NTLMSSP fix for source4

[Jeremy Allison]

On Wed, May 19, 2010 at 11:20:57AM +1000, Andrew Bartlett wrote:
> On Tue, 2010-05-18 at 17:41 -0700, Jeremy Allison wrote:
> > On Wed, May 19, 2010 at 10:44:18AM +1000, Andrew Bartlett wrote:
> > > On Tue, 2010-05-18 at 16:55 -0700, Jeremy Allison wrote:
> > > > Andrew, please review and push. Same fix that
> > > > fixes the Microsoft torture tester I put into
> > > > source3.
> > > 
> > > Don't we have a better explanation for the version than just a series of
> > > bytes?  If not, we should get them from dochelp before we put yet
> > > another magic constant into the code. 
> > 
> > It's in the MS-NTLM doc. 
> > 
> > > Also, is this handled by the IDL parser?  We want to move to it soon, so
> > > we need that updated as well.
> > 
> > Yes, VERSION is handled in our idl.
> 
> I think the correct fix is to then declare a struct VERSION, fill in the
> elements with the constants from ntlmssp.idl and then do an
> ndr_push_struct_blob.  If VERSION isn't negotiated, then we should, as
> far as I can tell, be able to use the same msprc_gen call, but with a
> data_blob_null. 
> 
> You should be able to do the same in the source3 code, as we are trying
> hard to keep them identical, and they both have access to the same IDL.
> 
> I hope this helps.  I'm sorry for the extra work, but I really dislike
> unexplained magic constant byte arrays.

New version for source4 that matches what I've added to source3/libsmb/ntlmssp.c

Can you review and push please ?

I do have a problem in that I can't get the source4 build to
generate the ndr_push_VERSION() function from the modifications
to ntlmssp.idl that added [public] to the struct VERSION.

Doing a source3/ build creates ndr_push_VERSION() in
source3/librpc/gen_ndr/ndr_ntlmssp.c but I'm not sure
where this should go in the waf build.

Jeremy.

-------------- next part --------------
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index 8a8c579..7200fcd 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -199,23 +199,49 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
 	{
 		/* Marshal the packet in the right format, be it unicode or ASCII */
 		const char *gen_string;
+		DATA_BLOB version_blob = data_blob_null;
+
+		if (chal_flags & NTLMSSP_NEGOTIATE_VERSION) {
+			enum ndr_err_code err;
+			struct VERSION vers;
+
+			/* "What Windows returns" as a version number. */
+			ZERO_STRUCT(vers);
+			vers.ProductMajorVersion = NTLMSSP_WINDOWS_MAJOR_VERSION_6;
+			vers.ProductMinorVersion = NTLMSSP_WINDOWS_MINOR_VERSION_1;
+			vers.ProductBuild = 0;
+			vers.NTLMRevisionCurrent = NTLMSSP_REVISION_W2K3;
+
+			err = ndr_push_struct_blob(&version_blob,
+						ntlmssp_state,
+						&vers,
+						(ndr_push_flags_fn_t)ndr_push_VERSION);
+
+			if (err) {
+				return NT_STATUS_NO_MEMORY;
+			}
+		}
+
 		if (ntlmssp_state->unicode) {
-			gen_string = "CdUdbddB";
+			gen_string = "CdUdbddBb";
 		} else {
-			gen_string = "CdAdbddB";
+			gen_string = "CdAdbddBb";
 		}
-		
-		msrpc_gen(out_mem_ctx, 
+
+		msrpc_gen(out_mem_ctx,
 			  out, gen_string,
-			  "NTLMSSP", 
+			  "NTLMSSP",
 			  NTLMSSP_CHALLENGE,
 			  target_name,
 			  chal_flags,
 			  cryptkey, 8,
 			  0, 0,
-			  struct_blob.data, struct_blob.length);
+			  struct_blob.data, struct_blob.length,
+			  version_blob.data, version_blob.length);
+
+		data_blob_free(&version_blob);
 	}
-		
+
 	ntlmssp_state->expected_state = NTLMSSP_AUTH;
 
 	return NT_STATUS_MORE_PROCESSING_REQUIRED;