search for: blob_siz

...the HMAC on that xattr, plus other inode > > > > metadata. > > > > > > > > Allow all LSMs to provide one or multiple xattrs, by extending the security > > > > blob reservation mechanism. Introduce the new lbs_xattr field of the > > > > lsm_blob_sizes structure, so that each LSM can specify how many xattrs it > > > > needs, and the LSM infrastructure knows how many xattr slots it should > > > > allocate. > > > > > > > > Dynamically allocate the xattrs array to be populated by LSMs with the > &...

...us other inode > > > > > metadata. > > > > > > > > > > Allow all LSMs to provide one or multiple xattrs, by extending the security > > > > > blob reservation mechanism. Introduce the new lbs_xattr field of the > > > > > lsm_blob_sizes structure, so that each LSM can specify how many xattrs it > > > > > needs, and the LSM infrastructure knows how many xattr slots it should > > > > > allocate. > > > > > > > > > > Dynamically allocate the xattrs array to be populated by...

...attr and EVM calculating the HMAC on that xattr, plus other inode > > > metadata. > > > > > > Allow all LSMs to provide one or multiple xattrs, by extending the security > > > blob reservation mechanism. Introduce the new lbs_xattr field of the > > > lsm_blob_sizes structure, so that each LSM can specify how many xattrs it > > > needs, and the LSM infrastructure knows how many xattr slots it should > > > allocate. > > > > > > Dynamically allocate the xattrs array to be populated by LSMs with the > > > inode_init_...

..._old_inode_init_security() - Request LSMs to fill xattrs if only value (not the triple) is provided to security_old_inode_init_security(), to avoid unnecessary memory allocation v2: - rewrite selinux_old_inode_init_security() to use security_inode_init_security() - add lbs_xattr field to lsm_blob_sizes structure, to give the ability to LSMs to reserve slots in the xattr array (suggested by Casey) - add new parameter base_slot to inode_init_security hook definition v1: - add calls to reiserfs_security_free() and initialize sec->value to NULL (suggested by Tetsuo and Mimi) - change defini...

...dency comment in patch 1 (suggested by Mimi) - Restore check of -EOPNOTSUPP status in ocfs2_mknod() and ocfs2_symlink() (reported by Mimi) - Add explanation in evm_inode_init_security() why walking through the xattrs array is safe (suggested by Mimi) - Document the lbs_xattr field of struct lsm_blob_sizes (suggested by Casey) - Move documentation changes of the inode_init_security hook to security.c, after LSM documentation reorganization by Paul - Use attributes in plural form in the description of the xattrs parameter of smack_inode_init_security() - Check xattr name instead of xattr value...

...TLMSSP_HASH_SIZE, &hash_method_md5); hmac_md5_ucs2le_string_ucase(&ctx, user); if (target != NULL) hmac_md5_ucs2le_string_ucase(&ctx, target); - hmac_md5_final(&ctx, hash); + hmac_final(&ctx, hash); } void @@ -124,15 +125,15 @@ const unsigned char *blob, size_t blob_size, unsigned char response[NTLMSSP_V2_RESPONSE_SIZE]) { - struct hmac_md5_context ctx; + struct hmac_context ctx; unsigned char hash[NTLMSSP_V2_HASH_SIZE]; ntlm_v2_hash(user, target, hash_v1, hash); - hmac_md5_init(&ctx, hash, NTLMSSP_V2_HASH_SIZE); - hmac_md5_update(&ctx, cha...

...8, des_hash + 7, challenge); + deshash(response + 16, des_hash + 14, challenge); + + safe_memset(des_hash, 0, sizeof(des_hash)); } void @@ -131,4 +125,6 @@ ntlmssp_v2_response(const char *user, co hmac_md5_update(&ctx, challenge, NTLMSSP_CHALLENGE_SIZE); hmac_md5_update(&ctx, blob, blob_size); hmac_md5_final(&ctx, response); + + safe_memset(hash, 0, sizeof(hash)); } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <http://dovecot.org/pipermail/dovecot...