experimental ntlmv2 server authenticaion support for cifsd

extending factotums and the auth servers mschap implementation to handle variable length NT response for NTLMv2. fix some minor bugs. only tested with cifs so far.
2013-12-08 02:22:12 +01:00 · 2013-12-08 02:22:12 +01:00 · c940e98630
commit c940e98630
parent d7f90a9096
3 changed files with 199 additions and 53 deletions
--- a/sys/src/cmd/ip/cifsd/smb.c
+++ b/sys/src/cmd/ip/cifsd/smb.c
@ -99,22 +99,25 @@ smbsessionsetupandx(Req *r, uchar *h, uchar *p, uchar *e)
 		logit("ignoring bad session key");
 	while(!remoteuser){
 		if(needauth){
-			MSchapreply mcr;
+			MSchapreply *mcr;

 			if(smbcs == nil || strlen(user) == 0)
 				break;
-			memset(&mcr, 0, sizeof(mcr));
-			if((lme - lm) == sizeof(mcr.LMresp))
-				memmove(mcr.LMresp, lm, lme - lm);
-			if((nte - nt) == sizeof(mcr.NTresp))
-				memmove(mcr.NTresp, nt, nte - nt);
 			smbcs->user = user;
-			smbcs->resp = &mcr;
-			smbcs->nresp = sizeof(mcr);
+			smbcs->nresp = (nte - nt)+sizeof(*mcr)-sizeof(mcr->NTresp);
+			if(smbcs->nresp < sizeof(*mcr))
+				smbcs->nresp = sizeof(*mcr);
+			smbcs->resp = mallocz(smbcs->nresp, 1);
+			mcr = (MSchapreply*)smbcs->resp;
+			if((lme - lm) <= sizeof(mcr->LMresp))
+				memmove(mcr->LMresp, lm, lme - lm);
+			if((nte - nt) > 0)
+				memmove(mcr->NTresp, nt, nte - nt);
 			if((ai = auth_response(smbcs)) == nil)
 				logit("auth_response: %r");
 			auth_freechal(smbcs);
 			smbcs = nil;
+			free(mcr);
 			if(ai == nil)
 				break;
 			if(auth_chuid(ai, nil) < 0)