NTLMSSP fix for source4
Jeremy Allison
jra at samba.org
Wed May 19 13:47:03 MDT 2010
On Wed, May 19, 2010 at 11:20:57AM +1000, Andrew Bartlett wrote:
> On Tue, 2010-05-18 at 17:41 -0700, Jeremy Allison wrote:
> > On Wed, May 19, 2010 at 10:44:18AM +1000, Andrew Bartlett wrote:
> > > On Tue, 2010-05-18 at 16:55 -0700, Jeremy Allison wrote:
> > > > Andrew, please review and push. Same fix that
> > > > fixes the Microsoft torture tester I put into
> > > > source3.
> > >
> > > Don't we have a better explanation for the version than just a series of
> > > bytes? If not, we should get them from dochelp before we put yet
> > > another magic constant into the code.
> >
> > It's in the MS-NTLM doc.
> >
> > > Also, is this handled by the IDL parser? We want to move to it soon, so
> > > we need that updated as well.
> >
> > Yes, VERSION is handled in our idl.
>
> I think the correct fix is to then declare a struct VERSION, fill in the
> elements with the constants from ntlmssp.idl and then do an
> ndr_push_struct_blob. If VERSION isn't negotiated, then we should, as
> far as I can tell, be able to use the same msprc_gen call, but with a
> data_blob_null.
>
> You should be able to do the same in the source3 code, as we are trying
> hard to keep them identical, and they both have access to the same IDL.
>
> I hope this helps. I'm sorry for the extra work, but I really dislike
> unexplained magic constant byte arrays.
New version for source4 that matches what I've added to source3/libsmb/ntlmssp.c
Can you review and push please ?
I do have a problem in that I can't get the source4 build to
generate the ndr_push_VERSION() function from the modifications
to ntlmssp.idl that added [public] to the struct VERSION.
Doing a source3/ build creates ndr_push_VERSION() in
source3/librpc/gen_ndr/ndr_ntlmssp.c but I'm not sure
where this should go in the waf build.
Jeremy.
-------------- next part --------------
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index 8a8c579..7200fcd 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -199,23 +199,49 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
{
/* Marshal the packet in the right format, be it unicode or ASCII */
const char *gen_string;
+ DATA_BLOB version_blob = data_blob_null;
+
+ if (chal_flags & NTLMSSP_NEGOTIATE_VERSION) {
+ enum ndr_err_code err;
+ struct VERSION vers;
+
+ /* "What Windows returns" as a version number. */
+ ZERO_STRUCT(vers);
+ vers.ProductMajorVersion = NTLMSSP_WINDOWS_MAJOR_VERSION_6;
+ vers.ProductMinorVersion = NTLMSSP_WINDOWS_MINOR_VERSION_1;
+ vers.ProductBuild = 0;
+ vers.NTLMRevisionCurrent = NTLMSSP_REVISION_W2K3;
+
+ err = ndr_push_struct_blob(&version_blob,
+ ntlmssp_state,
+ &vers,
+ (ndr_push_flags_fn_t)ndr_push_VERSION);
+
+ if (err) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
if (ntlmssp_state->unicode) {
- gen_string = "CdUdbddB";
+ gen_string = "CdUdbddBb";
} else {
- gen_string = "CdAdbddB";
+ gen_string = "CdAdbddBb";
}
-
- msrpc_gen(out_mem_ctx,
+
+ msrpc_gen(out_mem_ctx,
out, gen_string,
- "NTLMSSP",
+ "NTLMSSP",
NTLMSSP_CHALLENGE,
target_name,
chal_flags,
cryptkey, 8,
0, 0,
- struct_blob.data, struct_blob.length);
+ struct_blob.data, struct_blob.length,
+ version_blob.data, version_blob.length);
+
+ data_blob_free(&version_blob);
}
-
+
ntlmssp_state->expected_state = NTLMSSP_AUTH;
return NT_STATUS_MORE_PROCESSING_REQUIRED;
More information about the samba-technical
mailing list