ntlmssp: match domain when parsing NTLM_USER_FILE for passwords

If we know the domain, match both domain and username when scanning NTLM_USER_FILE for the password to use. Signed-off-by: Ronnie Sahlberg <[email protected]>
sahlberg · Dec 28, 2024 · ee47fcc · ee47fcc
1 parent 95ef62f
commit ee47fcc
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/lib/init.c b/lib/init.c
@@ -594,7 +594,10 @@ void smb2_set_password_from_file(struct smb2_context *smb2)
                         continue;
                 }
                 *user++ = 0;
-                password = strchr(user, ':');
+                if (domain[0] && smb2->domain && strcmp(smb2->domain, domain)) {
+                        continue;
+                }
+                password = strchr(user, ':');                
                 if (password == NULL) {
                         continue;
                 }
@@ -604,6 +607,9 @@ void smb2_set_password_from_file(struct smb2_context *smb2)
                         continue;
                 }
                 smb2_set_password(smb2, password);
+                if (smb2->domain) {
+                        break;
+                }
         }
         fclose(fh);
 }

diff --git a/lib/ntlmssp.c b/lib/ntlmssp.c
@@ -1083,6 +1083,8 @@ ntlmssp_generate_blob(struct smb2_server *server, struct smb2_context *smb2, tim
                                         if (auth_data->domain == NULL) {
                                                 return -1;
                                         }
+                                        /* Update the password now that we know the domain */
+                                        smb2_set_password_from_file(smb2);
                                 }
                                 if (encode_ntlm_auth(smb2, t, auth_data,
                                                      (char *)&auth_data->ntlm_buf[24]) < 0) {