Re: Brown-Paper-Bag bugs in the winbind ntlm auth_helper

From: Francesco Chemolli <kinkie@dont-contact.us>
Date: Fri, 20 Sep 2002 21:16:25 +0200 (CEST)

On Fri, 20 Sep 2002, Henrik Nordstrom wrote:

> Hmm.. from what I can have_nthash is never used other than for debug
> purposes.. are you sure it is ignored?
>
> And I agree with Andrew on the response size issue, but until we have
> a decent possibility to support NTLMv2 it won't matter very much..
>
> Regards
> Henrik
>
> On Tuesday 17 September 2002 17.13, Francesco Chemolli wrote:
> > Since I've put live my winbindd setup, I've discovered two
> > embarassing truths about that code:
> >
> > 1) It doesn't like NTLMv2 at all, refusing access to anybody who
> > dares provide NTLMv2 credentials
> > 2) (much more embarassing) due to an one-liner it ends up ignoring
> > NT credentals, always falling back to LM even when the NThash is
> > provided.
> >
> > Here's the patch. Please apply to the -PRE tree before -STABLE
> > release.
> >
> >
> > --- wb_ntlm_auth.c.orig Tue Sep 17 09:49:40 2002
> > +++ wb_ntlm_auth.c Tue Sep 17 17:08:22 2002
> > @@ -219,21 +219,24 @@
> > authfail(domain, user, "Broken LM hash response");
> > return;
> > }
> > -
> > + have_nthash=0;
> > nthash = ntlm_fetch_string((char *) auth, auth_length,
> > &auth->ntresponse); switch (nthash.l) {
> > case 0:
> > debug("no nthash\n");
> > request.data.auth_crap.nt_resp_len = 0;
> > + have_nthash=0;
> > break;
> > case 24:
> > memcpy(request.data.auth_crap.nt_resp, nthash.str, 24);
> > request.data.auth_crap.nt_resp_len = 24;
> > + have_nthash=1;
> > break;
> > default:
> > - debug("nthash len = %d\n", nthash.l);
> > - authfail(domain, user, "Broken NT hash response");
> > - return;
> > + debug("nthash len=%d. Ignoring it.\n",nthash.l);
> > + request.data.auth_crap.nt_resp_len = 0;
> > + have_nthash=0;
> > + break;
> > }
> >
> > debug("Checking user '%s\\%s' lmhash len =%d, have_nthash=%d,
> > "
>
>
>

-- 
  /Kinkie
Se sulla scatola c'e` scritto "Per windows 95 e superiori", dovrebbe
funzionare sotto Linux, vero?
Received on Sat Sep 21 2002 - 00:54:42 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:16:34 MST