handle NIL user domain, and Z(4) at end of nt blob for ntlmv2
the nt blob ends with 4 zero bytes, this is not the same as the EOL av-pair terminator! this makes ntlmv2 work with windows xp with LmCompatibityLevel = 3
This commit is contained in:
parent
c940e98630
commit
007520e3fe
|
@ -733,6 +733,13 @@ mschap(Ticketreq *tr)
|
||||||
if(id == MsvAvEOL)
|
if(id == MsvAvEOL)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Z[4] */
|
||||||
|
if(ntbloblen > sizeof(ntblob)-4)
|
||||||
|
exits(0);
|
||||||
|
if(readn(0, ntblob+ntbloblen, 4) < 0)
|
||||||
|
exits(0);
|
||||||
|
ntbloblen += 4;
|
||||||
}
|
}
|
||||||
|
|
||||||
safecpy(tr->uid, reply.uid, sizeof(tr->uid));
|
safecpy(tr->uid, reply.uid, sizeof(tr->uid));
|
||||||
|
@ -750,6 +757,8 @@ mschap(Ticketreq *tr)
|
||||||
|
|
||||||
if(ntbloblen > 0){
|
if(ntbloblen > 0){
|
||||||
getname(MsvAvNbDomainName, ntblob, ntbloblen, windom, sizeof(windom));
|
getname(MsvAvNbDomainName, ntblob, ntbloblen, windom, sizeof(windom));
|
||||||
|
|
||||||
|
for(;;){
|
||||||
ntv2hash(hash, secret, tr->uid, windom);
|
ntv2hash(hash, secret, tr->uid, windom);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -765,6 +774,12 @@ mschap(Ticketreq *tr)
|
||||||
s = hmac_md5(chal, 8, hash, MShashlen, nil, nil);
|
s = hmac_md5(chal, 8, hash, MShashlen, nil, nil);
|
||||||
hmac_md5(ntblob, ntbloblen, hash, MShashlen, resp, s);
|
hmac_md5(ntblob, ntbloblen, hash, MShashlen, resp, s);
|
||||||
ntok = memcmp(resp, reply.NTresp, 16) == 0;
|
ntok = memcmp(resp, reply.NTresp, 16) == 0;
|
||||||
|
|
||||||
|
if(lmok || ntok || windom[0] == '\0')
|
||||||
|
break;
|
||||||
|
|
||||||
|
windom[0] = '\0'; /* try NIL domain */
|
||||||
|
}
|
||||||
dupe = 0;
|
dupe = 0;
|
||||||
} else {
|
} else {
|
||||||
lmhash(hash, secret);
|
lmhash(hash, secret);
|
||||||
|
|
|
@ -206,8 +206,15 @@ ntv2_blob(uchar *blob, int len, char *windom)
|
||||||
*p++ = 0;
|
*p++ = 0;
|
||||||
*p++ = 0;
|
*p++ = 0;
|
||||||
|
|
||||||
|
len -= 4;
|
||||||
p += putname(p, len - (p-blob), windom, Bdomain);
|
p += putname(p, len - (p-blob), windom, Bdomain);
|
||||||
p += putname(p, len - (p-blob), "", Beof);
|
p += putname(p, len - (p-blob), "", Beof);
|
||||||
|
len += 4;
|
||||||
|
|
||||||
|
*p++ = 0; /* 32bit: unknown data */
|
||||||
|
*p++ = 0;
|
||||||
|
*p++ = 0;
|
||||||
|
*p++ = 0;
|
||||||
|
|
||||||
return p - blob;
|
return p - blob;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue