[SCM] Samba Shared Repository - branch master updated
Michael Adam
obnox at samba.org
Thu Mar 19 05:06:04 MDT 2015
The branch, master has been updated
via ffe3394 s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields.
via 5137af5 s4: lib: auth: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields.
from 677da99 Update update-external.sh to use mirrors of third party projects on git.samba.org.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ffe33940faa6fb762fd2483f0245448b0434be00
Author: Jeremy Allison <jra at samba.org>
Date: Mon Mar 9 14:27:43 2015 -0700
s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields.
Packet traces showing such servers are found in the bug this fixes:
https://bugzilla.samba.org/show_bug.cgi?id=10016
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Thu Mar 19 12:05:56 CET 2015 on sn-devel-104
commit 5137af570d8a173d7775754ad2e60d6d8efbe3a2
Author: Jeremy Allison <jra at samba.org>
Date: Mon Mar 9 14:21:22 2015 -0700
s4: lib: auth: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields.
Packet traces showing such servers are found in the bug this fixes:
https://bugzilla.samba.org/show_bug.cgi?id=10016
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/ntlmssp/ntlmssp_client.c | 40 ++++++++++++++++++++++++++++++++++++----
source3/libsmb/ntlmssp.c | 38 +++++++++++++++++++++++++++++++++++---
2 files changed, 71 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index f99257d..d8531e4c 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -132,12 +132,13 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
talloc_get_type_abort(gensec_security->private_data,
struct gensec_ntlmssp_context);
struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
- uint32_t chal_flags, ntlmssp_command, unkn1, unkn2;
+ uint32_t chal_flags, ntlmssp_command, unkn1 = 0, unkn2 = 0;
DATA_BLOB server_domain_blob;
DATA_BLOB challenge_blob;
DATA_BLOB target_info = data_blob(NULL, 0);
char *server_domain;
const char *chal_parse_string;
+ const char *chal_parse_string_short = NULL;
const char *auth_gen_string;
DATA_BLOB lm_response = data_blob(NULL, 0);
DATA_BLOB nt_response = data_blob(NULL, 0);
@@ -178,6 +179,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
chal_parse_string = "CdUdbddB";
} else {
chal_parse_string = "CdUdbdd";
+ chal_parse_string_short = "CdUdb";
}
auth_gen_string = "CdBBUUUBd";
} else {
@@ -185,6 +187,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
chal_parse_string = "CdAdbddB";
} else {
chal_parse_string = "CdAdbdd";
+ chal_parse_string_short = "CdAdb";
}
auth_gen_string = "CdBBAAABd";
@@ -199,10 +202,39 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
&challenge_blob, 8,
&unkn1, &unkn2,
&target_info)) {
+
+ bool ok = false;
+
DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#2)\n"));
- dump_data(2, in.data, in.length);
- talloc_free(mem_ctx);
- return NT_STATUS_INVALID_PARAMETER;
+
+ if (chal_parse_string_short != NULL) {
+ /*
+ * In the case where NTLMSSP_NEGOTIATE_TARGET_INFO
+ * is not used, some NTLMSSP servers don't return
+ * the unused unkn1 and unkn2 fields.
+ * See bug:
+ * https://bugzilla.samba.org/show_bug.cgi?id=10016
+ * for packet traces.
+ * Try and parse again without them.
+ */
+ ok = msrpc_parse(mem_ctx,
+ &in, chal_parse_string_short,
+ "NTLMSSP",
+ &ntlmssp_command,
+ &server_domain,
+ &chal_flags,
+ &challenge_blob, 8);
+ if (!ok) {
+ DEBUG(1, ("Failed to short parse "
+ "the NTLMSSP Challenge: (#2)\n"));
+ }
+ }
+
+ if (!ok) {
+ dump_data(2, in.data, in.length);
+ talloc_free(mem_ctx);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
}
if (chal_flags & NTLMSSP_TARGET_TYPE_SERVER) {
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 617b34b..e661aeb 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -359,12 +359,13 @@ static NTSTATUS ntlmssp3_client_challenge(struct ntlmssp_state *ntlmssp_state,
TALLOC_CTX *out_mem_ctx, /* Unused at this time */
const DATA_BLOB reply, DATA_BLOB *next_request)
{
- uint32_t chal_flags, ntlmssp_command, unkn1, unkn2;
+ uint32_t chal_flags, ntlmssp_command, unkn1 = 0, unkn2 = 0;
DATA_BLOB server_domain_blob;
DATA_BLOB challenge_blob;
DATA_BLOB struct_blob = data_blob_null;
char *server_domain;
const char *chal_parse_string;
+ const char *chal_parse_string_short = NULL;
const char *auth_gen_string;
DATA_BLOB lm_response = data_blob_null;
DATA_BLOB nt_response = data_blob_null;
@@ -474,6 +475,7 @@ noccache:
chal_parse_string = "CdUdbddB";
} else {
chal_parse_string = "CdUdbdd";
+ chal_parse_string_short = "CdUdb";
}
auth_gen_string = "CdBBUUUBd";
} else {
@@ -481,6 +483,7 @@ noccache:
chal_parse_string = "CdAdbddB";
} else {
chal_parse_string = "CdAdbdd";
+ chal_parse_string_short = "CdAdb";
}
auth_gen_string = "CdBBAAABd";
@@ -497,9 +500,38 @@ noccache:
&challenge_blob, 8,
&unkn1, &unkn2,
&struct_blob)) {
+
+ bool ok = false;
+
DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#2)\n"));
- dump_data(2, reply.data, reply.length);
- return NT_STATUS_INVALID_PARAMETER;
+
+ if (chal_parse_string_short != NULL) {
+ /*
+ * In the case where NTLMSSP_NEGOTIATE_TARGET_INFO
+ * is not used, some NTLMSSP servers don't return
+ * the unused unkn1 and unkn2 fields.
+ * See bug:
+ * https://bugzilla.samba.org/show_bug.cgi?id=10016
+ * for packet traces.
+ * Try and parse again without them.
+ */
+ ok = msrpc_parse(ntlmssp_state, &reply,
+ chal_parse_string_short,
+ "NTLMSSP",
+ &ntlmssp_command,
+ &server_domain,
+ &chal_flags,
+ &challenge_blob, 8);
+ if (!ok) {
+ DEBUG(1, ("Failed to short parse "
+ "the NTLMSSP Challenge: (#2)\n"));
+ }
+ }
+
+ if (!ok) {
+ dump_data(2, reply.data, reply.length);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
}
if (chal_flags & NTLMSSP_TARGET_TYPE_SERVER) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list