summaryrefslogtreecommitdiff
path: root/source4/libcli
diff options
context:
space:
mode:
authorChristian Ambach <christian.ambach@de.ibm.com>2011-04-07 14:05:04 +0200
committerAndrew Bartlett <abartlet@samba.org>2011-04-14 02:19:08 +0200
commit29c0c37691da10bf061ba90a5b31482bda2fa486 (patch)
tree1aa53e189e0306c41172b57bd320eb873293122b /source4/libcli
parent96a49d23a4caebefcea66cfb855fadbae12ccf7c (diff)
downloadsamba-29c0c37691da10bf061ba90a5b31482bda2fa486.tar.gz
samba-29c0c37691da10bf061ba90a5b31482bda2fa486.tar.bz2
samba-29c0c37691da10bf061ba90a5b31482bda2fa486.zip
s4/libcli: do not use netbios name in NTLMv2 blobs w/o spnego
I have seen domain controllers rejecting NTLMv2 blobs presented to NetrLogonSamLogonEx with LOGON_FAILURE when the MsvAvNbComputerName was a FQDN or an IP address I have not seen this field in NTLMv2 blobs send by Windows clients when extended security was not available, so omitting the field makes Samba similar to Windows. This prevents errors with some smbtorture testcases that disable spnego and when a target name is specified that is not a valid netbios name. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Apr 14 02:19:08 CEST 2011 on sn-devel-104
Diffstat (limited to 'source4/libcli')
-rw-r--r--source4/libcli/smb_composite/sesssetup.c26
1 files changed, 22 insertions, 4 deletions
diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c
index e1159a4cd2..ebc35983d2 100644
--- a/source4/libcli/smb_composite/sesssetup.c
+++ b/source4/libcli/smb_composite/sesssetup.c
@@ -280,8 +280,17 @@ static NTSTATUS session_setup_nt1(struct composite_context *c,
struct smbcli_request **req)
{
NTSTATUS nt_status = NT_STATUS_INTERNAL_ERROR;
- struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state);
- DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, cli_credentials_get_domain(io->in.credentials));
+ struct sesssetup_state *state = talloc_get_type(c->private_data,
+ struct sesssetup_state);
+ const char *domain = cli_credentials_get_domain(io->in.credentials);
+
+ /*
+ * domain controllers tend to reject the NTLM v2 blob
+ * if the netbiosname is not valid (e.g. IP address or FQDN)
+ * so just leave it away (as Windows client do)
+ */
+ DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, NULL, domain);
+
DATA_BLOB session_key = data_blob(NULL, 0);
int flags = CLI_CRED_NTLM_AUTH;
@@ -353,9 +362,18 @@ static NTSTATUS session_setup_old(struct composite_context *c,
struct smbcli_request **req)
{
NTSTATUS nt_status;
- struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state);
+ struct sesssetup_state *state = talloc_get_type(c->private_data,
+ struct sesssetup_state);
const char *password = cli_credentials_get_password(io->in.credentials);
- DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, cli_credentials_get_domain(io->in.credentials));
+ const char *domain = cli_credentials_get_domain(io->in.credentials);
+
+ /*
+ * domain controllers tend to reject the NTLM v2 blob
+ * if the netbiosname is not valid (e.g. IP address or FQDN)
+ * so just leave it away (as Windows client do)
+ */
+ DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, NULL, domain);
+
DATA_BLOB session_key;
int flags = 0;
if (session->options.lanman_auth) {