HACK smbclient anonymous signing and encryption

author Stefan Metzmacher <metze@samba.org>

Fri, 30 Jun 2023 16:24:37 +0000 (18:24 +0200)

committer Stefan Metzmacher <metze@samba.org>

Mon, 11 Dec 2023 14:55:17 +0000 (15:55 +0100)
author Stefan Metzmacher <metze@samba.org>
Fri, 30 Jun 2023 16:24:37 +0000 (18:24 +0200)
committer Stefan Metzmacher <metze@samba.org>
Mon, 11 Dec 2023 14:55:17 +0000 (15:55 +0100)
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c

index af1642d325665590209b082f7b8f9b41272e849d..a3fb60e718733df13a6d4837e9746f3d38ee9764 100644 (file)
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -656,6 +656,9 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
                 return nt_status;
         }
  
+DBG_ERR("session_key.length[%zu]\n", session_key.length);
+dump_data(0, session_key.data, session_key.length);
+
         if (!(flags & CLI_CRED_LANMAN_AUTH)) {
                 /* LM Key is still possible, just silly, so we do not
                  * allow it. Fortunetly all LM crypto is off by
diff --git a/auth/ntlmssp/ntlmssp_sign.c b/auth/ntlmssp/ntlmssp_sign.c

index 11e5930a8de6ea5e436c1ec293fed6f62d6bc5db..3f7f17d1fdc35bd49a767994372d1013da47262e 100644 (file)
--- a/auth/ntlmssp/ntlmssp_sign.c
+++ b/auth/ntlmssp/ntlmssp_sign.c
@@ -627,6 +627,9 @@ NTSTATUS ntlmssp_sign_reset(struct ntlmssp_state *ntlmssp_state,
                 return NT_STATUS_INVALID_PARAMETER_MIX;
         }
  
+DBG_ERR("ntlmssp_state->session_key.length[%zu]\n", ntlmssp_state->session_key.length);
+dump_data(0, ntlmssp_state->session_key.data, ntlmssp_state->session_key.length);
+
         if (ntlmssp_state->force_wrap_seal &&
             (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN))
         {
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c

index 444963e2fe1b9063fe89a63f379a6473afad52a2..7db0600dd48b40368d09ae1283fa47db803d1cec 100644 (file)
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -6372,6 +6372,9 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
         DATA_BLOB preauth_hash = data_blob_null;
         size_t nonce_size = 0;
  
+DBG_ERR("_session_key.length[%zu]\n", _session_key.length);
+dump_data(0, _session_key.data, _session_key.length);
+
         if (conn == NULL) {
                 return NT_STATUS_INVALID_PARAMETER_MIX;
         }
@@ -6456,6 +6459,7 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
  
         check_signature = conn->mandatory_signing;
  
+       check_signature = false;
         hdr_flags = IVAL(recv_iov[0].iov_base, SMB2_HDR_FLAGS);
         if (hdr_flags & SMB2_HDR_FLAG_SIGNED) {
                 /*
@@ -6472,8 +6476,9 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
         }
  
         if (conn->protocol >= PROTOCOL_SMB3_11) {
-               check_signature = true;
+               //check_signature = true;
         }
+               //check_signature = false;
  
         if (check_signature) {
                 status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
@@ -6506,6 +6511,7 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
                 session->smb2->should_encrypt = false;
         }
  
+               session->smb2->should_sign = check_signature;
         /*
          * CCM and GCM algorithms must never have their
          * nonce wrap, or the security of the whole
@@ -6670,12 +6676,13 @@ NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
  
  NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session)
  {
+       session->smb2->should_sign = true;
         if (!session->smb2->should_sign) {
                 /*
                  * We need required signing on the session
                  * in order to prevent man in the middle attacks.
                  */
-               return NT_STATUS_INVALID_PARAMETER_MIX;
+//             return NT_STATUS_INVALID_PARAMETER_MIX;
         }
  
         if (session->smb2->should_encrypt) {
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c

index 3e602952e65680383501e2f6a9adfc78cbd01db6..d2d048026e74cb59c281a7cb2caeedc9e20911ff 100644 (file)
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1216,7 +1216,7 @@ static void cli_session_setup_gensec_ready(struct tevent_req *req)
                 }
         }
  
-       if (state->is_anonymous) {
+       if (0 && state->is_anonymous) {
                 /*
                  * Windows server does not set the
                  * SMB2_SESSION_FLAG_IS_NULL flag.
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c

index 5288a7efc64d77589e48efc67468ff203c46bc5b..bedac46b2ea413a59615e70a6894d2bbc90bebe1 100644 (file)
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -213,6 +213,8 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
         }
  
         status = cli_session_setup_creds(c, creds);
+       cli_ulogoff(c);
+       status = cli_session_setup_anon(c);
         if (!NT_STATUS_IS_OK(status)) {
                 /* If a password was not supplied then
                  * try again with a null username. */
author	Stefan Metzmacher <metze@samba.org>
	Fri, 30 Jun 2023 16:24:37 +0000 (18:24 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Mon, 11 Dec 2023 14:55:17 +0000 (15:55 +0100)
auth/ntlmssp/ntlmssp_client.c		patch \| blob \| history
auth/ntlmssp/ntlmssp_sign.c		patch \| blob \| history
libcli/smb/smbXcli_base.c		patch \| blob \| history
source3/libsmb/cliconnect.c		patch \| blob \| history
source3/libsmb/clidfs.c		patch \| blob \| history