diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/libsmb/cliconnect.c | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 7ef9b2ab82..cb3b4373dc 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -473,11 +473,12 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, char *user, char *pass, char *workgroup) { const char *mechs[] = {OID_NTLMSSP, NULL}; - DATA_BLOB msg1; + DATA_BLOB msg1, struct_blob; DATA_BLOB blob, chal1, chal2, auth; uint8 challenge[8]; uint8 nthash[24], lmhash[24], sess_key[16]; - uint32 neg_flags; + uint32 neg_flags, chal_flags, ntlmssp_command, unkn1, unkn2; + pstring server_domain; /* FIX THIS, SHOULD be UCS2-LE */ neg_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_128 | @@ -518,6 +519,31 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, char *user, data_blob_free(&blob); + /* + * Ok, chal1 and chal2 are actually two identical copies of + * the NTLMSSP Challenge BLOB, and they contain, encoded in them + * the challenge to use. + */ + + if (!msrpc_parse(&chal1, "CdUdbddB", + "NTLMSSP", + &ntlmssp_command, + &server_domain, + &chal_flags, + challenge, 8, + &unkn1, &unkn2, + struct_blob.data, &struct_blob.length)) { + DEBUG(0, ("Failed to parse the NTLMSSP Challenge\n")); + return False; + } + + if (ntlmssp_command != NTLMSSP_CHALLENGE) { + DEBUG(0, ("NTLMSSP Response != NTLMSSP_CHALLENGE. Got %0X\n", + ntlmssp_command)); + return False; + } + + /* encrypt the password with the challenge */ memcpy(challenge, chal1.data + 24, 8); SMBencrypt(pass, challenge,lmhash); |