| 239 |
239 |
memcpy(domain, tmp.str, tmp.l);
|
| 240 |
240 |
user = domain + tmp.l;
|
| 241 |
241 |
*user = '\0';
|
| 242 |
242 |
++user;
|
| 243 |
243 |
|
| 244 |
244 |
/* debug("fetching user name\n"); */
|
| 245 |
245 |
tmp = ntlm_fetch_string(&(auth->hdr), auth_length, &auth->user, auth->flags);
|
| 246 |
246 |
if (tmp.str == NULL || tmp.l == 0) {
|
| 247 |
247 |
debug("No username supplied. Returning no-auth\n");
|
| 248 |
248 |
ntlm_errno = NTLM_ERR_LOGON;
|
| 249 |
249 |
return NULL;
|
| 250 |
250 |
}
|
| 251 |
251 |
if (tmp.l > MAX_USERNAME_LEN) {
|
| 252 |
252 |
debug("Username string exceeds %d bytes, rejecting\n", MAX_USERNAME_LEN);
|
| 253 |
253 |
ntlm_errno = NTLM_ERR_LOGON;
|
| 254 |
254 |
return NULL;
|
| 255 |
255 |
}
|
| 256 |
256 |
memcpy(user, tmp.str, tmp.l);
|
| 257 |
257 |
*(user + tmp.l) = '\0';
|
| 258 |
258 |
|
| 259 |
|
/* Authenticating against the NT response doesn't seem to work... */
|
| 260 |
|
tmp = ntlm_fetch_string(&(auth->hdr), auth_length, &auth->lmresponse, auth->flags);
|
| 261 |
|
if (tmp.str == NULL || tmp.l == 0) {
|
| 262 |
|
fprintf(stderr, "No auth at all. Returning no-auth\n");
|
| 263 |
|
ntlm_errno = NTLM_ERR_LOGON;
|
| 264 |
|
return NULL;
|
|
259 |
// grab the *response blobs. these are fixed length 24 bytes of binary
|
|
260 |
const ntlmhdr *packet = &(auth->hdr);
|
|
261 |
{
|
|
262 |
const strhdr * str = &auth->lmresponse;
|
|
263 |
|
|
264 |
int16_t len = le16toh(str->len);
|
|
265 |
int32_t offset = le32toh(str->offset);
|
|
266 |
|
|
267 |
if (len != ENCODED_PASS_LEN || offset + len > auth_length || offset == 0) {
|
|
268 |
debug("LM response: insane data (pkt-sz: %d, fetch len: %d, offset: %d)\n", auth_length, len, offset);
|
|
269 |
ntlm_errno = NTLM_ERR_LOGON;
|
|
270 |
return NULL;
|
|
271 |
}
|
|
272 |
tmp.str = (char *)packet + offset;
|
|
273 |
tmp.l = len;
|
| 265 |
274 |
}
|
| 266 |
275 |
if (tmp.l > MAX_PASSWD_LEN) {
|
| 267 |
276 |
debug("Password string exceeds %d bytes, rejecting\n", MAX_PASSWD_LEN);
|
| 268 |
277 |
ntlm_errno = NTLM_ERR_LOGON;
|
| 269 |
278 |
return NULL;
|
| 270 |
279 |
}
|
| 271 |
280 |
|
|
281 |
/* Authenticating against the NT response doesn't seem to work... in SMB LM helper. */
|
| 272 |
282 |
memcpy(pass, tmp.str, tmp.l);
|
| 273 |
283 |
pass[min(MAX_PASSWD_LEN,tmp.l)] = '\0';
|
| 274 |
284 |
|
| 275 |
285 |
#if 1
|
| 276 |
286 |
debug("Empty LM pass detection: user: '%s', ours:'%s', his: '%s' (length: %d)\n",
|
| 277 |
287 |
user,lmencoded_empty_pass,tmp.str,tmp.l);
|
| 278 |
288 |
if (memcmp(tmp.str,lmencoded_empty_pass,ENCODED_PASS_LEN)==0) {
|
| 279 |
289 |
fprintf(stderr,"Empty LM password supplied for user %s\\%s. "
|
| 280 |
290 |
"No-auth\n",domain,user);
|
| 281 |
291 |
ntlm_errno=NTLM_ERR_LOGON;
|
| 282 |
292 |
return NULL;
|
| 283 |
293 |
}
|
| 284 |
294 |
|
| 285 |
|
tmp = ntlm_fetch_string(&(auth->hdr), auth_length, &auth->ntresponse, auth->flags);
|
| 286 |
|
if (tmp.str != NULL && tmp.l != 0) {
|
|
295 |
/* still fetch the NT response and check validity against empty password */
|
|
296 |
{
|
|
297 |
const strhdr * str = &auth->ntresponse;
|
|
298 |
int16_t len = le16toh(str->len);
|
|
299 |
int32_t offset = le32toh(str->offset);
|
|
300 |
|
|
301 |
if (len != ENCODED_PASS_LEN || offset + len > auth_length || offset == 0) {
|
|
302 |
debug("NT response: insane data (pkt-sz: %d, fetch len: %d, offset: %d)\n", auth_length, len, offset);
|
|
303 |
ntlm_errno = NTLM_ERR_LOGON;
|
|
304 |
return NULL;
|
|
305 |
}
|
|
306 |
tmp.str = (char *)packet + offset;
|
|
307 |
tmp.l = len;
|
|
308 |
|
| 287 |
309 |
debug("Empty NT pass detection: user: '%s', ours:'%s', his: '%s' (length: %d)\n",
|
| 288 |
310 |
user,ntencoded_empty_pass,tmp.str,tmp.l);
|
| 289 |
311 |
if (memcmp(tmp.str,lmencoded_empty_pass,ENCODED_PASS_LEN)==0) {
|
| 290 |
312 |
fprintf(stderr,"ERROR: Empty NT password supplied for user %s\\%s. No-auth\n", domain, user);
|
| 291 |
313 |
ntlm_errno = NTLM_ERR_LOGON;
|
| 292 |
314 |
return NULL;
|
| 293 |
315 |
}
|
| 294 |
316 |
}
|
| 295 |
317 |
#endif
|
| 296 |
318 |
|
| 297 |
|
/* TODO: check against empty password!!!!! */
|
| 298 |
|
|
| 299 |
319 |
debug("checking domain: '%s', user: '%s', pass='%s'\n", domain, user, pass);
|
| 300 |
320 |
|
| 301 |
321 |
rv = SMB_Logon_Server(handle, user, pass, domain, 1);
|
| 302 |
322 |
debug("Login attempt had result %d\n", rv);
|
| 303 |
323 |
|
| 304 |
324 |
if (rv != NTLM_ERR_NONE) { /* failed */
|
| 305 |
325 |
ntlm_errno = rv;
|
| 306 |
326 |
return NULL;
|
| 307 |
327 |
}
|
| 308 |
328 |
*(user - 1) = '\\'; /* hack. Performing, but ugly. */
|
| 309 |
329 |
|
| 310 |
330 |
debug("credentials: %s\n", credentials);
|
| 311 |
331 |
return credentials;
|
| 312 |
332 |
}
|
| 313 |
333 |
|
| 314 |
334 |
extern "C" void timeout_during_auth(int signum);
|
| 315 |
335 |
|
| 316 |
336 |
static char got_timeout = 0;
|
| 317 |
337 |
/** signal handler to be invoked when the authentication operation
|
| 318 |
338 |
* times out */
|