summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-09-01 11:58:05 +0200
committerGünther Deschner <gd@samba.org>2009-09-01 16:13:57 +0200
commit9264f4891484b0316e8e574e256ca0b0a5e9f007 (patch)
tree060924c0623a4d233b840ab20ed57a33cf8f5687
parent1bc05ca3bb6499d25d54ba49f2abbc54edad37ed (diff)
downloadsamba-9264f4891484b0316e8e574e256ca0b0a5e9f007.tar.gz
samba-9264f4891484b0316e8e574e256ca0b0a5e9f007.tar.bz2
samba-9264f4891484b0316e8e574e256ca0b0a5e9f007.zip
wbclient: Fix Bug #6680: always activate handling of large (> 256 byte) ntlmv2
blobs in wbcAuthenticateUserEx(). Guenther
-rw-r--r--nsswitch/libwbclient/wbc_pam.c19
1 files changed, 15 insertions, 4 deletions
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index d3bf6168ed..33044b2df7 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -426,15 +426,24 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
request.data.auth_crap.lm_resp_len =
MIN(params->password.response.lm_length,
sizeof(request.data.auth_crap.lm_resp));
- request.data.auth_crap.nt_resp_len =
- MIN(params->password.response.nt_length,
- sizeof(request.data.auth_crap.nt_resp));
if (params->password.response.lm_data) {
memcpy(request.data.auth_crap.lm_resp,
params->password.response.lm_data,
request.data.auth_crap.lm_resp_len);
}
- if (params->password.response.nt_data) {
+ request.data.auth_crap.nt_resp_len = params->password.response.nt_length;
+ if (params->password.response.nt_length > sizeof(request.data.auth_crap.nt_resp)) {
+ request.flags |= WBFLAG_BIG_NTLMV2_BLOB;
+ request.extra_len = params->password.response.nt_length;
+ request.extra_data.data = talloc_zero_array(NULL, char, request.extra_len);
+ if (request.extra_data.data == NULL) {
+ wbc_status = WBC_ERR_NO_MEMORY;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ memcpy(request.extra_data.data,
+ params->password.response.nt_data,
+ request.data.auth_crap.nt_resp_len);
+ } else if (params->password.response.nt_data) {
memcpy(request.data.auth_crap.nt_resp,
params->password.response.nt_data,
request.data.auth_crap.nt_resp_len);
@@ -480,6 +489,8 @@ done:
if (response.extra_data.data)
free(response.extra_data.data);
+ talloc_free(request.extra_data.data);
+
return wbc_status;
}