s4: lib: auth: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields.

Packet traces showing such servers are found in the bug this fixes: https://bugzilla.samba.org/show_bug.cgi?id=10016 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
author: Jeremy Allison <jra@samba.org> 2015-03-09 14:21:22 -0700
committer: Michael Adam <obnox@samba.org> 2015-03-19 09:30:07 +0100
commit: 5137af570d8a173d7775754ad2e60d6d8efbe3a2 (patch)
tree: 6162e7c5ea16de056276a1c0ba4093bc86dad224 /auth
parent: 677da99c9f04424d122598bb701e806d3c88e526 (diff)
download: samba-5137af570d8a173d7775754ad2e60d6d8efbe3a2.tar.gz
1 files changed, 36 insertions, 4 deletions
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index f99257d7312..d8531e4c2e9 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -132,12 +132,13 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
 		talloc_get_type_abort(gensec_security->private_data,
 				      struct gensec_ntlmssp_context);
 	struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
-	uint32_t chal_flags, ntlmssp_command, unkn1, unkn2;
+	uint32_t chal_flags, ntlmssp_command, unkn1 = 0, unkn2 = 0;
 	DATA_BLOB server_domain_blob;
 	DATA_BLOB challenge_blob;
 	DATA_BLOB target_info = data_blob(NULL, 0);
 	char *server_domain;
 	const char *chal_parse_string;
+	const char *chal_parse_string_short = NULL;
 	const char *auth_gen_string;
 	DATA_BLOB lm_response = data_blob(NULL, 0);
 	DATA_BLOB nt_response = data_blob(NULL, 0);
@@ -178,6 +179,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
 			chal_parse_string = "CdUdbddB";
 		} else {
 			chal_parse_string = "CdUdbdd";
+			chal_parse_string_short = "CdUdb";
 		}
 		auth_gen_string = "CdBBUUUBd";
 	} else {
@@ -185,6 +187,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
 			chal_parse_string = "CdAdbddB";
 		} else {
 			chal_parse_string = "CdAdbdd";
+			chal_parse_string_short = "CdAdb";
 		}
 
 		auth_gen_string = "CdBBAAABd";
@@ -199,10 +202,39 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
 			 &challenge_blob, 8,
 			 &unkn1, &unkn2,
 			 &target_info)) {
+
+		bool ok = false;
+
 		DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#2)\n"));
-		dump_data(2, in.data, in.length);
-		talloc_free(mem_ctx);
-		return NT_STATUS_INVALID_PARAMETER;
+
+		if (chal_parse_string_short != NULL) {
+			/*
+			 * In the case where NTLMSSP_NEGOTIATE_TARGET_INFO
+			 * is not used, some NTLMSSP servers don't return
+			 * the unused unkn1 and unkn2 fields.
+			 * See bug:
+			 * https://bugzilla.samba.org/show_bug.cgi?id=10016
+			 * for packet traces.
+			 * Try and parse again without them.
+			 */
+			ok = msrpc_parse(mem_ctx,
+				&in, chal_parse_string_short,
+				"NTLMSSP",
+				&ntlmssp_command,
+				&server_domain,
+				&chal_flags,
+				&challenge_blob, 8);
+			if (!ok) {
+				DEBUG(1, ("Failed to short parse "
+					"the NTLMSSP Challenge: (#2)\n"));
+			}
+		}
+
+		if (!ok) {
+			dump_data(2, in.data, in.length);
+			talloc_free(mem_ctx);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
 	}
 
 	if (chal_flags & NTLMSSP_TARGET_TYPE_SERVER) {
author	Jeremy Allison <jra@samba.org>	2015-03-09 14:21:22 -0700
committer	Michael Adam <obnox@samba.org>	2015-03-19 09:30:07 +0100
commit	5137af570d8a173d7775754ad2e60d6d8efbe3a2 (patch)
tree	6162e7c5ea16de056276a1c0ba4093bc86dad224 /auth
parent	677da99c9f04424d122598bb701e806d3c88e526 (diff)
download	samba-5137af570d8a173d7775754ad2e60d6d8efbe3a2.tar.gz