diff options
-rw-r--r-- | source3/lib/talloc.c | 18 | ||||
-rw-r--r-- | source3/libsmb/cliconnect.c | 8 | ||||
-rw-r--r-- | source3/libsmb/ntlm_check.c | 31 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp.c | 4 | ||||
-rw-r--r-- | source3/libsmb/smbencrypt.c | 10 |
5 files changed, 61 insertions, 10 deletions
diff --git a/source3/lib/talloc.c b/source3/lib/talloc.c index 485dc28f31..093a221fd3 100644 --- a/source3/lib/talloc.c +++ b/source3/lib/talloc.c @@ -276,6 +276,24 @@ char *talloc_strdup(TALLOC_CTX *t, const char *p) return NULL; } +/** strdup_upper with a talloc */ +char *talloc_strdup_upper(TALLOC_CTX *t, const char *p) +{ + char *r; + if (p) { + char *q = strdup_upper(p); + if (q) { + r = talloc_strdup(t, q); + SAFE_FREE(q); + return r; + } else { + return NULL; + } + } else { + return NULL; + } +} + /** strdup_w with a talloc */ smb_ucs2_t *talloc_strdup_w(TALLOC_CTX *t, const smb_ucs2_t *p) { diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 63541e18b5..adfeec2290 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -358,7 +358,9 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user, memcpy(p,nt_response.data, nt_response.length); p += nt_response.length; } p += clistr_push(cli, p, user, -1, STR_TERMINATE); - p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE); + + /* Upper case here might help some NTLMv2 implementations */ + p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER); p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE); p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE); cli_setup_bcc(cli, p); @@ -649,7 +651,7 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use for checking the first reply from the server */ cli_calculate_sign_mac(cli); - if (!cli_check_sign_mac(cli, True)) { + if (!cli_check_sign_mac(cli, False)) { nt_status = NT_STATUS_ACCESS_DENIED; } } @@ -874,7 +876,7 @@ BOOL cli_send_tconX(struct cli_state *cli, if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && *pass && passlen != 24) { if (!lp_client_lanman_auth()) { - DEBUG(1, ("Server requested LANMAN password but 'client use lanman auth'" + DEBUG(1, ("Server requested LANMAN password (share-level security) but 'client use lanman auth'" " is disabled\n")); return False; } diff --git a/source3/libsmb/ntlm_check.c b/source3/libsmb/ntlm_check.c index 362b640f91..bc291b5128 100644 --- a/source3/libsmb/ntlm_check.c +++ b/source3/libsmb/ntlm_check.c @@ -85,6 +85,7 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response, const uchar *part_passwd, const DATA_BLOB *sec_blob, const char *user, const char *domain, + BOOL upper_case_domain, /* should the domain be transformed into upper case? */ DATA_BLOB *user_sess_key) { /* Finish the encryption of part_passwd. */ @@ -122,7 +123,7 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response, memcpy(client_response, ntv2_response->data, sizeof(client_response)); - if (!ntv2_owf_gen(part_passwd, user, domain, kr)) { + if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) { return False; } @@ -235,13 +236,24 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, if (nt_response->length >= 24 && nt_pw) { if (nt_response->length > 24) { /* We have the NT MD4 hash challenge available - see if we can - use it (ie. does it exist in the smbpasswd file). + use it */ DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n", client_domain)); if (smb_pwd_check_ntlmv2( nt_response, nt_pw, challenge, - client_username, + client_username, + client_domain, + False, + user_sess_key)) { + return NT_STATUS_OK; + } + + DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", client_domain)); + if (smb_pwd_check_ntlmv2( nt_response, + nt_pw, challenge, + client_username, client_domain, + True, user_sess_key)) { return NT_STATUS_OK; } @@ -251,6 +263,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, nt_pw, challenge, client_username, "", + False, user_sess_key)) { return NT_STATUS_OK; } else { @@ -334,6 +347,17 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, nt_pw, challenge, client_username, client_domain, + False, + NULL)) { + return NT_STATUS_OK; + } + + DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n", client_domain)); + if (smb_pwd_check_ntlmv2( lm_response, + nt_pw, challenge, + client_username, + client_domain, + True, NULL)) { return NT_STATUS_OK; } @@ -343,6 +367,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, nt_pw, challenge, client_username, "", + False, NULL)) { return NT_STATUS_OK; } diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index 60523ddf9d..82eafc4cd5 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -168,7 +168,9 @@ NTSTATUS ntlmssp_set_password(NTLMSSP_STATE *ntlmssp_state, const char *password */ NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain) { - ntlmssp_state->domain = talloc_strdup(ntlmssp_state->mem_ctx, domain); + /* Possibly make our NTLMv2 client more robust by always having + an uppercase domain */ + ntlmssp_state->domain = talloc_strdup_upper(ntlmssp_state->mem_ctx, domain); if (!ntlmssp_state->domain) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index c5acedae51..270a659e57 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -127,7 +127,9 @@ void nt_lm_owf_gen(const char *pwd, uchar nt_p16[16], uchar p16[16]) /* Does both the NTLMv2 owfs of a user's password */ BOOL ntv2_owf_gen(const uchar owf[16], - const char *user_in, const char *domain_in, uchar kr_buf[16]) + const char *user_in, const char *domain_in, + BOOL upper_case_domain, /* Transform the domain into UPPER case */ + uchar kr_buf[16]) { smb_ucs2_t *user; smb_ucs2_t *domain; @@ -150,7 +152,9 @@ BOOL ntv2_owf_gen(const uchar owf[16], } strupper_w(user); - strupper_w(domain); + + if (upper_case_domain) + strupper_w(domain); SMB_ASSERT(user_byte_len >= 2); SMB_ASSERT(domain_byte_len >= 2); @@ -426,7 +430,7 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password the username and domain. This prevents username swapping during the auth exchange */ - if (!ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash)) { + if (!ntv2_owf_gen(nt_hash, user, domain, True, ntlm_v2_hash)) { return False; } |