Skip to content

Commit

Permalink
ntlmssp: update ntlmssp domain/password after parsing the challenge m…
Browse files Browse the repository at this point in the history 
…essage

In the challenge message we might learn a new domain name to use to talk
to the server. In that case matching password in the NTLM_USER_FILE
might change so we need to update auth_data with the new domain/password
before we generate the ntlmssp auth message.

Signed-off-by: Ronnie Sahlberg <[email protected]>
  • Loading branch information
@sahlberg
sahlberg committed Jan 5, 2025
1 parent 28e9964 commit 66403a8
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 13 deletions.
4 changes: 4 additions & 0 deletions lib/init.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -597,6 +597,9 @@ void smb2_set_password_from_file(struct smb2_context *smb2)
if (domain[0] && smb2->domain && strcmp(smb2->domain, domain)) {
continue;
}
if (domain[0] && smb2->domain == NULL) {
continue;
}
password = strchr(user, ':');
if (password == NULL) {
continue;
Expand Down Expand Up @@ -666,6 +669,7 @@ void smb2_set_domain(struct smb2_context *smb2, const char *domain)
return;
}
smb2->domain = strdup(domain);
smb2_set_password_from_file(smb2);
}

const char *smb2_get_domain(struct smb2_context *smb2)
Expand Down
65 changes: 52 additions & 13 deletions lib/ntlmssp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,8 +91,8 @@ struct auth_data {
size_t ntlm_len;

char *user;
char *password;
char *domain;
char *password;
char *workstation;
char *target_name;
uint8_t *client_challenge;
Expand Down Expand Up @@ -137,6 +137,40 @@ ntlmssp_destroy_context(struct auth_data *auth)
free(auth);
}

static int
auth_data_set_password(struct auth_data *auth_data, const char *password)
{
free(auth_data->password);
auth_data->password = NULL;

if (password == NULL) {
return 0;
}

auth_data->password = strdup(password);
if (auth_data->password == NULL) {
return -ENOMEM;
}
return 0;
}

static int
auth_data_set_domain(struct auth_data *auth_data, const char *domain)
{
free(auth_data->domain);
auth_data->domain = NULL;

if (domain == NULL) {
return 0;
}

auth_data->domain = strdup(domain);
if (auth_data->domain == NULL) {
return -ENOMEM;
}
return 0;
}

struct auth_data *
ntlmssp_init_context(const char *user,
const char *password,
Expand All @@ -158,17 +192,11 @@ ntlmssp_init_context(const char *user,
goto failed;
}
}
if (password) {
auth_data->password = strdup(password);
if (auth_data->password == NULL) {
goto failed;
}
if (auth_data_set_password(auth_data, password) < 0) {
goto failed;
}
if (domain) {
auth_data->domain = strdup(domain);
if (auth_data->domain == NULL) {
goto failed;
}
if (auth_data_set_domain(auth_data, domain) < 0) {
goto failed;
}
if (workstation) {
auth_data->workstation = strdup(workstation);
Expand Down Expand Up @@ -600,6 +628,18 @@ encode_ntlm_auth(struct smb2_context *smb2, time_t ti,
tv.tv_usec = 0;
t = smb2_timeval_to_win(&tv);

/*
* If we discovered the domain (and a new associated password in NTLM_USER_FILE)
* on receiving the challenge message we need to update auth_data with the
* new domain/password.
*/
if (auth_data_set_password(auth_data, smb2->password) < 0) {
goto finished;
}
if (auth_data_set_domain(auth_data, smb2->domain) < 0) {
goto finished;
}

if (auth_data->password == NULL) {
anonymous = 1;
goto encode;
Expand All @@ -608,8 +648,7 @@ encode_ntlm_auth(struct smb2_context *smb2, time_t ti,
* Generate Concatenation of(NTProofStr, temp)
*/
if (NTOWFv2(auth_data->user, auth_data->password,
auth_data->domain, ResponseKeyNT)
< 0) {
auth_data->domain, ResponseKeyNT) < 0) {
goto finished;
}

Expand Down

0 comments on commit 66403a8

Please sign in to comment.