smbclient 3.5 can't connect to a Windows 7 server using NTLMv2 where smbclient 3.3, 3.4 and 3.6 can
Jeremy Allison
jra at samba.org
Thu Aug 23 17:09:08 MDT 2012
On Fri, Aug 24, 2012 at 08:26:13AM +1000, Andrew Bartlett wrote:
>
> Thanks for looking at this Jeremy. I agree, we should remove the 'upper'
> parameter. Just move the upper-casing to ntlm_check.c:366 and keep our
> crypto code to crypto. That this was done at this layer was when it
> made sense to upper case the UCS2 version of the string, which we don't
> do any more.
Fix currently in autobuild. I'll create a bug for 3.6.next and 3.5.next
and do the back-ports tomorrow.
Cheers,
Jeremy.
-------------- next part --------------
>From e561e913c0ea0b71252136ebd19083a1280c3970 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 23 Aug 2012 15:46:16 -0700
Subject: [PATCH 1/3] Move uppercasing the domain out of
smb_pwd_check_ntlmv2()
Allows us to remove a silly bool parameter.
Based on work done by "Blohm, Guntram (I/FP-37, extern)" <extern.guntram.blohm at audi.de>.
---
libcli/auth/ntlm_check.c | 21 ++++++++++++++-------
1 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c
index 9520d32..3ce0828 100644
--- a/libcli/auth/ntlm_check.c
+++ b/libcli/auth/ntlm_check.c
@@ -297,6 +297,11 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
{
const static uint8_t zeros[8];
DATA_BLOB tmp_sess_key;
+ const char *upper_client_domain = talloc_strdup_upper(mem_ctx, client_domain);
+
+ if (upper_client_domain == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
if (stored_nt == NULL) {
DEBUG(3,("ntlm_password_check: NO NT password stored for user %s.\n",
@@ -363,13 +368,14 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
- DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", client_domain));
+ DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n",
+ upper_client_domain));
if (smb_pwd_check_ntlmv2(mem_ctx,
nt_response,
stored_nt->hash, challenge,
client_username,
- client_domain,
- true,
+ upper_client_domain,
+ false,
user_sess_key)) {
if (user_sess_key->length) {
*lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length));
@@ -501,13 +507,14 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
- DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n", client_domain));
+ DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n",
+ upper_client_domain));
if (smb_pwd_check_ntlmv2(mem_ctx,
lm_response,
stored_nt->hash, challenge,
client_username,
- client_domain,
- true,
+ upper_client_domain,
+ false,
&tmp_sess_key)) {
if (nt_response->length > 24) {
/* If NTLMv2 authentication has preceeded us
@@ -518,7 +525,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
nt_response,
stored_nt->hash, challenge,
client_username,
- client_domain,
+ upper_client_domain,
true,
user_sess_key);
} else {
--
1.7.7.3
>From e87fa5154e982f9baaf8a28bfbf3d1f32aefe284 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 23 Aug 2012 15:59:54 -0700
Subject: [PATCH 2/3] Remove useless bool "upper_case_domain" parameter.
---
libcli/auth/ntlm_check.c | 15 ++-------------
1 files changed, 2 insertions(+), 13 deletions(-)
diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c
index 3ce0828..2c841c3 100644
--- a/libcli/auth/ntlm_check.c
+++ b/libcli/auth/ntlm_check.c
@@ -87,7 +87,6 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
const uint8_t *part_passwd,
const DATA_BLOB *sec_blob,
const char *user, const char *domain,
- bool upper_case_domain, /* should the domain be transformed into upper case? */
DATA_BLOB *user_sess_key)
{
/* Finish the encryption of part_passwd. */
@@ -122,7 +121,7 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
but for NTLMv2 it is meant to contain the current time etc.
