From 5be4744601727f6dadf60899f061c5962649a2d9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 23 Aug 2012 15:46:16 -0700 Subject: [PATCH 1/3] Move uppercasing the domain out of smb_pwd_check_ntlmv2() Allows us to remove a silly bool parameter. Based on work done by "Blohm, Guntram (I/FP-37, extern)" . (cherry picked from commit 43870fb2c83c0fc70fb84b48dffe8f93bacf43c9) --- libcli/auth/ntlm_check.c | 30 +++++++++++++++++++++--------- 1 files changed, 21 insertions(+), 9 deletions(-) diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c index da16ce2..f7c6cb4 100644 --- a/libcli/auth/ntlm_check.c +++ b/libcli/auth/ntlm_check.c @@ -297,6 +297,14 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, { const static uint8_t zeros[8]; DATA_BLOB tmp_sess_key; + const char *upper_client_domain = NULL; + + if (client_domain != NULL) { + upper_client_domain = talloc_strdup_upper(mem_ctx, client_domain); + if (upper_client_domain == NULL) { + return NT_STATUS_NO_MEMORY; + } + } if (stored_nt == NULL) { DEBUG(3,("ntlm_password_check: NO NT password stored for user %s.\n", @@ -348,7 +356,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, /* We have the NT MD4 hash challenge available - see if we can use it */ - DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n", client_domain)); + DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n", + client_domain ? client_domain : "")); if (smb_pwd_check_ntlmv2(mem_ctx, nt_response, stored_nt->hash, challenge, @@ -362,13 +371,14 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } - DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", client_domain)); + DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", + upper_client_domain ? upper_client_domain : "")); if (smb_pwd_check_ntlmv2(mem_ctx, nt_response, stored_nt->hash, challenge, client_username, - client_domain, - true, + upper_client_domain, + false, user_sess_key)) { if (user_sess_key->length) { *lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length)); @@ -470,7 +480,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, /* This is for 'LMv2' authentication. almost NTLMv2 but limited to 24 bytes. - related to Win9X, legacy NAS pass-though authentication */ - DEBUG(4,("ntlm_password_check: Checking LMv2 password with domain %s\n", client_domain)); + DEBUG(4,("ntlm_password_check: Checking LMv2 password with domain %s\n", + client_domain ? client_domain : "")); if (smb_pwd_check_ntlmv2(mem_ctx, lm_response, stored_nt->hash, challenge, @@ -500,13 +511,14 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } - DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n", client_domain)); + DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n", + upper_client_domain ? upper_client_domain : "")); if (smb_pwd_check_ntlmv2(mem_ctx, lm_response, stored_nt->hash, challenge, client_username, - client_domain, - true, + upper_client_domain, + false, &tmp_sess_key)) { if (nt_response->length > 24) { /* If NTLMv2 authentication has preceeded us @@ -517,7 +529,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, nt_response, stored_nt->hash, challenge, client_username, - client_domain, + upper_client_domain, true, user_sess_key); } else { -- 1.7.7.3 From e4e8c3df767d4087b1a3b041eae6e276e1b0b3c1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 23 Aug 2012 15:59:54 -0700 Subject: [PATCH 2/3] Remove useless bool "upper_case_domain" parameter. (cherry picked from commit cbdf6c5c5135ce7d14ceff5d12b99428f4285e13) --- libcli/auth/ntlm_check.c | 15 ++------------- 1 files changed, 2 insertions(+), 13 deletions(-) diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c index f7c6cb4..3185558 100644 --- a/libcli/auth/ntlm_check.c +++ b/libcli/auth/ntlm_check.c @@ -87,7 +87,6 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, const uint8_t *part_passwd, const DATA_BLOB *sec_blob, const char *user, const char *domain, - bool upper_case_domain, /* should the domain be transformed into upper case? */ DATA_BLOB *user_sess_key) { /* Finish the encryption of part_passwd. */ @@ -122,7 +121,7 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, but for NTLMv2 it is meant to contain the current time etc. */ - if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) { + if (!ntv2_owf_gen(part_passwd, user, domain, false, kr)) { return false; } @@ -161,7 +160,6 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx, const uint8_t *part_passwd, const DATA_BLOB *sec_blob, const char *user, const char *domain, - bool upper_case_domain, /* should the domain be transformed into upper case? */ DATA_BLOB *user_sess_key) { /* Finish the encryption of part_passwd. */ @@ -192,7 +190,7 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx, client_key_data = data_blob_talloc(mem_ctx, ntv2_response->data+16, ntv2_response->length-16); - if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) { + if (!ntv2_owf_gen(part_passwd, user, domain, false, kr)) { return false; } @@ -363,7 +361,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, client_domain, - false, user_sess_key)) { if (user_sess_key->length) { *lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length)); @@ -378,7 +375,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, upper_client_domain, - false, user_sess_key)) { if (user_sess_key->length) { *lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length)); @@ -392,7 +388,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, "", - false, user_sess_key)) { if (user_sess_key->length) { *lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length)); @@ -487,7 +482,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, client_domain, - false, &tmp_sess_key)) { if (nt_response->length > 24) { /* If NTLMv2 authentication has preceeded us @@ -499,7 +493,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, client_domain, - false, user_sess_key); } else { /* Otherwise, use the LMv2 session key */ @@ -518,7 +511,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, upper_client_domain, - false, &tmp_sess_key)) { if (nt_response->length > 24) { /* If NTLMv2 authentication has preceeded us @@ -530,7 +522,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, upper_client_domain, - true, user_sess_key); } else { /* Otherwise, use the LMv2 session key */ @@ -548,7 +539,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, "", - false, &tmp_sess_key)) { if (nt_response->length > 24) { /* If NTLMv2 authentication has preceeded us @@ -560,7 +550,6 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, "", - false, user_sess_key); } else { /* Otherwise, use the LMv2 session key */ -- 1.7.7.3 From 5875d4335928aefcb9e5bbd8b34c330e44d81bf9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 23 Aug 2012 16:02:09 -0700 Subject: [PATCH 3/3] Remove useless bool "upper_case_domain" parameter from ntv2_owf_gen(). The code in SMBNTLMv2encrypt_hash() should not be requesting case changes on the domain name. (cherry picked from commit c47183b337d996640f009d133d47f90c153acd56) --- libcli/auth/ntlm_check.c | 4 ++-- libcli/auth/proto.h | 1 - libcli/auth/smbencrypt.c | 11 +---------- 3 files changed, 3 insertions(+), 13 deletions(-) diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c index 3185558..74787a4 100644 --- a/libcli/auth/ntlm_check.c +++ b/libcli/auth/ntlm_check.c @@ -121,7 +121,7 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, but for NTLMv2 it is meant to contain the current time etc. */ - if (!ntv2_owf_gen(part_passwd, user, domain, false, kr)) { + if (!ntv2_owf_gen(part_passwd, user, domain, kr)) { return false; } @@ -190,7 +190,7 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx, client_key_data = data_blob_talloc(mem_ctx, ntv2_response->data+16, ntv2_response->length-16); - if (!ntv2_owf_gen(part_passwd, user, domain, false, kr)) { + if (!ntv2_owf_gen(part_passwd, user, domain, kr)) { return false; } diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index 34a0052..11b720d 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -109,7 +109,6 @@ bool E_deshash(const char *passwd, uint8_t p16[16]); void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], uint8_t p16[16]); bool ntv2_owf_gen(const uint8_t owf[16], const char *user_in, const char *domain_in, - bool upper_case_domain, /* Transform the domain into UPPER case */ uint8_t kr_buf[16]); void SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]); void SMBNTencrypt_hash(const uint8_t nt_hash[16], uint8_t *c8, uint8_t *p24); diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c index ed1172b..e0326d4 100644 --- a/libcli/auth/smbencrypt.c +++ b/libcli/auth/smbencrypt.c @@ -168,7 +168,6 @@ void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], uint8_t p16[16]) /* Does both the NTLMv2 owfs of a user's password */ bool ntv2_owf_gen(const uint8_t owf[16], const char *user_in, const char *domain_in, - bool upper_case_domain, /* Transform the domain into UPPER case */ uint8_t kr_buf[16]) { smb_ucs2_t *user; @@ -198,14 +197,6 @@ bool ntv2_owf_gen(const uint8_t owf[16], return false; } - if (upper_case_domain) { - domain_in = strupper_talloc(mem_ctx, domain_in); - if (domain_in == NULL) { - talloc_free(mem_ctx); - return false; - } - } - ret = push_ucs2_talloc(mem_ctx, &user, user_in, &user_byte_len ); if (!ret) { DEBUG(0, ("push_uss2_talloc() for user failed)\n")); @@ -474,7 +465,7 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx, the username and domain. This prevents username swapping during the auth exchange */ - if (!ntv2_owf_gen(nt_hash, user, domain, true, ntlm_v2_hash)) { + if (!ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash)) { return false; } -- 1.7.7.3