Ticket #259: fix_ntlm.patch

File fix_ntlm.patch, 3.1 KB (added by MaxMuster, 8 years ago)

All credits to forum user "stortoaranci"

  • src/openvpn/ntlm.c

     
    179179   * and the minimal set of flags (Negotiate NTLM and Negotiate OEM).
    180180   *
    181181   */
    182   buf_printf (&out, "%s", "TlRMTVNTUAABAAAAAgIAAA==");
     182  buf_printf (&out, "%s", "TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==");
    183183  return (BSTR (&out));
    184184}
    185185
     
    193193         */
    194194       
    195195  char pwbuf[sizeof (p->up.password) * 2]; /* for unicode password */
    196   char buf2[128]; /* decoded reply from proxy */
     196  char buf2[512]; /* decoded reply from proxy */
    197197  unsigned char phase3[464];
    198198
    199199  char md4_hash[MD4_DIGEST_LENGTH+5];
     
    211211        size_t len;
    212212
    213213        char domain[128];
     214        char domain_u[256];
    214215        char username[128];
     216        char username_u[256];
    215217        char *separator;
    216218
    217219        bool ntlmv2_enabled = (p->auth_method == HTTP_AUTH_NTLM2);
     
    258260
    259261        if (ntlmv2_enabled){ /* Generate NTLMv2 response */
    260262                int tib_len;
    261 
     263                msg (M_INFO, "NTLMv2 selected");
    262264                /* NTLMv2 hash */
    263265                my_strupr((unsigned char *)strcpy(userdomain, username));
    264266                if (strlen(username) + strlen(domain) < sizeof(userdomain))
     
    328330                add_security_buffer(0x14, ntlm_response, 24, phase3, &phase3_bufpos);
    329331        }
    330332       
    331         /* username in ascii */
    332         add_security_buffer(0x24, username, strlen (username), phase3, &phase3_bufpos);
    333 
    334         /* Set domain. If <domain> is empty, default domain will be used (i.e. proxy's domain) */
    335         add_security_buffer(0x1c, domain, strlen (domain), phase3, &phase3_bufpos);
    336        
     333        /* check for unicode */
     334        if (( *((long *)&buf2[0x14]) & 2) == 2){
     335                phase3[0x3c] = 0x02; /* negotiate oem */
     336                /* Set domain. If <domain> is empty, default domain will be used (i.e. proxy's domain) */
     337                add_security_buffer(0x1c, domain, strlen (domain), phase3, &phase3_bufpos);
     338                /* username in ascii */
     339                add_security_buffer(0x24, username, (strlen (username)), phase3, &phase3_bufpos);
     340        } else {
     341                phase3[0x3c] = 0x01; /* negotiate unicode */
     342                unicodize (domain_u, domain);
     343                add_security_buffer(0x1c, domain_u, strlen (domain) * 2, phase3, &phase3_bufpos);
     344               
     345                unicodize (username_u, username);
     346                add_security_buffer(0x24, username_u, strlen (username) * 2, phase3, &phase3_bufpos);           
     347        }
    337348
    338349        /* other security buffers will be empty */
    339350        phase3[0x10] = phase3_bufpos; /* lm not used */
     
    341352        phase3[0x38] = phase3_bufpos; /* no session key */
    342353       
    343354        /* flags */
    344   phase3[0x3c] = 0x02; /* negotiate oem */
    345355  phase3[0x3d] = 0x02; /* negotiate ntlm */
    346356
    347357  return ((const char *)make_base64_string2 ((unsigned char *)phase3, phase3_bufpos, gc));
  • src/openvpn/proxy.c

     
    499499{
    500500  struct gc_arena gc = gc_new ();
    501501  char buf[512];
    502   char buf2[129];
     502  char buf2[513];
    503503  char get[80];
    504504  int status;
    505505  int nparms;
     
    622622
    623623              openvpn_snprintf (get, sizeof get, "%%*s NTLM %%%ds", (int) sizeof (buf2) - 1);
    624624              nparms = sscanf (buf, get, buf2);
    625               buf2[128] = 0; /* we only need the beginning - ensure it's null terminated. */
     625              buf2[512] = 0; /* we only need the beginning - ensure it's null terminated. */
    626626
    627627              /* check for "Proxy-Authenticate: NTLM TlRM..." */
    628628              if (nparms == 1)