diff options
author | Stefan Metzmacher <metze@samba.org> | 2021-12-18 10:40:36 +0100 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2022-01-04 20:07:28 +0000 |
commit | 0ef1254f4428ab83ab6c8ca5e3415a1a9e069c92 (patch) | |
tree | d5c8c551c001c6d25e537dd637d8639c12e37ad2 /auth | |
parent | a03aa131554ef17801248a21722f2c8fb398ee44 (diff) | |
download | samba-0ef1254f4428ab83ab6c8ca5e3415a1a9e069c92.tar.gz |
auth/credentials: cli_credentials_set_ntlm_response() pass session_keys
Otherwise cli_credentials_get_ntlm_response() will return session keys
with a 0 length, which leads to errors in the NTLMSSP code.
This wasn't noticed as cli_credentials_set_ntlm_response() has no
callers yet, but that will change in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'auth')
-rw-r--r-- | auth/credentials/credentials.h | 6 | ||||
-rw-r--r-- | auth/credentials/credentials_internal.h | 2 | ||||
-rw-r--r-- | auth/credentials/credentials_ntlm.c | 65 |
3 files changed, 64 insertions, 9 deletions
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h index 4057565ad34..551b1611826 100644 --- a/auth/credentials/credentials.h +++ b/auth/credentials/credentials.h @@ -230,8 +230,10 @@ bool cli_credentials_set_nt_hash(struct cli_credentials *cred, bool cli_credentials_set_old_nt_hash(struct cli_credentials *cred, const struct samr_Password *nt_hash); bool cli_credentials_set_ntlm_response(struct cli_credentials *cred, - const DATA_BLOB *lm_response, - const DATA_BLOB *nt_response, + const DATA_BLOB *lm_response, + const DATA_BLOB *lm_session_key, + const DATA_BLOB *nt_response, + const DATA_BLOB *nt_session_key, enum credentials_obtained obtained); int cli_credentials_set_keytab_name(struct cli_credentials *cred, struct loadparm_context *lp_ctx, diff --git a/auth/credentials/credentials_internal.h b/auth/credentials/credentials_internal.h index afbda1a4b48..3b1581acb11 100644 --- a/auth/credentials/credentials_internal.h +++ b/auth/credentials/credentials_internal.h @@ -70,7 +70,9 @@ struct cli_credentials { /* Allows NTLM pass-though authentication */ DATA_BLOB lm_response; + DATA_BLOB lm_session_key; DATA_BLOB nt_response; + DATA_BLOB nt_session_key; struct ccache_container *ccache; struct gssapi_creds_container *client_gss_creds; diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c index 49505f64315..1c17148e647 100644 --- a/auth/credentials/credentials_ntlm.c +++ b/auth/credentials/credentials_ntlm.c @@ -69,6 +69,14 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred return NT_STATUS_NO_MEMORY; } } + if (cred->nt_session_key.length != 0) { + session_key = data_blob_dup_talloc(frame, + cred->nt_session_key); + if (session_key.data == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } + } if (cred->lm_response.length != 0) { lm_response = data_blob_dup_talloc(frame, cred->lm_response); @@ -77,6 +85,14 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred return NT_STATUS_NO_MEMORY; } } + if (cred->lm_session_key.length != 0) { + lm_session_key = data_blob_dup_talloc(frame, + cred->lm_session_key); + if (lm_session_key.data == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } + } if (cred->lm_response.data == NULL) { *flags = *flags & ~CLI_CRED_LANMAN_AUTH; @@ -483,19 +499,54 @@ _PUBLIC_ bool cli_credentials_set_old_nt_hash(struct cli_credentials *cred, } _PUBLIC_ bool cli_credentials_set_ntlm_response(struct cli_credentials *cred, - const DATA_BLOB *lm_response, - const DATA_BLOB *nt_response, + const DATA_BLOB *lm_response, + const DATA_BLOB *lm_session_key, + const DATA_BLOB *nt_response, + const DATA_BLOB *nt_session_key, enum credentials_obtained obtained) { if (obtained >= cred->password_obtained) { cli_credentials_set_password(cred, NULL, obtained); - if (nt_response) { - cred->nt_response = data_blob_talloc(cred, nt_response->data, nt_response->length); - talloc_steal(cred, cred->nt_response.data); + + data_blob_clear_free(&cred->lm_response); + data_blob_clear_free(&cred->lm_session_key); + data_blob_clear_free(&cred->nt_response); + data_blob_clear_free(&cred->nt_session_key); + + if (lm_response != NULL && lm_response->length != 0) { + cred->lm_response = data_blob_talloc(cred, + lm_response->data, + lm_response->length); + if (cred->lm_response.data == NULL) { + return false; + } } - if (nt_response) { - cred->lm_response = data_blob_talloc(cred, lm_response->data, lm_response->length); + if (lm_session_key != NULL && lm_session_key->length != 0) { + cred->lm_session_key = data_blob_talloc(cred, + lm_session_key->data, + lm_session_key->length); + if (cred->lm_session_key.data == NULL) { + return false; + } } + + if (nt_response != NULL && nt_response->length != 0) { + cred->nt_response = data_blob_talloc(cred, + nt_response->data, + nt_response->length); + if (cred->nt_response.data == NULL) { + return false; + } + } + if (nt_session_key != NULL && nt_session_key->length != 0) { + cred->nt_session_key = data_blob_talloc(cred, + nt_session_key->data, + nt_session_key->length); + if (cred->nt_session_key.data == NULL) { + return false; + } + } + return true; } |