[cvsnt-dev] NTLMSSP auth with empty domain part fails

Arthur Barrett arthur.barrett at march-hare.com
Tue Oct 24 04:06:46 BST 2006


Andreas,

Thanks I'm still on holiday - but will look at this next week.  If you don't 
see anything from me by Wednesday next week I'd appreciate a heads up ;).

Thanks,

Arthur

"Andreas Tscharner" <andreas.tscharner at metromec.ch> wrote in message 
news:ehhudk$6h3$1 at paris.nodomain.org...
> Hello World,
>
> A Debian user has found a bug in CVSNT 2.5.03 build 2382. He has
> provided a patch. Here is his description and the patch.
>
> Best regards
> Andreas
>
>
> --- BEGIN MESSAGE ---
> NTLMSSP authentication against a Windows cvsnt server fails.
>
> I have an older, hacked cvsnt version which works, and by comparing
> tcpdumps I found out that the pointer field of the second
> string (domain/workstation) of the type 1 NTLM message
> built by buildSmbNtlmAuthRequest() points past the end
> of the message when the domain argument is an empty string.
> The server then immediately rejects the auth request
> with a "[80090308] The parameter is incorrect." reply.
>
> The attached patch fixes this, and makes NTLM auth work for me.
>
> (The older cvsnt version I have set the offset field
> to some totally bogus value when the string length is
> zero, thus I believe the offset value doesn't matter
> at all in this case, as long as it doesn't point past
> the end of the packet.)
>
>
> Thanks,
> Johannes
> --- END MESSAGE ---
>
> -- 
> Andreas Tscharner                          andreas.tscharner at metromec.ch
> ------------------------------------------------------------------------
> And the beast shall come forth surrounded by a roiling cloud of
> vengeance. The house of the unbelievers shall be razed and they shall be
> scorched to the earth. Their tags shall blink until the end of days.
>                                             -- The Book of Mozilla 12:10
>


--------------------------------------------------------------------------------


> --- cvsnt-2.5.03.2382/protocols/ntlm/smbutil.c.orig 2006-10-21 
> 03:30:43.000000000 +0200
> +++ cvsnt-2.5.03.2382/protocols/ntlm/smbutil.c 2006-10-21 
> 03:50:05.000000000 +0200
> @@ -258,6 +258,12 @@ buildSmbNtlmAuthRequest_userlen (tSmbNtl
>   /* FIXME this should be workstation, not username */
>   AddBytes (request, user, user, user_len);
>   AddString (request, domain, domain);
> +  /* offset must not point past end of message (otherwise server responds
> +   * with "The parameter is incorrect."), however if the string length
> +   * is zero it doesn't matter where exactly the offset points to, I 
> think
> +   */
> +  if (!domain || !*domain)
> +    request->domain.offset--;
> }
>
> void
> 




More information about the cvsnt-dev mailing list