1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

libcli/auth: let NTLMv2_RESPONSE_verify_netlogon_creds ignore BUFFER_TOO_SMALL

Windows doesn't complain about invalid av_pair blobs,
we need to do the same.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Stefan Metzmacher 2021-12-15 17:25:06 +01:00 committed by Jeremy Allison
parent e7e521fe9b
commit f123c1a171
2 changed files with 21 additions and 19 deletions

View File

@ -682,10 +682,26 @@ NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name,
if (!NDR_ERR_CODE_IS_SUCCESS(err)) { if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
NTSTATUS status; NTSTATUS status;
status = ndr_map_error2ntstatus(err); status = ndr_map_error2ntstatus(err);
DEBUG(2,("Failed to parse NTLMv2_RESPONSE " if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL)) {
"length %u - %s - %s\n", /*
* We are supposed to ignore invalid buffers,
* see https://bugzilla.samba.org/show_bug.cgi?id=14932
*/
status = NT_STATUS_OK;
}
DEBUG(2,("%s: Failed to parse NTLMv2_RESPONSE length=%u "
"for user[%s\\%s] against SEC_CHAN(%u)[%s/%s] "
"in workgroup[%s] - %s %s %s\n",
__func__,
(unsigned)response.length, (unsigned)response.length,
account_domain,
account_name,
creds->secure_channel_type,
creds->computer_name,
creds->account_name,
workgroup,
ndr_map_error2string(err), ndr_map_error2string(err),
NT_STATUS_IS_OK(status) ? "(ignoring) =>" : "=>",
nt_errstr(status))); nt_errstr(status)));
dump_data(2, response.data, response.length); dump_data(2, response.data, response.length);
TALLOC_FREE(frame); TALLOC_FREE(frame);

View File

@ -1,14 +0,0 @@
^samba3.rpc.schannel.schannel.nt4_dc
^samba3.rpc.schannel.schannel.ad_dc
^samba4.rpc.schannel.on.ncalrpc.with.seal,padcheck.schannel.ad_dc_default:local
^samba4.rpc.schannel.on.ncacn_np.with.seal,padcheck.schannel.ad_dc_default
^samba4.rpc.schannel.on.ncacn_ip_tcp.with.seal,padcheck.schannel.ad_dc_default
^samba4.rpc.schannel.on.ncalrpc.with.validate.schannel.ad_dc_default:local
^samba4.rpc.schannel.on.ncacn_np.with.validate.schannel.ad_dc_default
^samba4.rpc.schannel.on.ncacn_ip_tcp.with.validate.schannel.ad_dc_default
^samba4.rpc.schannel.on.ncalrpc.with.bigendian.schannel.ad_dc_default:local
^samba4.rpc.schannel.on.ncacn_np.with.bigendian.schannel.ad_dc_default
^samba4.rpc.schannel.on.ncacn_ip_tcp.with.bigendian.schannel.ad_dc_default
^samba4.rpc.schannel.with.seal,padcheck.schannel.ad_dc
^samba4.rpc.schannel.with.validate.schannel.ad_dc
^samba4.rpc.schannel.with.bigendian.schannel.ad_dc