wbclient: Fix Bug #6680: always activate handling of large (> 256 byte) ntlmv2

blobs in wbcAuthenticateUserEx().

Guenther

1 files changed, 15 insertions, 4 deletions

diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index d3bf6168ed..33044b2df7 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -426,15 +426,24 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
 		request.data.auth_crap.lm_resp_len =
 				MIN(params->password.response.lm_length,
 				    sizeof(request.data.auth_crap.lm_resp));
-		request.data.auth_crap.nt_resp_len =
-				MIN(params->password.response.nt_length,
-				    sizeof(request.data.auth_crap.nt_resp));
 		if (params->password.response.lm_data) {
 			memcpy(request.data.auth_crap.lm_resp,
 			       params->password.response.lm_data,
 			       request.data.auth_crap.lm_resp_len);
 		}
-		if (params->password.response.nt_data) {
+		request.data.auth_crap.nt_resp_len = params->password.response.nt_length;
+		if (params->password.response.nt_length > sizeof(request.data.auth_crap.nt_resp)) {
+			request.flags |= WBFLAG_BIG_NTLMV2_BLOB;
+			request.extra_len = params->password.response.nt_length;
+			request.extra_data.data = talloc_zero_array(NULL, char, request.extra_len);
+			if (request.extra_data.data == NULL) {
+				wbc_status = WBC_ERR_NO_MEMORY;
+				BAIL_ON_WBC_ERROR(wbc_status);
+			}
+			memcpy(request.extra_data.data,
+			       params->password.response.nt_data,
+			       request.data.auth_crap.nt_resp_len);
+		} else if (params->password.response.nt_data) {
 			memcpy(request.data.auth_crap.nt_resp,
 			       params->password.response.nt_data,
 			       request.data.auth_crap.nt_resp_len);
@@ -480,6 +489,8 @@ done:
 	if (response.extra_data.data)
 		free(response.extra_data.data);
 
+	talloc_free(request.extra_data.data);
+
 	return wbc_status;
 }