From 74aca02a8f152cc99c32fb4e371a9db34772a5f7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 15 Dec 2021 17:25:06 +0100 Subject: [PATCH] libcli/auth: let NTLMv2_RESPONSE_verify_netlogon_creds ignore BUFFER_TOO_SMALL Windows doesn't complain about invalid av_pair blobs, we need to do the same. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit f123c1a171e59113feb688523b499dab0b824528) --- libcli/auth/smbencrypt.c | 26 +++++++++++++++++++++----- selftest/knownfail.d/rpc.schannel | 14 -------------- 2 files changed, 21 insertions(+), 19 deletions(-) delete mode 100644 selftest/knownfail.d/rpc.schannel diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c index 468374699f7..ce7c32279b9 100644 --- a/libcli/auth/smbencrypt.c +++ b/libcli/auth/smbencrypt.c @@ -682,11 +682,27 @@ NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name, if (!NDR_ERR_CODE_IS_SUCCESS(err)) { NTSTATUS status; status = ndr_map_error2ntstatus(err); - DEBUG(2,("Failed to parse NTLMv2_RESPONSE " - "length %u - %s - %s\n", - (unsigned)response.length, - ndr_map_error2string(err), - nt_errstr(status))); + if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL)) { + /* + * We are supposed to ignore invalid buffers, + * see https://bugzilla.samba.org/show_bug.cgi?id=14932 + */ + status = NT_STATUS_OK; + } + DEBUG(2,("%s: Failed to parse NTLMv2_RESPONSE length=%u " + "for user[%s\\%s] against SEC_CHAN(%u)[%s/%s] " + "in workgroup[%s] - %s %s %s\n", + __func__, + (unsigned)response.length, + account_domain, + account_name, + creds->secure_channel_type, + creds->computer_name, + creds->account_name, + workgroup, + ndr_map_error2string(err), + NT_STATUS_IS_OK(status) ? "(ignoring) =>" : "=>", + nt_errstr(status))); dump_data(2, response.data, response.length); TALLOC_FREE(frame); return status; diff --git a/selftest/knownfail.d/rpc.schannel b/selftest/knownfail.d/rpc.schannel deleted file mode 100644 index f0be92f30b3..00000000000 --- a/selftest/knownfail.d/rpc.schannel +++ /dev/null @@ -1,14 +0,0 @@ -^samba3.rpc.schannel.schannel.nt4_dc -^samba3.rpc.schannel.schannel.ad_dc -^samba4.rpc.schannel.on.ncalrpc.with.seal,padcheck.schannel.ad_dc_default:local -^samba4.rpc.schannel.on.ncacn_np.with.seal,padcheck.schannel.ad_dc_default -^samba4.rpc.schannel.on.ncacn_ip_tcp.with.seal,padcheck.schannel.ad_dc_default -^samba4.rpc.schannel.on.ncalrpc.with.validate.schannel.ad_dc_default:local -^samba4.rpc.schannel.on.ncacn_np.with.validate.schannel.ad_dc_default -^samba4.rpc.schannel.on.ncacn_ip_tcp.with.validate.schannel.ad_dc_default -^samba4.rpc.schannel.on.ncalrpc.with.bigendian.schannel.ad_dc_default:local -^samba4.rpc.schannel.on.ncacn_np.with.bigendian.schannel.ad_dc_default -^samba4.rpc.schannel.on.ncacn_ip_tcp.with.bigendian.schannel.ad_dc_default -^samba4.rpc.schannel.with.seal,padcheck.schannel.ad_dc -^samba4.rpc.schannel.with.validate.schannel.ad_dc -^samba4.rpc.schannel.with.bigendian.schannel.ad_dc