summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-10-29 11:11:05 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:45:30 -0500
commit5e456b38ed0656d6364f06f31e06ebfb3ab34901 (patch)
tree74305f51fb2f7a8b1243d37e6fd449f39e5a1415
parent0ea06b97c295baa22e0f2cf9f6e06338d1ba7c2f (diff)
downloadsamba-5e456b38ed0656d6364f06f31e06ebfb3ab34901.tar.gz
samba-5e456b38ed0656d6364f06f31e06ebfb3ab34901.tar.bz2
samba-5e456b38ed0656d6364f06f31e06ebfb3ab34901.zip
r11393: Avoid error messages and get more correctness with long plaintext passwords.
Andrew Bartlett (This used to be commit cb0b3c00572958f5ac8413cc651f627ca1871295)
-rw-r--r--source4/auth/ntlm_check.c29
1 files changed, 15 insertions, 14 deletions
diff --git a/source4/auth/ntlm_check.c b/source4/auth/ntlm_check.c
index fc2a45efad..42748f0530 100644
--- a/source4/auth/ntlm_check.c
+++ b/source4/auth/ntlm_check.c
@@ -310,26 +310,27 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
&& (memcmp(challenge->data, zeros, challenge->length) == 0 )) {
struct samr_Password client_nt;
struct samr_Password client_lm;
- uint8_t dospwd[15];
- char *unix_pw;
+ char *unix_pw = NULL;
+ BOOL lm_ok;
DEBUG(4,("ntlm_password_check: checking plaintext passwords for user %s\n",
username));
mdfour(client_nt.hash, nt_response->data, nt_response->length);
- ZERO_STRUCT(dospwd);
-
- convert_string_talloc(mem_ctx, CH_DOS, CH_UNIX,
- lm_response->data, lm_response->length,
- (void **)&unix_pw);
-
- /* Only the fisrt 14 chars are considered, password need not be null terminated. */
- push_ascii(dospwd, unix_pw, sizeof(dospwd), STR_UPPER);
-
- /* we *might* need to upper-case the string here */
- E_P16((const uint8_t *)dospwd, client_lm.hash);
+ if (lm_response->length &&
+ (convert_string_talloc(mem_ctx, CH_DOS, CH_UNIX,
+ lm_response->data, lm_response->length,
+ (void **)&unix_pw) != -1)) {
+ if (E_deshash(unix_pw, client_lm.hash)) {
+ lm_ok = True;
+ } else {
+ lm_ok = False;
+ }
+ } else {
+ lm_ok = False;
+ }
return hash_password_check(mem_ctx,
- lm_response->length ? &client_lm : NULL,
+ lm_ok ? &client_lm : NULL,
nt_response->length ? &client_nt : NULL,
username,
stored_lanman, stored_nt);