NTLMSSP SPNEGO session setup response patch...
Jim McDonough
jmcd at us.ibm.com
Wed Aug 14 13:17:00 GMT 2002
I thought I'd post this and let folks take a look. This is what I think
the correct response to the first spnego ntlmssp session setup request
should be...
retrieving revision 1.12
diff -u -r1.12 clispnego.c
--- libsmb/clispnego.c 26 May 2002 14:59:57 -0000 1.12
+++ libsmb/clispnego.c 14 Aug 2002 16:57:20 -0000
@@ -449,9 +449,11 @@
format specifiers are:
U = unicode string (input is unix string)
+ a = address (1 byte type, 1 byte length, unicode string, all inline)
B = data blob (pointer + length)
b = data blob in header (pointer + length)
- d = word (4 bytes)
+ D = word (4 bytes)
+ d = word in header( 4 bytes)
C = constant ascii string
*/
BOOL msrpc_gen(DATA_BLOB *blob,
@@ -473,6 +475,11 @@
head_size += 8;
data_size += str_charnum(s) * 2;
break;
+ case 'a':
+ n = va_arg(ap, int);
+ s = va_arg(ap, char *);
+ data_size += (str_charnum(s) * 2) + 4;
+ break;
case 'B':
b = va_arg(ap, uint8 *);
head_size += 8;
@@ -486,6 +493,10 @@
n = va_arg(ap, int);
head_size += 4;
break;
+ case 'D':
+ n = va_arg(ap, int);
+ data_size += 4;
+ break;
case 'C':
s = va_arg(ap, char *);
head_size += str_charnum(s) + 1;
@@ -512,6 +523,17 @@
push_string(NULL, blob->data+data_ofs, s, n*2, STR_UNICODE|STR_NOALIGN);
data_ofs += n*2;
break;
+ case 'a':
+ n = va_arg(ap, int);
+ SSVAL(blob->data, data_ofs, n); data_ofs += 2;
+ s = va_arg(ap, char *);
+ n = str_charnum(s);
+ SSVAL(blob->data, data_ofs, n*2); data_ofs += 2;
+ push_string(NULL, blob->data+data_ofs, s, n*2,
+ STR_UNICODE|STR_NOALIGN);
+ data_ofs += n*2;
+ break;
+
case 'B':
b = va_arg(ap, uint8 *);
n = va_arg(ap, int);
@@ -524,6 +546,10 @@
case 'd':
n = va_arg(ap, int);
SIVAL(blob->data, head_ofs, n); head_ofs += 4;
+ break;
+ case 'D':
+ n = va_arg(ap, int);
+ SIVAL(blob->data, data_ofs, n); data_ofs += 4;
break;
case 'b':
b = va_arg(ap, uint8 *);
diff -u -r1.62 sesssetup.c
--- smbd/sesssetup.c 11 Aug 2002 02:30:35 -0000 1.62
+++ smbd/sesssetup.c 14 Aug 2002 16:57:25 -0000
@@ -318,36 +318,39 @@
NTLMSSP_CHAL_TARGET_INFO;
{
- DATA_BLOB domain_blob, netbios_blob, realm_blob;
+ DATA_BLOB domain_blob, struct_blob;
+ fstring dnsname, dnsdomname;
msrpc_gen(&domain_blob,
"U",
lp_workgroup());
- msrpc_gen(&netbios_blob,
- "U",
- global_myname);
-
- msrpc_gen(&realm_blob,
- "U",
- lp_realm());
-
+ fstrcpy(dnsdomname, lp_realm());
+ strlower(dnsdomname);
+
+ fstrcpy(dnsname, global_myname);
+ fstrcat(dnsname, ".");
+ fstrcat(dnsname, lp_realm());
+ strlower(dnsname);
+
+ msrpc_gen(&struct_blob, "aaaaD",
+ 2, lp_workgroup(),
+ 1, global_myname,
+ 4, dnsdomname,
+ 3, dnsname,
+ 0);
- msrpc_gen(&chal, "CddddbBBBB",
+ msrpc_gen(&chal, "CdUdbddB",
"NTLMSSP",
NTLMSSP_CHALLENGE,
- 0,
- 0x30, /* ?? */
+ lp_workgroup(),
chal_flags,
cryptkey, 8,
- domain_blob.data, domain_blob.length,
- domain_blob.data, domain_blob.length,
- netbios_blob.data, netbios_blob.length,
- realm_blob.data, realm_blob.length);
+ 0, 0,
+ struct_blob.data, struct_blob.length);
data_blob_free(&domain_blob);
- data_blob_free(&netbios_blob);
- data_blob_free(&realm_blob);
+ data_blob_free(&struct_blob);
}
if (!spnego_gen_challenge(&spnego_chal, &chal, &chal)) {
----------------------------
Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074
USA
jmcd at us.ibm.com
jmcd at samba.org
Phone: (207) 885-5565
IBM tie-line: 776-9984
More information about the samba-technical
mailing list