Attachment 10891 Details for Bug 10016 – git-am cherry-pick from master for 4.2.next, 4.1.next, 4.0.next.

[patch] git-am cherry-pick from master for 4.2.next, 4.1.next, 4.0.next.

bug-10016 (text/plain), 6.26 KB, created by Jeremy Allison on 2015-03-19 16:46:31 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jeremy Allison

Created: 2015-03-19 16:46:31 UTC

Size: 6.26 KB

patch

obsolete

>From 292601f44d47794ac1866c72c53852fa69199062 Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Mon, 9 Mar 2015 14:21:22 -0700
>Subject: [PATCH 1/2] s4: lib: auth: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't
> set, cope with servers that don't send the 2 unused fields.
>
>Packet traces showing such servers are found in the bug this fixes:
>
>https://bugzilla.samba.org/show_bug.cgi?id=10016
>
>Signed-off-by: Jeremy Allison <jra@samba.org>
>Reviewed-by: Michael Adam <obnox@samba.org>
>(cherry picked from commit 5137af570d8a173d7775754ad2e60d6d8efbe3a2)
>---
> auth/ntlmssp/ntlmssp_client.c | 40 ++++++++++++++++++++++++++++++++++++----
> 1 file changed, 36 insertions(+), 4 deletions(-)
>
>diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
>index f99257d..d8531e4c 100644
>--- a/auth/ntlmssp/ntlmssp_client.c
>+++ b/auth/ntlmssp/ntlmssp_client.c
>@@ -132,12 +132,13 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
> 		talloc_get_type_abort(gensec_security->private_data,
> 				      struct gensec_ntlmssp_context);
> 	struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
>-	uint32_t chal_flags, ntlmssp_command, unkn1, unkn2;
>+	uint32_t chal_flags, ntlmssp_command, unkn1 = 0, unkn2 = 0;
> 	DATA_BLOB server_domain_blob;
> 	DATA_BLOB challenge_blob;
> 	DATA_BLOB target_info = data_blob(NULL, 0);
> 	char *server_domain;
> 	const char *chal_parse_string;
>+	const char *chal_parse_string_short = NULL;
> 	const char *auth_gen_string;
> 	DATA_BLOB lm_response = data_blob(NULL, 0);
> 	DATA_BLOB nt_response = data_blob(NULL, 0);
>@@ -178,6 +179,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
> 			chal_parse_string = "CdUdbddB";
> 		} else {
> 			chal_parse_string = "CdUdbdd";
>+			chal_parse_string_short = "CdUdb";
> 		}
> 		auth_gen_string = "CdBBUUUBd";
> 	} else {
>@@ -185,6 +187,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
> 			chal_parse_string = "CdAdbddB";
> 		} else {
> 			chal_parse_string = "CdAdbdd";
>+			chal_parse_string_short = "CdAdb";
> 		}
> 
> 		auth_gen_string = "CdBBAAABd";
>@@ -199,10 +202,39 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
> 			 &challenge_blob, 8,
> 			 &unkn1, &unkn2,
> 			 &target_info)) {
>+
>+		bool ok = false;
>+
> 		DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#2)\n"));
>-		dump_data(2, in.data, in.length);
>-		talloc_free(mem_ctx);
>-		return NT_STATUS_INVALID_PARAMETER;
>+
>+		if (chal_parse_string_short != NULL) {
>+			/*
>+			 * In the case where NTLMSSP_NEGOTIATE_TARGET_INFO
>+			 * is not used, some NTLMSSP servers don't return
>+			 * the unused unkn1 and unkn2 fields.
>+			 * See bug:
>+			 * https://bugzilla.samba.org/show_bug.cgi?id=10016
>+			 * for packet traces.
>+			 * Try and parse again without them.
>+			 */
>+			ok = msrpc_parse(mem_ctx,
>+				&in, chal_parse_string_short,
>+				"NTLMSSP",
>+				&ntlmssp_command,
>+				&server_domain,
>+				&chal_flags,
>+				&challenge_blob, 8);
>+			if (!ok) {
>+				DEBUG(1, ("Failed to short parse "
>+					"the NTLMSSP Challenge: (#2)\n"));
>+			}
>+		}
>+
>+		if (!ok) {
