From 63a39b7a905af7ab7dae612ac2f3ac6fd08d88f2 Mon Sep 17 00:00:00 2001 From: dmiller Date: Tue, 16 Jun 2026 14:20:17 +0000 Subject: [PATCH] Remove unused ip param from smbauth functions. Fixes #268 --- nselib/http.lua | 4 ++-- nselib/mssql.lua | 2 +- nselib/sasl.lua | 2 +- nselib/smb.lua | 6 +++--- nselib/smbauth.lua | 17 +++++++---------- scripts/http-ntlm-info.nse | 2 +- scripts/imap-ntlm-info.nse | 2 +- scripts/nntp-ntlm-info.nse | 2 +- scripts/pop3-ntlm-info.nse | 2 +- scripts/smtp-ntlm-info.nse | 2 +- scripts/telnet-ntlm-info.nse | 2 +- 11 files changed, 20 insertions(+), 23 deletions(-) diff --git a/nselib/http.lua b/nselib/http.lua index 7c39d1b77..2a91307fe 100644 --- a/nselib/http.lua +++ b/nselib/http.lua @@ -1517,9 +1517,9 @@ function generic_request(host, port, method, path, options) local lanman, ntlm if is_extended then -- this essentially calls the new ntlmv2_session_response function in smbauth.lua and returns whatever it returns - lanman, ntlm = smbauth.get_password_response(nil, username, "", options.auth.password, nil, "ntlmv2_session", challenge, true) + lanman, ntlm = smbauth.get_password_response(username, "", options.auth.password, nil, "ntlmv2_session", challenge, true) else - lanman, ntlm = smbauth.get_password_response(nil, username, "", options.auth.password, nil, "ntlm", challenge, false) + lanman, ntlm = smbauth.get_password_response(username, "", options.auth.password, nil, "ntlm", challenge, false) type_3_flags = type_3_flags - 0x00080000 -- Removing the Extended Security Flag as server doesn't support it. end diff --git a/nselib/mssql.lua b/nselib/mssql.lua index 94a74dd7a..c4e102d2e 100644 --- a/nselib/mssql.lua +++ b/nselib/mssql.lua @@ -3424,7 +3424,7 @@ Auth = { end, NtlmResponse = function( password, nonce ) - local lm_response, ntlm_response, mac_key = smbauth.get_password_response(nil, + local lm_response, ntlm_response, mac_key = smbauth.get_password_response( nil, nil, password, diff --git a/nselib/sasl.lua b/nselib/sasl.lua index 910e1f3f0..b43f9805f 100644 --- a/nselib/sasl.lua +++ b/nselib/sasl.lua @@ -219,7 +219,7 @@ if HAVE_SSL then --- Calculates the response calcResponse = function(self) - local ntlm, lm = smbauth.get_password_response(nil, self.username, self.domain, self.password, nil, "v1", self.chall, self.is_extended) + local ntlm, lm = smbauth.get_password_response(self.username, self.domain, self.password, nil, "v1", self.chall, self.is_extended) local msg_type = 3 local response local BASE_OFFSET = 72 diff --git a/nselib/smb.lua b/nselib/smb.lua index fcf0b1d35..97e374dff 100644 --- a/nselib/smb.lua +++ b/nselib/smb.lua @@ -1176,7 +1176,7 @@ local function start_session_basic(smb, log_errors, overrides) while result ~= false do local lanman, ntlm - lanman, ntlm, smb['mac_key'] = smbauth.get_password_response(smb['ip'], username, domain, password, password_hash, hash_type, smb['server_challenge'], false) + lanman, ntlm, smb['mac_key'] = smbauth.get_password_response(username, domain, password, password_hash, hash_type, smb['server_challenge'], false) -- Parameters parameters = string.pack(" true -- * registry['smbaccounts'][username] => password --- * registry[ip]['smbaccounts'] => array of table containing 'username', 'password', and 'is_admin' +-- * host.registry['smbaccounts'] => array of table containing 'username', 'password', and 'is_admin' -- -- The final place, 'smbaccount', is reserved for the "best" account. This is -- an administrator account, if one's found; otherwise, it's the first account @@ -606,16 +606,14 @@ function ntlmv2_session_response(ntlm_password_hash, challenge) return status, lm_response, ntlm_response end + ---Generate the Lanman and NTLM password hashes. -- --- The password itself is taken from the function parameters, the script --- arguments, and the registry (in that order). If no password is set, then the --- password hash is used (which is read from all the usual places). If neither --- is set, then a blank password is used. +-- If no password is set, then the password hash is used. If neither is set, +-- then a blank password is used. -- -- The output passwords are hashed based on the hash type. -- ---@param ip The ip address of the host, used for registry lookups. --@param username The username, which is used for v2 passwords. --@param domain The username, which is used for v2 passwords. --@param password [optional] The overriding password. @@ -629,7 +627,7 @@ end --@return lm_response, to be send directly back to the server --@return ntlm_response, to be send directly back to the server --@return mac_key used for message signing. -function get_password_response(ip, username, domain, password, password_hash, hash_type, challenge, is_extended) +function get_password_response(username, domain, password, password_hash, hash_type, challenge, is_extended) local status local lm_hash = nil local ntlm_hash = nil @@ -745,7 +743,6 @@ end ---Generate an NTLMSSP security blob. --@param security_blob The server's security blob, or nil if this is the first -- message ---@param ip The ip address of the host, used for registry lookups. --@param username The username, which is used for v2 passwords. --@param domain The username, which is used for v2 passwords. --@param password [optional] The overriding password. @@ -753,7 +750,7 @@ end -- set if password is set. --@param hash_type The way in which to hash the password. --@param flags The NTLM flags as a number -function get_security_blob(security_blob, ip, username, domain, password, password_hash, hash_type, flags) +function get_security_blob(security_blob, username, domain, password, password_hash, hash_type, flags) local pos = 1 local new_blob local flags = flags or 0x00008215 -- (NEGOTIATE_SIGN_ALWAYS | NEGOTIATE_NTLM | NEGOTIATE_SIGN | REQUEST_TARGET | NEGOTIATE_UNICODE) @@ -772,7 +769,7 @@ function get_security_blob(security_blob, ip, username, domain, password, passwo else -- Parse the old security blob local identifier, message_type, domain_length, domain_max, domain_offset, server_flags, challenge, reserved = string.unpack("