*/
- if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) {
+ if (!ntv2_owf_gen(part_passwd, user, domain, false, kr)) {
return false;
}
@@ -161,7 +160,6 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx,
const uint8_t *part_passwd,
const DATA_BLOB *sec_blob,
const char *user, const char *domain,
- bool upper_case_domain, /* should the domain be transformed into upper case? */
DATA_BLOB *user_sess_key)
{
/* Finish the encryption of part_passwd. */
@@ -192,7 +190,7 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx,
client_key_data = data_blob_talloc(mem_ctx, ntv2_response->data+16, ntv2_response->length-16);
- if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) {
+ if (!ntv2_owf_gen(part_passwd, user, domain, false, kr)) {
return false;
}
@@ -360,7 +358,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
stored_nt->hash, challenge,
client_username,
client_domain,
- false,
user_sess_key)) {
if (user_sess_key->length) {
*lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length));
@@ -375,7 +372,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
stored_nt->hash, challenge,
client_username,
upper_client_domain,
- false,
user_sess_key)) {
if (user_sess_key->length) {
*lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length));
@@ -389,7 +385,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
stored_nt->hash, challenge,
client_username,
"",
- false,
user_sess_key)) {
if (user_sess_key->length) {
*lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length));
@@ -483,7 +478,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
stored_nt->hash, challenge,
client_username,
client_domain,
- false,
&tmp_sess_key)) {
if (nt_response->length > 24) {
/* If NTLMv2 authentication has preceeded us
@@ -495,7 +489,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
stored_nt->hash, challenge,
client_username,
client_domain,
- false,
user_sess_key);
} else {
/* Otherwise, use the LMv2 session key */
@@ -514,7 +507,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
stored_nt->hash, challenge,
client_username,
upper_client_domain,
- false,
&tmp_sess_key)) {
if (nt_response->length > 24) {
/* If NTLMv2 authentication has preceeded us
@@ -526,7 +518,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
stored_nt->hash, challenge,
client_username,
upper_client_domain,
- true,
user_sess_key);
} else {
/* Otherwise, use the LMv2 session key */
@@ -544,7 +535,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
stored_nt->hash, challenge,
client_username,
"",
- false,
&tmp_sess_key)) {
if (nt_response->length > 24) {
/* If NTLMv2 authentication has preceeded us
@@ -556,7 +546,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
stored_nt->hash, challenge,
client_username,
"",
- false,
user_sess_key);
} else {
/* Otherwise, use the LMv2 session key */
--
1.7.7.3
>From 0b644ee318454345288cf1df207b443347431090 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Thu, 23 Aug 2012 16:02:09 -0700
Subject: [PATCH 3/3] Remove useless bool "upper_case_domain" parameter from
ntv2_owf_gen().
The code in SMBNTLMv2encrypt_hash() should not be requesting case
changes on the domain name.
---
libcli/auth/ntlm_check.c | 4 ++--
libcli/auth/proto.h | 1 -
libcli/auth/smbencrypt.c | 11 +----------
3 files changed, 3 insertions(+), 13 deletions(-)
diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c
index 2c841c3..bbec8d5 100644
--- a/libcli/auth/ntlm_check.c
+++ b/libcli/auth/ntlm_check.c
@@ -121,7 +121,7 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
but for NTLMv2 it is meant to contain the current time etc.
*/
- if (!ntv2_owf_gen(part_passwd, user, domain, false, kr)) {
+ if (!ntv2_owf_gen(part_passwd, user, domain, kr)) {
return false;
}
@@ -190,7 +190,7 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx,
client_key_data = data_blob_talloc(mem_ctx, ntv2_response->data+16, ntv2_response->length-16);
- if (!ntv2_owf_gen(part_passwd, user, domain, false, kr)) {
+ if (!ntv2_owf_gen(part_passwd, user, domain, kr)) {
return false;
}
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 3d05474..37c87b4 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -109,7 +109,6 @@ bool E_deshash(const char *passwd, uint8_t p16[16]);
void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], uint8_t p16[16]);
bool ntv2_owf_gen(const uint8_t owf[16],
const char *user_in, const char *domain_in,
- bool upper_case_domain, /* Transform the domain into UPPER case */
uint8_t kr_buf[16]);
void SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]);
void SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p24);
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index 37d5672..372ef01 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -185,7 +185,6 @@ void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], uint8_t p16[16])
/* Does both the NTLMv2 owfs of a user's password */
bool ntv2_owf_gen(const uint8_t owf[16],
const char *user_in, const char *domain_in,
- bool upper_case_domain, /* Transform the domain into UPPER case */
uint8_t kr_buf[16])
{
smb_ucs2_t *user;
@@ -215,14 +214,6 @@ bool ntv2_owf_gen(const uint8_t owf[16],
return false;
}
- if (upper_case_domain) {
- domain_in = strupper_talloc(mem_ctx, domain_in);
- if (domain_in == NULL) {
- talloc_free(mem_ctx);
- return false;
- }
- }
-
ret = push_ucs2_talloc(mem_ctx, &user, user_in, &user_byte_len );
if (!ret) {
DEBUG(0, ("push_uss2_talloc() for user failed)\n"));
@@ -498,7 +489,7 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx,
the username and domain.
This prevents username swapping during the auth exchange
*/
- if (!ntv2_owf_gen(nt_hash, user, domain, true, ntlm_v2_hash)) {
+ if (!ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash)) {
return false;
}
--
1.7.7.3
More information about the samba-technical
mailing list