREE(host_princ_s);
}
if (blob.length == 0 || blob.data == NULL) {
return data_blob_null;
}
blob_out = data_blob_talloc(ctx, NULL, 16 + blob.length);
if (blob_out.data == NULL) {
data_blob_free(&blob);
return data_blob_null;
}
memset(blob_out.data, '\0', 16);
safe_strcpy(unix_name, global_myname(), sizeof(unix_name)-1);
strlower_m(unix_name);
push_ascii_nstring(dos_name, unix_name);
strlcpy((char *)blob_out.data, dos_name, 17);
#ifdef DEVELOPER
/* Fix valgrind 'uninitialized bytes' issue. */
slen = strlen(dos_name);
if (slen < 16) {
memset(blob_out.data+slen, '\0', 16 - slen);
}
#endif
memcpy(&blob_out.data[16], blob.data, blob.length);
data_blob_free(&blob);
return blob_out;
}
开发者ID:Alexandr-Galko,项目名称:samba,代码行数:84,代码来源:negprot.c
示例15: manage_gss_spnego_request
static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode,
char *buf, int length)
{
static NTLMSSP_STATE *ntlmssp_state = NULL;
SPNEGO_DATA request, response;
DATA_BLOB token;
NTSTATUS status;
ssize_t len;
char *user = NULL;
char *domain = NULL;
const char *reply_code;
char *reply_base64;
pstring reply_argument;
if (strlen(buf) < 2) {
DEBUG(1, ("SPENGO query [%s] invalid", buf));
x_fprintf(x_stdout, "BH\n");
return;
}
if (strncmp(buf, "YR", 2) == 0) {
if (ntlmssp_state)
ntlmssp_end(&ntlmssp_state);
} else if (strncmp(buf, "KK", 2) == 0) {
} else {
DEBUG(1, ("SPENGO query [%s] invalid", buf));
x_fprintf(x_stdout, "BH\n");
return;
}
if ( (strlen(buf) == 2)) {
/* no client data, get the negTokenInit offering
mechanisms */
offer_gss_spnego_mechs();
return;
}
/* All subsequent requests have a blob. This might be negTokenInit or negTokenTarg */
if (strlen(buf) <= 3) {
DEBUG(1, ("GSS-SPNEGO query [%s] invalid\n", buf));
x_fprintf(x_stdout, "BH\n");
return;
}
token = base64_decode_data_blob(buf + 3);
len = read_spnego_data(token, &request);
data_blob_free(&token);
if (len == -1) {
DEBUG(1, ("GSS-SPNEGO query [%s] invalid", buf));
x_fprintf(x_stdout, "BH\n");
return;
}
if (request.type == SPNEGO_NEG_TOKEN_INIT) {
/* Second request from Client. This is where the
client offers its mechanism to use. */
if ( (request.negTokenInit.mechTypes == NULL) ||
(request.negTokenInit.mechTypes[0] == NULL) ) {
DEBUG(1, ("Client did not offer any mechanism"));
x_fprintf(x_stdout, "BH\n");
return;
}
status = NT_STATUS_UNSUCCESSFUL;
if (strcmp(request.negTokenInit.mechTypes[0], OID_NTLMSSP) == 0) {
if ( request.negTokenInit.mechToken.data == NULL ) {
DEBUG(1, ("Client did not provide NTLMSSP data\n"));
x_fprintf(x_stdout, "BH\n");
return;
}
if ( ntlmssp_state != NULL ) {
DEBUG(1, ("Client wants a new NTLMSSP challenge, but "
"already got one\n"));
x_fprintf(x_stdout, "BH\n");
ntlmssp_end(&ntlmssp_state);
return;
}
if (!NT_STATUS_IS_OK(status = ntlm_auth_start_ntlmssp_server(&ntlmssp_state))) {
x_fprintf(x_stdout, "BH %s\n", nt_errstr(status));
return;
}
DEBUG(10, ("got NTLMSSP packet:\n"));
dump_data(10, (const char *)request.negTokenInit.mechToken.data,
request.negTokenInit.mechToken.length);
response.type = SPNEGO_NEG_TOKEN_TARG;
response.negTokenTarg.supportedMech = SMB_STRDUP(OID_NTLMSSP);
//.........这里部分代码省略.........
开发者ID:DeezNuts12,项目名称:freestyledash,代码行数:101,代码来源:ntlm_auth.c
示例16: test_plaintext
static bool test_plaintext(enum ntlm_break break_which)
{
NTSTATUS nt_status;
uint32 flags = 0;
DATA_BLOB nt_response = data_blob_null;
DATA_BLOB lm_response = data_blob_null;
char *password;
smb_ucs2_t *nt_response_ucs2;
size_t converted_size;
uchar user_session_key[16];
uchar lm_key[16];
static const uchar zeros[8] = { 0, };
DATA_BLOB chall = data_blob(zeros, sizeof(zeros));
char *error_string;
ZERO_STRUCT(user_session_key);
flags |= WBFLAG_PAM_LMKEY;
flags |= WBFLAG_PAM_USER_SESSION_KEY;
if (!push_ucs2_allocate(&nt_response_ucs2, opt_password,
&converted_size))
{
DEBUG(0, ("push_ucs2_allocate failed!\n"));
exit(1);
}
nt_response.data = (unsigned char *)nt_response_ucs2;
nt_response.length = strlen_w(nt_response_ucs2)*sizeof(smb_ucs2_t);
if ((password = strdup_upper(opt_password)) == NULL) {
DEBUG(0, ("strdup_upper failed!\n"));
exit(1);
}
if (!convert
|
客服电话
APP下载
官方微信
请发表评论