[PATCH]: Samba4: Bug in ntlm_auth's ntlmssp-client-1 mode
Kai Blin
k.blin at gmx.net
Sat Aug 27 01:17:15 GMT 2005
* Kai Blin <k.blin at gmx.net> [23/08/05, 20:16:59]:
> > When running it with ntlm_auth --helper-protocol=ntlmssp-client-1
> > --password=testpass --domain=NOWHERE --username=$USER
> >
> > If lenght of $USER % 3 is 0, ntlm_auth v4 returns the same lenght of
> > base64 blob as v3. This seems to be correct.
> >
> > If lenght of $USER % 3 is 1, the response is one character short,
> > resulting in an invalid base64 blob.
> >
> > If lenght of $USER % 3 is 2, the response is one character too long,
> > also resulting in an invalid base64 blob.
> >
> > This behaviour seems to change in offset if the lenght of the domain
> > name changes.
>
> Yes, it looks like if $DOMAIN + $USER % 3 == 1 the length of the base64
> blob is ok.
As it was I located the error myself. See the attached patch.
Cheers,
Kai
--
Kai Blin, private email
BOFH excuse #13:
we're waiting for [the phone company] to fix that line
-------------- next part --------------
Index: source/lib/ldb/common/ldb_ldif.c
===================================================================
--- source/lib/ldb/common/ldb_ldif.c (revision 9670)
+++ source/lib/ldb/common/ldb_ldif.c (working copy)
@@ -155,10 +155,10 @@
const char *b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
int bit_offset, byte_offset, idx, i;
const uint8_t *d = (const uint8_t *)buf;
- int bytes = (len*8 + 5)/6;
+ int bytes = (len*8 + 5)/6, pad_bytes = (bytes % 4) ? 4 - (bytes % 4) : 0;
char *out;
- out = talloc_array(mem_ctx, char, bytes+2);
+ out = talloc_array(mem_ctx, char, bytes+pad_bytes+1);
if (!out) return NULL;
for (i=0;i<bytes;i++) {
@@ -175,7 +175,8 @@
out[i] = b64[idx];
}
- out[i++] = '=';
+ for (;i<bytes+pad_bytes;i++)
+ out[i] = '=';
out[i] = 0;
return out;
More information about the samba-technical
mailing list