diff options
author | Richard Sharpe <sharpe@samba.org> | 2002-09-03 17:36:00 +0000 |
---|---|---|
committer | Richard Sharpe <sharpe@samba.org> | 2002-09-03 17:36:00 +0000 |
commit | fd13038acff34acb9113afffd01af3e0fe90a6af (patch) | |
tree | 5b8cb48e730499753894e76e454b145387261996 /source3/libsmb | |
parent | fc15341b8265f57a2bdd9be8a06c83e1fd90497a (diff) | |
download | samba-fd13038acff34acb9113afffd01af3e0fe90a6af.tar.gz samba-fd13038acff34acb9113afffd01af3e0fe90a6af.tar.bz2 samba-fd13038acff34acb9113afffd01af3e0fe90a6af.zip |
Fix the client side NTLMSSP. It now works between smbclient and smbd!
However, it does not work with Win2K over 445 with raw NTLMSSP!
(This used to be commit 53e4975337be2cab3ee89f2f62e5659855365b73)
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/cliconnect.c | 9 | ||||
-rw-r--r-- | source3/libsmb/clispnego.c | 47 |
2 files changed, 52 insertions, 4 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index cb3b4373dc..428167ebfa 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -486,16 +486,19 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, char *user, memset(sess_key, 0, 16); + DEBUG(10, ("sending NTLMSSP_NEGOTIATE\n")); + /* generate the ntlmssp negotiate packet */ msrpc_gen(&blob, "CddAA", "NTLMSSP", NTLMSSP_NEGOTIATE, neg_flags, workgroup, strlen(workgroup), - cli->calling.name, strlen(cli->calling.name)); - + cli->calling.name, strlen(cli->calling.name) + 1); + DEBUG(10, ("neg_flags: %0X, workgroup: %s, calling name %s\n", + neg_flags, workgroup, cli->calling.name)); /* and wrap it in a SPNEGO wrapper */ - msg1 = gen_negTokenTarg(mechs, blob); + msg1 = gen_negTokenInit(OID_NTLMSSP, blob); data_blob_free(&blob); /* now send that blob on its way */ diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index 8376398e3f..8aab0fdda9 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -73,6 +73,50 @@ DATA_BLOB spnego_gen_negTokenInit(uint8 guid[16], return ret; } +/* + Generate a negTokenInit as used by the client side ... It has a mechType + (OID), and a mechToken (a security blob) ... + + Really, we need to break out the NTLMSSP stuff as well, because it could be + raw in the packets! +*/ +DATA_BLOB gen_negTokenInit(const char *OID, DATA_BLOB blob) +{ + ASN1_DATA data; + DATA_BLOB ret; + + memset(&data, 0, sizeof(data)); + + asn1_push_tag(&data, ASN1_APPLICATION(0)); + asn1_write_OID(&data,OID_SPNEGO); + asn1_push_tag(&data, ASN1_CONTEXT(0)); + asn1_push_tag(&data, ASN1_SEQUENCE(0)); + + asn1_push_tag(&data, ASN1_CONTEXT(0)); + asn1_push_tag(&data, ASN1_SEQUENCE(0)); + asn1_write_OID(&data, OID); + asn1_pop_tag(&data); + asn1_pop_tag(&data); + + asn1_push_tag(&data, ASN1_CONTEXT(2)); + asn1_write_OctetString(&data,blob.data,blob.length); + asn1_pop_tag(&data); + + asn1_pop_tag(&data); + asn1_pop_tag(&data); + + asn1_pop_tag(&data); + + if (data.has_error) { + DEBUG(1,("Failed to build negTokenInit at offset %d\n", (int)data.ofs)); + asn1_free(&data); + } + + ret = data_blob(data.data, data.length); + asn1_free(&data); + + return ret; +} /* parse a negTokenInit packet giving a GUID, a list of supported @@ -553,7 +597,8 @@ BOOL msrpc_gen(DATA_BLOB *blob, } data_ofs += n*2; break; - + + case 'A': case 'B': b = va_arg(ap, uint8 *); n = va_arg(ap, int); |