diff options
author | Günther Deschner <gd@samba.org> | 2009-09-01 11:58:05 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2009-09-01 16:13:57 +0200 |
commit | 9264f4891484b0316e8e574e256ca0b0a5e9f007 (patch) | |
tree | 060924c0623a4d233b840ab20ed57a33cf8f5687 /nsswitch/libwbclient | |
parent | 1bc05ca3bb6499d25d54ba49f2abbc54edad37ed (diff) | |
download | samba-9264f4891484b0316e8e574e256ca0b0a5e9f007.tar.gz samba-9264f4891484b0316e8e574e256ca0b0a5e9f007.tar.bz2 samba-9264f4891484b0316e8e574e256ca0b0a5e9f007.zip |
wbclient: Fix Bug #6680: always activate handling of large (> 256 byte) ntlmv2
blobs in wbcAuthenticateUserEx().
Guenther
Diffstat (limited to 'nsswitch/libwbclient')
-rw-r--r-- | nsswitch/libwbclient/wbc_pam.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c index d3bf6168ed..33044b2df7 100644 --- a/nsswitch/libwbclient/wbc_pam.c +++ b/nsswitch/libwbclient/wbc_pam.c @@ -426,15 +426,24 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, request.data.auth_crap.lm_resp_len = MIN(params->password.response.lm_length, sizeof(request.data.auth_crap.lm_resp)); - request.data.auth_crap.nt_resp_len = - MIN(params->password.response.nt_length, - sizeof(request.data.auth_crap.nt_resp)); if (params->password.response.lm_data) { memcpy(request.data.auth_crap.lm_resp, params->password.response.lm_data, request.data.auth_crap.lm_resp_len); } - if (params->password.response.nt_data) { + request.data.auth_crap.nt_resp_len = params->password.response.nt_length; + if (params->password.response.nt_length > sizeof(request.data.auth_crap.nt_resp)) { + request.flags |= WBFLAG_BIG_NTLMV2_BLOB; + request.extra_len = params->password.response.nt_length; + request.extra_data.data = talloc_zero_array(NULL, char, request.extra_len); + if (request.extra_data.data == NULL) { + wbc_status = WBC_ERR_NO_MEMORY; + BAIL_ON_WBC_ERROR(wbc_status); + } + memcpy(request.extra_data.data, + params->password.response.nt_data, + request.data.auth_crap.nt_resp_len); + } else if (params->password.response.nt_data) { memcpy(request.data.auth_crap.nt_resp, params->password.response.nt_data, request.data.auth_crap.nt_resp_len); @@ -480,6 +489,8 @@ done: if (response.extra_data.data) free(response.extra_data.data); + talloc_free(request.extra_data.data); + return wbc_status; } |