Ticket #259: fix_ntlm.patch

src/openvpn/ntlm.c

@@ -179 +179 @@
    * and the minimal set of flags (Negotiate NTLM and Negotiate OEM).
    *
    */
-  buf_printf (&out, "%s", "TlRMTVNTUAABAAAAAgIAAA==");
+  buf_printf (&out, "%s", "TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==");
   return (BSTR (&out));
 }
 
@@ -193 +193 @@
          */
         
   char pwbuf[sizeof (p->up.password) * 2]; /* for unicode password */
-  char buf2[128]; /* decoded reply from proxy */
+  char buf2[512]; /* decoded reply from proxy */
   unsigned char phase3[464];
 
   char md4_hash[MD4_DIGEST_LENGTH+5];
@@ -211 +211 @@
         size_t len;
 
         char domain[128];
+        char domain_u[256];
         char username[128];
+        char username_u[256];
         char *separator;
 
         bool ntlmv2_enabled = (p->auth_method == HTTP_AUTH_NTLM2);
@@ -258 +260 @@
 
         if (ntlmv2_enabled){ /* Generate NTLMv2 response */
                 int tib_len;
-
+                msg (M_INFO, "NTLMv2 selected");
                 /* NTLMv2 hash */
                 my_strupr((unsigned char *)strcpy(userdomain, username));
                 if (strlen(username) + strlen(domain) < sizeof(userdomain))
@@ -328 +330 @@
                 add_security_buffer(0x14, ntlm_response, 24, phase3, &phase3_bufpos);
         }
         
-        /* username in ascii */
-        add_security_buffer(0x24, username, strlen (username), phase3, &phase3_bufpos);
-
-        /* Set domain. If <domain> is empty, default domain will be used (i.e. proxy's domain) */ 
-        add_security_buffer(0x1c, domain, strlen (domain), phase3, &phase3_bufpos);
-        
+        /* check for unicode */
+        if (( *((long *)&buf2[0x14]) & 2) == 2){
+                phase3[0x3c] = 0x02; /* negotiate oem */
+                /* Set domain. If <domain> is empty, default domain will be used (i.e. proxy's domain) */ 
+                add_security_buffer(0x1c, domain, strlen (domain), phase3, &phase3_bufpos);
+                /* username in ascii */
+                add_security_buffer(0x24, username, (strlen (username)), phase3, &phase3_bufpos);
+        } else {
+                phase3[0x3c] = 0x01; /* negotiate unicode */
+                unicodize (domain_u, domain);
+                add_security_buffer(0x1c, domain_u, strlen (domain) * 2, phase3, &phase3_bufpos);
+                
+                unicodize (username_u, username);
+                add_security_buffer(0x24, username_u, strlen (username) * 2, phase3, &phase3_bufpos);           
+        }
 
         /* other security buffers will be empty */
         phase3[0x10] = phase3_bufpos; /* lm not used */
@@ -341 +352 @@
         phase3[0x38] = phase3_bufpos; /* no session key */
         
         /* flags */
-  phase3[0x3c] = 0x02; /* negotiate oem */
   phase3[0x3d] = 0x02; /* negotiate ntlm */
 
   return ((const char *)make_base64_string2 ((unsigned char *)phase3, phase3_bufpos, gc));

src/openvpn/proxy.c

@@ -499 +499 @@
 {
   struct gc_arena gc = gc_new ();
   char buf[512];
-  char buf2[129];
+  char buf2[513];
   char get[80];
   int status;
   int nparms;
@@ -622 +622 @@
 
               openvpn_snprintf (get, sizeof get, "%%*s NTLM %%%ds", (int) sizeof (buf2) - 1);
               nparms = sscanf (buf, get, buf2);
-              buf2[128] = 0; /* we only need the beginning - ensure it's null terminated. */
+              buf2[512] = 0; /* we only need the beginning - ensure it's null terminated. */
 
               /* check for "Proxy-Authenticate: NTLM TlRM..." */
               if (nparms == 1)