>+			dump_data(2, in.data, in.length);
>+			talloc_free(mem_ctx);
>+			return NT_STATUS_INVALID_PARAMETER;
>+		}
> 	}
> 
> 	if (chal_flags & NTLMSSP_TARGET_TYPE_SERVER) {
>-- 
>2.2.0.rc0.207.ga3a616c
>
>
>From fdee1f79bf5ee477eec5ee47bc6ce25bbbe2c98a Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Mon, 9 Mar 2015 14:27:43 -0700
>Subject: [PATCH 2/2] s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't
> set, cope with servers that don't send the 2 unused fields.
>
>Packet traces showing such servers are found in the bug this fixes:
>
>https://bugzilla.samba.org/show_bug.cgi?id=10016
>
>Signed-off-by: Jeremy Allison <jra@samba.org>
>Reviewed-by: Michael Adam <obnox@samba.org>
>
>Autobuild-User(master): Michael Adam <obnox@samba.org>
>Autobuild-Date(master): Thu Mar 19 12:05:56 CET 2015 on sn-devel-104
>
>(cherry picked from commit ffe33940faa6fb762fd2483f0245448b0434be00)
>---
> source3/libsmb/ntlmssp.c | 38 +++++++++++++++++++++++++++++++++++---
> 1 file changed, 35 insertions(+), 3 deletions(-)
>
>diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
>index 617b34b..e661aeb 100644
>--- a/source3/libsmb/ntlmssp.c
>+++ b/source3/libsmb/ntlmssp.c
>@@ -359,12 +359,13 @@ static NTSTATUS ntlmssp3_client_challenge(struct ntlmssp_state *ntlmssp_state,
> 				         TALLOC_CTX *out_mem_ctx, /* Unused at this time */
> 					 const DATA_BLOB reply, DATA_BLOB *next_request)
> {
>-	uint32_t chal_flags, ntlmssp_command, unkn1, unkn2;
>+	uint32_t chal_flags, ntlmssp_command, unkn1 = 0, unkn2 = 0;
> 	DATA_BLOB server_domain_blob;
> 	DATA_BLOB challenge_blob;
> 	DATA_BLOB struct_blob = data_blob_null;
> 	char *server_domain;
> 	const char *chal_parse_string;
>+	const char *chal_parse_string_short = NULL;
> 	const char *auth_gen_string;
> 	DATA_BLOB lm_response = data_blob_null;
> 	DATA_BLOB nt_response = data_blob_null;
>@@ -474,6 +475,7 @@ noccache:
> 			chal_parse_string = "CdUdbddB";
> 		} else {
> 			chal_parse_string = "CdUdbdd";
>+			chal_parse_string_short = "CdUdb";
> 		}
> 		auth_gen_string = "CdBBUUUBd";
> 	} else {
>@@ -481,6 +483,7 @@ noccache:
> 			chal_parse_string = "CdAdbddB";
> 		} else {
> 			chal_parse_string = "CdAdbdd";
>+			chal_parse_string_short = "CdAdb";
> 		}
> 
> 		auth_gen_string = "CdBBAAABd";
>@@ -497,9 +500,38 @@ noccache:
> 			 &challenge_blob, 8,
> 			 &unkn1, &unkn2,
> 			 &struct_blob)) {
>+
>+		bool ok = false;
>+
> 		DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#2)\n"));
>-		dump_data(2, reply.data, reply.length);
>-		return NT_STATUS_INVALID_PARAMETER;
>+
>+		if (chal_parse_string_short != NULL) {
>+			/*
>+			 * In the case where NTLMSSP_NEGOTIATE_TARGET_INFO
>+			 * is not used, some NTLMSSP servers don't return
>+			 * the unused unkn1 and unkn2 fields.
>+			 * See bug:
>+			 * https://bugzilla.samba.org/show_bug.cgi?id=10016
>+			 * for packet traces.
>+			 * Try and parse again without them.
>+			 */
>+			ok = msrpc_parse(ntlmssp_state, &reply,
>+				chal_parse_string_short,
>+				"NTLMSSP",
>+				&ntlmssp_command,
>+				&server_domain,
>+				&chal_flags,
>+				&challenge_blob, 8);
>+			if (!ok) {
>+				DEBUG(1, ("Failed to short parse "
>+					"the NTLMSSP Challenge: (#2)\n"));
>+			}
>+		}
>+
>+		if (!ok) {
>+			dump_data(2, reply.data, reply.length);
>+			return NT_STATUS_INVALID_PARAMETER;
>+		}
> 	}
> 
> 	if (chal_flags & NTLMSSP_TARGET_TYPE_SERVER) {
>-- 
>2.2.0.rc0.207.ga3a616c
>

Flags:

obnox: review+

Actions: View

Attachments on bug 10016: 10817 | 10818 | 10834 | 10891