]>
Commit | Line | Data |
---|---|---|
1d13e637 AF |
1 | From b413a09fa5b927102655a8332e95a64a80e57825 Mon Sep 17 00:00:00 2001 |
2 | From: Stefan Metzmacher <metze@samba.org> | |
3 | Date: Thu, 21 Jul 2011 21:15:38 +0200 | |
4 | Subject: [PATCH 1/2] PATCHSET19: s3:libsmb: don't pass cli->called.name to | |
5 | NTLMv2_generate_names_blob() | |
6 | ||
7 | cli->called.name is never initialized, so this change doesn't change | |
8 | the behavior. And this behavior seems to be correct, see | |
9 | commit 29c0c37691da10bf061ba90a5b31482bda2fa486 | |
10 | s4/libcli: do not use netbios name in NTLMv2 blobs w/o spnego. | |
11 | ||
12 | metze | |
13 | ||
14 | (cherry picked from commit 392ddf970c8f8486e79eec5214ed49912e344e09) | |
15 | --- | |
16 | source3/libsmb/cliconnect.c | 6 +++--- | |
17 | 1 file changed, 3 insertions(+), 3 deletions(-) | |
18 | ||
19 | diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c | |
20 | index 8653ba7..38ae230 100644 | |
21 | --- a/source3/libsmb/cliconnect.c | |
22 | +++ b/source3/libsmb/cliconnect.c | |
23 | @@ -862,11 +862,11 @@ static struct tevent_req *cli_session_setup_nt1_send( | |
24 | /* | |
25 | * note that the 'workgroup' here is a best | |
26 | * guess - we don't know the server's domain | |
27 | - * at this point. The 'server name' is also | |
28 | - * dodgy... | |
29 | + * at this point. Windows clients also don't | |
30 | + * use hostname... | |
31 | */ | |
32 | names_blob = NTLMv2_generate_names_blob( | |
33 | - NULL, cli->called.name, workgroup); | |
34 | + NULL, NULL, workgroup); | |
35 | ||
36 | if (tevent_req_nomem(names_blob.data, req)) { | |
37 | return tevent_req_post(req, ev); | |
38 | -- | |
39 | 2.1.0 | |
40 | ||
41 | ||
42 | From 1415733b6cfeba129e1459ef55a0a12a5dec0fa3 Mon Sep 17 00:00:00 2001 | |
43 | From: Christian Ambach <christian.ambach@de.ibm.com> | |
44 | Date: Thu, 7 Apr 2011 14:05:04 +0200 | |
45 | Subject: [PATCH 2/2] PATCHSET19: s4/libcli: do not use netbios name in NTLMv2 | |
46 | blobs w/o spnego | |
47 | ||
48 | I have seen domain controllers rejecting NTLMv2 blobs presented to | |
49 | NetrLogonSamLogonEx with LOGON_FAILURE when the MsvAvNbComputerName | |
50 | was a FQDN or an IP address | |
51 | ||
52 | I have not seen this field in NTLMv2 blobs send by Windows clients | |
53 | when extended security was not available, so omitting the field | |
54 | makes Samba similar to Windows. | |
55 | ||
56 | This prevents errors with some smbtorture testcases that disable | |
57 | spnego and when a target name is specified that is not a valid | |
58 | netbios name. | |
59 | ||
60 | Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |
61 | ||
62 | Autobuild-User: Andrew Bartlett <abartlet@samba.org> | |
63 | Autobuild-Date: Thu Apr 14 02:19:08 CEST 2011 on sn-devel-104 | |
64 | (cherry picked from commit 29c0c37691da10bf061ba90a5b31482bda2fa486) | |
65 | --- | |
66 | source4/libcli/smb_composite/sesssetup.c | 26 ++++++++++++++++++++++---- | |
67 | 1 file changed, 22 insertions(+), 4 deletions(-) | |
68 | ||
69 | diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c | |
70 | index e1159a4..ebc3598 100644 | |
71 | --- a/source4/libcli/smb_composite/sesssetup.c | |
72 | +++ b/source4/libcli/smb_composite/sesssetup.c | |
73 | @@ -280,8 +280,17 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, | |
74 | struct smbcli_request **req) | |
75 | { | |
76 | NTSTATUS nt_status = NT_STATUS_INTERNAL_ERROR; | |
77 | - struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); | |
78 | - DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, cli_credentials_get_domain(io->in.credentials)); | |
79 | + struct sesssetup_state *state = talloc_get_type(c->private_data, | |
80 | + struct sesssetup_state); | |
81 | + const char *domain = cli_credentials_get_domain(io->in.credentials); | |
82 | + | |
83 | + /* | |
84 | + * domain controllers tend to reject the NTLM v2 blob | |
85 | + * if the netbiosname is not valid (e.g. IP address or FQDN) | |
86 | + * so just leave it away (as Windows client do) | |
87 | + */ | |
88 | + DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, NULL, domain); | |
89 | + | |
90 | DATA_BLOB session_key = data_blob(NULL, 0); | |
91 | int flags = CLI_CRED_NTLM_AUTH; | |
92 | ||
93 | @@ -353,9 +362,18 @@ static NTSTATUS session_setup_old(struct composite_context *c, | |
94 | struct smbcli_request **req) | |
95 | { | |
96 | NTSTATUS nt_status; | |
97 | - struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); | |
98 | + struct sesssetup_state *state = talloc_get_type(c->private_data, | |
99 | + struct sesssetup_state); | |
100 | const char *password = cli_credentials_get_password(io->in.credentials); | |
101 | - DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, cli_credentials_get_domain(io->in.credentials)); | |
102 | + const char *domain = cli_credentials_get_domain(io->in.credentials); | |
103 | + | |
104 | + /* | |
105 | + * domain controllers tend to reject the NTLM v2 blob | |
106 | + * if the netbiosname is not valid (e.g. IP address or FQDN) | |
107 | + * so just leave it away (as Windows client do) | |
108 | + */ | |
109 | + DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, NULL, domain); | |
110 | + | |
111 | DATA_BLOB session_key; | |
112 | int flags = 0; | |
113 | if (session->options.lanman_auth) { | |
114 | -- | |
115 | 2.1.0 | |
116 |