diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2002-07-20 06:55:05 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2002-07-20 06:55:05 +0000 |
| commit | 129b3966c04f4f1be33d35ca720e5946fbe76051 (patch) | |
| tree | e055d275480eb2fadbadfb1aa4100850bc0bdb00 | |
| parent | 60815388180bef868eda9073ea11a3fe494a23a5 (diff) | |
| download | samba-129b3966c04f4f1be33d35ca720e5946fbe76051.tar.gz samba-129b3966c04f4f1be33d35ca720e5946fbe76051.tar.bz2 samba-129b3966c04f4f1be33d35ca720e5946fbe76051.zip | |
Add support for a weird behaviour apparently used by Win9X pass-through
authentication - we can have an NT hash in the LM hash feild.
(I need to double-check this fix with tpot, who discovered it).
Also remove silly casts back and forth between uchar and char.
Andrew Bartlett
(This used to be commit 07e2b36311f91d7a20865a2ccc94716772e53fd7)
| -rw-r--r-- | source3/auth/auth_sam.c | 19 | ||||
| -rw-r--r-- | source3/libsmb/smbencrypt.c | 4 |
2 files changed, 19 insertions, 4 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 76579150ce..155370546a 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -107,7 +107,7 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB ntv2_response, memcpy(client_response, ntv2_response.data, sizeof(client_response)); ntv2_owf_gen(part_passwd, user, domain, kr); - SMBOWFencrypt_ntv2(kr, sec_blob, client_key_data, (char *)value_from_encryption); + SMBOWFencrypt_ntv2(kr, sec_blob, client_key_data, value_from_encryption); if (user_sess_key != NULL) { SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key); @@ -232,11 +232,26 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, { return NT_STATUS_OK; } else { + if (lp_ntlm_auth()) { + /* Apparently NT accepts NT responses in the LM feild + - I think this is related to Win9X pass-though authenticaion + */ + DEBUG(4,("sam_password_ok: Checking NT MD4 password in LM feild\n")); + if (smb_pwd_check_ntlmv1(user_info->lm_resp, + nt_pw, auth_context->challenge, + user_sess_key)) + { + return NT_STATUS_OK; + } else { + DEBUG(3,("sam_password_ok: NT MD4 password in LM feild failed for user %s\n",pdb_get_username(sampass))); + return NT_STATUS_WRONG_PASSWORD; + } + } DEBUG(4,("sam_password_ok: LM password check failed for user %s\n",pdb_get_username(sampass))); return NT_STATUS_WRONG_PASSWORD; } } - + /* Should not be reached, but if they send nothing... */ DEBUG(3,("sam_password_ok: NEITHER LanMan nor NT password supplied for user %s\n",pdb_get_username(sampass))); return NT_STATUS_WRONG_PASSWORD; diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 95434d0ae4..d15a83a515 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -226,14 +226,14 @@ BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[ void SMBOWFencrypt_ntv2(const uchar kr[16], const DATA_BLOB srv_chal, const DATA_BLOB cli_chal, - char resp_buf[16]) + uchar resp_buf[16]) { HMACMD5Context ctx; hmac_md5_init_limK_to_64(kr, 16, &ctx); hmac_md5_update(srv_chal.data, srv_chal.length, &ctx); hmac_md5_update(cli_chal.data, cli_chal.length, &ctx); - hmac_md5_final((unsigned char *)resp_buf, &ctx); + hmac_md5_final(resp_buf, &ctx); #ifdef DEBUG_PASSWORD DEBUG(100, ("SMBOWFencrypt_ntv2: srv_chal, cli_chal, resp_buf\n")); |