Re: Brown-Paper-Bag bugs in the winbind ntlm auth_helper

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 20 Sep 2002 11:44:31 +0200

Hmm.. from what I can have_nthash is never used other than for debug
purposes.. are you sure it is ignored?

And I agree with Andrew on the response size issue, but until we have
a decent possibility to support NTLMv2 it won't matter very much..

Regards
Henrik

On Tuesday 17 September 2002 17.13, Francesco Chemolli wrote:
> Since I've put live my winbindd setup, I've discovered two
> embarassing truths about that code:
>
> 1) It doesn't like NTLMv2 at all, refusing access to anybody who
> dares provide NTLMv2 credentials
> 2) (much more embarassing) due to an one-liner it ends up ignoring
> NT credentals, always falling back to LM even when the NThash is
> provided.
>
> Here's the patch. Please apply to the -PRE tree before -STABLE
> release.
>
>
> --- wb_ntlm_auth.c.orig Tue Sep 17 09:49:40 2002
> +++ wb_ntlm_auth.c Tue Sep 17 17:08:22 2002
> @@ -219,21 +219,24 @@
> authfail(domain, user, "Broken LM hash response");
> return;
> }
> -
> + have_nthash=0;
> nthash = ntlm_fetch_string((char *) auth, auth_length,
> &auth->ntresponse); switch (nthash.l) {
> case 0:
> debug("no nthash\n");
> request.data.auth_crap.nt_resp_len = 0;
> + have_nthash=0;
> break;
> case 24:
> memcpy(request.data.auth_crap.nt_resp, nthash.str, 24);
> request.data.auth_crap.nt_resp_len = 24;
> + have_nthash=1;
> break;
> default:
> - debug("nthash len = %d\n", nthash.l);
> - authfail(domain, user, "Broken NT hash response");
> - return;
> + debug("nthash len=%d. Ignoring it.\n",nthash.l);
> + request.data.auth_crap.nt_resp_len = 0;
> + have_nthash=0;
> + break;
> }
>
> debug("Checking user '%s\\%s' lmhash len =%d, have_nthash=%d,
> "
Received on Fri Sep 20 2002 - 03:44:25 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:16:34 MST