The branch, v3-0-test has been updated
via 1941f42b04dd20763449ba57e4543aca41ca2155 (commit)
via 1f3eba80c8df79f31757bc2075f5730cd261806c (commit)
from 66ec780d878979a9fa33ff868f1849e9d2166dcf (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test
- Log -----------------------------------------------------------------
commit 1941f42b04dd20763449ba57e4543aca41ca2155
Author: Kai Blin <[EMAIL PROTECTED]>
Date: Fri Nov 7 09:43:46 2008 +0100
ntlm_auth: Put huge NTLMv2 blobs into extra_data on CRAP auth
This fixes bug #5865
commit 1f3eba80c8df79f31757bc2075f5730cd261806c
Author: Kai Blin <[EMAIL PROTECTED]>
Date: Fri Nov 7 09:40:35 2008 +0100
winbindd: Reformat the WBFLAGS defines to prepare for adding a new flag.
-----------------------------------------------------------------------
Summary of changes:
source/nsswitch/winbindd_nss.h | 31 ++++++++++++++++---------------
source/nsswitch/winbindd_pam.c | 24 +++++++++++++++++-------
source/utils/ntlm_auth.c | 20 ++++++++++++++++----
3 files changed, 49 insertions(+), 26 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/nsswitch/winbindd_nss.h b/source/nsswitch/winbindd_nss.h
index 8f22e15..742a774 100644
--- a/source/nsswitch/winbindd_nss.h
+++ b/source/nsswitch/winbindd_nss.h
@@ -188,25 +188,26 @@ typedef struct winbindd_gr {
} WINBINDD_GR;
-#define WBFLAG_PAM_INFO3_NDR 0x0001
-#define WBFLAG_PAM_INFO3_TEXT 0x0002
-#define WBFLAG_PAM_USER_SESSION_KEY 0x0004
-#define WBFLAG_PAM_LMKEY 0x0008
-#define WBFLAG_PAM_CONTACT_TRUSTDOM 0x0010
-#define WBFLAG_QUERY_ONLY 0x0020
-#define WBFLAG_PAM_UNIX_NAME 0x0080
-#define WBFLAG_PAM_AFS_TOKEN 0x0100
-#define WBFLAG_PAM_NT_STATUS_SQUASH 0x0200
+#define WBFLAG_PAM_INFO3_NDR 0x00000001
+#define WBFLAG_PAM_INFO3_TEXT 0x00000002
+#define WBFLAG_PAM_USER_SESSION_KEY 0x00000004
+#define WBFLAG_PAM_LMKEY 0x00000008
+#define WBFLAG_PAM_CONTACT_TRUSTDOM 0x00000010
+#define WBFLAG_QUERY_ONLY 0x00000020
+#define WBFLAG_PAM_UNIX_NAME 0x00000080
+#define WBFLAG_PAM_AFS_TOKEN 0x00000100
+#define WBFLAG_PAM_NT_STATUS_SQUASH 0x00000200
/* This is a flag that can only be sent from parent to child */
-#define WBFLAG_IS_PRIVILEGED 0x0400
+#define WBFLAG_IS_PRIVILEGED 0x00000400
/* Flag to say this is a winbindd internal send - don't recurse. */
-#define WBFLAG_RECURSE 0x0800
+#define WBFLAG_RECURSE 0x00000800
-#define WBFLAG_PAM_KRB5 0x1000
-#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x2000
-#define WBFLAG_PAM_CACHED_LOGIN 0x4000
-#define WBFLAG_PAM_GET_PWD_POLICY 0x8000
+#define WBFLAG_PAM_KRB5 0x00001000
+#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x00002000
+#define WBFLAG_PAM_CACHED_LOGIN 0x00004000
+#define WBFLAG_PAM_GET_PWD_POLICY 0x00008000
+#define WBFLAG_BIG_NTLMV2_BLOB 0x00010000
#define WINBINDD_MAX_EXTRA_DATA (128*1024)
diff --git a/source/nsswitch/winbindd_pam.c b/source/nsswitch/winbindd_pam.c
index 8751c18..708fc62 100644
--- a/source/nsswitch/winbindd_pam.c
+++ b/source/nsswitch/winbindd_pam.c
@@ -1762,17 +1762,27 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct
winbindd_domain *domain,
if (state->request.data.auth_crap.lm_resp_len >
sizeof(state->request.data.auth_crap.lm_resp)
|| state->request.data.auth_crap.nt_resp_len >
sizeof(state->request.data.auth_crap.nt_resp)) {
- DEBUG(0, ("winbindd_pam_auth_crap: invalid password length
%u/%u\n",
- state->request.data.auth_crap.lm_resp_len,
- state->request.data.auth_crap.nt_resp_len));
- result = NT_STATUS_INVALID_PARAMETER;
- goto done;
+ if (!state->request.flags & WBFLAG_BIG_NTLMV2_BLOB ||
+ state->request.extra_len !=
state->request.data.auth_crap.nt_resp_len) {
+ DEBUG(0, ("winbindd_pam_auth_crap: invalid password
length %u/%u\n",
+ state->request.data.auth_crap.lm_resp_len,
+ state->request.data.auth_crap.nt_resp_len));
+ result = NT_STATUS_INVALID_PARAMETER;
+ goto done;
+ }
}
lm_resp = data_blob_talloc(state->mem_ctx,
state->request.data.auth_crap.lm_resp,
state->request.data.auth_crap.lm_resp_len);
- nt_resp = data_blob_talloc(state->mem_ctx,
state->request.data.auth_crap.nt_resp,
-
state->request.data.auth_crap.nt_resp_len);
+ if (state->request.flags & WBFLAG_BIG_NTLMV2_BLOB) {
+ nt_resp = data_blob_talloc(state->mem_ctx,
+ state->request.extra_data.data,
+
state->request.data.auth_crap.nt_resp_len);
+ } else {
+ nt_resp = data_blob_talloc(state->mem_ctx,
+
state->request.data.auth_crap.nt_resp,
+
state->request.data.auth_crap.nt_resp_len);
+ }
/* what domain should we contact? */
diff --git a/source/utils/ntlm_auth.c b/source/utils/ntlm_auth.c
index 53647ad..b42fe92 100644
--- a/source/utils/ntlm_auth.c
+++ b/source/utils/ntlm_auth.c
@@ -350,13 +350,25 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
}
if (nt_response && nt_response->length) {
- memcpy(request.data.auth_crap.nt_resp,
- nt_response->data,
- MIN(nt_response->length,
sizeof(request.data.auth_crap.nt_resp)));
+ if (nt_response->length >
sizeof(request.data.auth_crap.nt_resp)) {
+ request.flags = request.flags | WBFLAG_BIG_NTLMV2_BLOB;
+ request.extra_len = nt_response->length;
+ request.extra_data.data = SMB_MALLOC_ARRAY(char,
request.extra_len);
+ if (request.extra_data.data == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ memcpy(request.extra_data.data, nt_response->data,
+ nt_response->length);
+
+ } else {
+ memcpy(request.data.auth_crap.nt_resp,
+ nt_response->data, nt_response->length);
+ }
request.data.auth_crap.nt_resp_len = nt_response->length;
}
-
+
result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request,
&response);
+ SAFE_FREE(request.extra_data.data);
/* Display response */
--
Samba Shared Repository
