summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2003-10-24 01:19:23 +0000
committerJeremy Allison <jra@samba.org>2003-10-24 01:19:23 +0000
commit7967eeb659574932cdaa770941afbcfd2e991a3e (patch)
treeedd1d4fe3ff8eb3cf111fd28bc420ad4cef9823a
parenta36be30e082d0208ca8b6215928069e9f3d4f7b0 (diff)
downloadsamba-7967eeb659574932cdaa770941afbcfd2e991a3e.tar.gz
samba-7967eeb659574932cdaa770941afbcfd2e991a3e.tar.bz2
samba-7967eeb659574932cdaa770941afbcfd2e991a3e.zip
Andrew Bartlett patch to cope with Exchange 5.5 cleartext pop password auth.
Jeremy. (This used to be commit 2d09d8c9d973f5f414d31f749db12328ff315de7)
-rw-r--r--source3/auth/auth_sam.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index ce97bd7df2..2a00b6fb80 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -172,6 +172,22 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
pdb_get_username(sampass)));
/* No return, we want to check the LM hash below in this case */
auth_flags &= (~(AUTH_FLAG_NTLMv2_RESP | AUTH_FLAG_NTLM_RESP));
+ } else {
+ /* Check for cleartext netlogon. Used by Exchange 5.5. */
+ unsigned char zeros[8];
+
+ memset(zeros,'\0',sizeof(zeros));
+ if (auth_context->challenge.length == sizeof(zeros) &&
+ (memcmp(auth_context->challenge.data, zeros, auth_context->challenge.length) == 0 ) &&
+ user_info->nt_resp.length) {
+ if ((nt_pw = pdb_get_nt_passwd(sampass)) != NULL) {
+ unsigned char pwhash[16];
+ mdfour(pwhash, user_info->nt_resp.data, user_info->nt_resp.length);
+ if (memcmp(pwhash, nt_pw, sizeof(pwhash)) == 0) {
+ return NT_STATUS_OK;
+ }
+ }
+ }
}
if (auth_flags & AUTH_FLAG_NTLMv2_RESP) {