diff options
author | Jeremy Allison <jra@samba.org> | 2012-08-23 15:46:16 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2012-08-24 10:57:01 -0700 |
commit | 43870fb2c83c0fc70fb84b48dffe8f93bacf43c9 (patch) | |
tree | bd0231bdd524cffd2e0bc864b74ca31aa07bbc73 | |
parent | ced27e1c5de491b4bac6c7817e72816ab075ef32 (diff) | |
download | samba-43870fb2c83c0fc70fb84b48dffe8f93bacf43c9.tar.gz samba-43870fb2c83c0fc70fb84b48dffe8f93bacf43c9.tar.bz2 samba-43870fb2c83c0fc70fb84b48dffe8f93bacf43c9.zip |
Move uppercasing the domain out of smb_pwd_check_ntlmv2()
Allows us to remove a silly bool parameter.
Based on work done by "Blohm, Guntram (I/FP-37, extern)" <extern.guntram.blohm@audi.de>.
-rw-r--r-- | libcli/auth/ntlm_check.c | 30 |
1 files changed, 21 insertions, 9 deletions
diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c index 9520d32a1e..678f0f07e1 100644 --- a/libcli/auth/ntlm_check.c +++ b/libcli/auth/ntlm_check.c @@ -297,6 +297,14 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, { const static uint8_t zeros[8]; DATA_BLOB tmp_sess_key; + const char *upper_client_domain = NULL; + + if (client_domain != NULL) { + upper_client_domain = talloc_strdup_upper(mem_ctx, client_domain); + if (upper_client_domain == NULL) { + return NT_STATUS_NO_MEMORY; + } + } if (stored_nt == NULL) { DEBUG(3,("ntlm_password_check: NO NT password stored for user %s.\n", @@ -349,7 +357,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, /* We have the NT MD4 hash challenge available - see if we can use it */ - DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n", client_domain)); + DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n", + client_domain ? client_domain : "<NULL>")); if (smb_pwd_check_ntlmv2(mem_ctx, nt_response, stored_nt->hash, challenge, @@ -363,13 +372,14 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } - DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", client_domain)); + DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", + upper_client_domain ? upper_client_domain : "<NULL>")); if (smb_pwd_check_ntlmv2(mem_ctx, nt_response, stored_nt->hash, challenge, client_username, - client_domain, - true, + upper_client_domain, + false, user_sess_key)) { if (user_sess_key->length) { *lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length)); @@ -471,7 +481,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, /* This is for 'LMv2' authentication. almost NTLMv2 but limited to 24 bytes. - related to Win9X, legacy NAS pass-though authentication */ - DEBUG(4,("ntlm_password_check: Checking LMv2 password with domain %s\n", client_domain)); + DEBUG(4,("ntlm_password_check: Checking LMv2 password with domain %s\n", + client_domain ? client_domain : "<NULL>")); if (smb_pwd_check_ntlmv2(mem_ctx, lm_response, stored_nt->hash, challenge, @@ -501,13 +512,14 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } - DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n", client_domain)); + DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n", + upper_client_domain ? upper_client_domain : "<NULL>")); if (smb_pwd_check_ntlmv2(mem_ctx, lm_response, stored_nt->hash, challenge, client_username, - client_domain, - true, + upper_client_domain, + false, &tmp_sess_key)) { if (nt_response->length > 24) { /* If NTLMv2 authentication has preceeded us @@ -518,7 +530,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, nt_response, stored_nt->hash, challenge, client_username, - client_domain, + upper_client_domain, true, user_sess_key); } else { |