The Samba-Bugzilla – Attachment 10891 Details for
Bug 10016
NTLM authentication fails.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am cherry-pick from master for 4.2.next, 4.1.next, 4.0.next.
bug-10016 (text/plain), 6.26 KB, created by
Jeremy Allison
on 2015-03-19 16:46:31 UTC
(
hide
)
Description:
git-am cherry-pick from master for 4.2.next, 4.1.next, 4.0.next.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2015-03-19 16:46:31 UTC
Size:
6.26 KB
patch
obsolete
>From 292601f44d47794ac1866c72c53852fa69199062 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Mon, 9 Mar 2015 14:21:22 -0700 >Subject: [PATCH 1/2] s4: lib: auth: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't > set, cope with servers that don't send the 2 unused fields. > >Packet traces showing such servers are found in the bug this fixes: > >https://bugzilla.samba.org/show_bug.cgi?id=10016 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Michael Adam <obnox@samba.org> >(cherry picked from commit 5137af570d8a173d7775754ad2e60d6d8efbe3a2) >--- > auth/ntlmssp/ntlmssp_client.c | 40 ++++++++++++++++++++++++++++++++++++---- > 1 file changed, 36 insertions(+), 4 deletions(-) > >diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c >index f99257d..d8531e4c 100644 >--- a/auth/ntlmssp/ntlmssp_client.c >+++ b/auth/ntlmssp/ntlmssp_client.c >@@ -132,12 +132,13 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, > talloc_get_type_abort(gensec_security->private_data, > struct gensec_ntlmssp_context); > struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state; >- uint32_t chal_flags, ntlmssp_command, unkn1, unkn2; >+ uint32_t chal_flags, ntlmssp_command, unkn1 = 0, unkn2 = 0; > DATA_BLOB server_domain_blob; > DATA_BLOB challenge_blob; > DATA_BLOB target_info = data_blob(NULL, 0); > char *server_domain; > const char *chal_parse_string; >+ const char *chal_parse_string_short = NULL; > const char *auth_gen_string; > DATA_BLOB lm_response = data_blob(NULL, 0); > DATA_BLOB nt_response = data_blob(NULL, 0); >@@ -178,6 +179,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, > chal_parse_string = "CdUdbddB"; > } else { > chal_parse_string = "CdUdbdd"; >+ chal_parse_string_short = "CdUdb"; > } > auth_gen_string = "CdBBUUUBd"; > } else { >@@ -185,6 +187,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, > chal_parse_string = "CdAdbddB"; > } else { > chal_parse_string = "CdAdbdd"; >+ chal_parse_string_short = "CdAdb"; > } > > auth_gen_string = "CdBBAAABd"; >@@ -199,10 +202,39 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, > &challenge_blob, 8, > &unkn1, &unkn2, > &target_info)) { >+ >+ bool ok = false; >+ > DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#2)\n")); >- dump_data(2, in.data, in.length); >- talloc_free(mem_ctx); >- return NT_STATUS_INVALID_PARAMETER; >+ >+ if (chal_parse_string_short != NULL) { >+ /* >+ * In the case where NTLMSSP_NEGOTIATE_TARGET_INFO >+ * is not used, some NTLMSSP servers don't return >+ * the unused unkn1 and unkn2 fields. >+ * See bug: >+ * https://bugzilla.samba.org/show_bug.cgi?id=10016 >+ * for packet traces. >+ * Try and parse again without them. >+ */ >+ ok = msrpc_parse(mem_ctx, >+ &in, chal_parse_string_short, >+ "NTLMSSP", >+ &ntlmssp_command, >+ &server_domain, >+ &chal_flags, >+ &challenge_blob, 8); >+ if (!ok) { >+ DEBUG(1, ("Failed to short parse " >+ "the NTLMSSP Challenge: (#2)\n")); >+ } >+ } >+ >+ if (!ok) { >+ dump_data(2, in.data, in.length); >+ talloc_free(mem_ctx); >+ return NT_STATUS_INVALID_PARAMETER; >+ } > } > > if (chal_flags & NTLMSSP_TARGET_TYPE_SERVER) { >-- >2.2.0.rc0.207.ga3a616c > > >From fdee1f79bf5ee477eec5ee47bc6ce25bbbe2c98a Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Mon, 9 Mar 2015 14:27:43 -0700 >Subject: [PATCH 2/2] s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't > set, cope with servers that don't send the 2 unused fields. > >Packet traces showing such servers are found in the bug this fixes: > >https://bugzilla.samba.org/show_bug.cgi?id=10016 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Michael Adam <obnox@samba.org> > >Autobuild-User(master): Michael Adam <obnox@samba.org> >Autobuild-Date(master): Thu Mar 19 12:05:56 CET 2015 on sn-devel-104 > >(cherry picked from commit ffe33940faa6fb762fd2483f0245448b0434be00) >--- > source3/libsmb/ntlmssp.c | 38 +++++++++++++++++++++++++++++++++++--- > 1 file changed, 35 insertions(+), 3 deletions(-) > >diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c >index 617b34b..e661aeb 100644 >--- a/source3/libsmb/ntlmssp.c >+++ b/source3/libsmb/ntlmssp.c >@@ -359,12 +359,13 @@ static NTSTATUS ntlmssp3_client_challenge(struct ntlmssp_state *ntlmssp_state, > TALLOC_CTX *out_mem_ctx, /* Unused at this time */ > const DATA_BLOB reply, DATA_BLOB *next_request) > { >- uint32_t chal_flags, ntlmssp_command, unkn1, unkn2; >+ uint32_t chal_flags, ntlmssp_command, unkn1 = 0, unkn2 = 0; > DATA_BLOB server_domain_blob; > DATA_BLOB challenge_blob; > DATA_BLOB struct_blob = data_blob_null; > char *server_domain; > const char *chal_parse_string; >+ const char *chal_parse_string_short = NULL; > const char *auth_gen_string; > DATA_BLOB lm_response = data_blob_null; > DATA_BLOB nt_response = data_blob_null; >@@ -474,6 +475,7 @@ noccache: > chal_parse_string = "CdUdbddB"; > } else { > chal_parse_string = "CdUdbdd"; >+ chal_parse_string_short = "CdUdb"; > } > auth_gen_string = "CdBBUUUBd"; > } else { >@@ -481,6 +483,7 @@ noccache: > chal_parse_string = "CdAdbddB"; > } else { > chal_parse_string = "CdAdbdd"; >+ chal_parse_string_short = "CdAdb"; > } > > auth_gen_string = "CdBBAAABd"; >@@ -497,9 +500,38 @@ noccache: > &challenge_blob, 8, > &unkn1, &unkn2, > &struct_blob)) { >+ >+ bool ok = false; >+ > DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#2)\n")); >- dump_data(2, reply.data, reply.length); >- return NT_STATUS_INVALID_PARAMETER; >+ >+ if (chal_parse_string_short != NULL) { >+ /* >+ * In the case where NTLMSSP_NEGOTIATE_TARGET_INFO >+ * is not used, some NTLMSSP servers don't return >+ * the unused unkn1 and unkn2 fields. >+ * See bug: >+ * https://bugzilla.samba.org/show_bug.cgi?id=10016 >+ * for packet traces. >+ * Try and parse again without them. >+ */ >+ ok = msrpc_parse(ntlmssp_state, &reply, >+ chal_parse_string_short, >+ "NTLMSSP", >+ &ntlmssp_command, >+ &server_domain, >+ &chal_flags, >+ &challenge_blob, 8); >+ if (!ok) { >+ DEBUG(1, ("Failed to short parse " >+ "the NTLMSSP Challenge: (#2)\n")); >+ } >+ } >+ >+ if (!ok) { >+ dump_data(2, reply.data, reply.length); >+ return NT_STATUS_INVALID_PARAMETER; >+ } > } > > if (chal_flags & NTLMSSP_TARGET_TYPE_SERVER) { >-- >2.2.0.rc0.207.ga3a616c >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
obnox
:
review+
Actions:
View
Attachments on
bug 10016
:
10817
|
10818
|
10834
| 10891