diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-01-13 12:48:37 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-01-13 12:48:37 +0000 |
commit | e3293c7181525a069d2006c29792a1a805d93ee0 (patch) | |
tree | 4add29cef59abf76f430a012fb37fff9afc7a064 /source3/auth/auth.c | |
parent | 20ecae9a5888c168ad05cb26d1177061f3f9378f (diff) | |
download | samba-e3293c7181525a069d2006c29792a1a805d93ee0.tar.gz samba-e3293c7181525a069d2006c29792a1a805d93ee0.tar.bz2 samba-e3293c7181525a069d2006c29792a1a805d93ee0.zip |
Updates to our NTLMSSP code:
This tries to extract our server-side code out of sessetup.c, and into a more
general lib. I hope this is only a temporay resting place - I indend to
refactor it again into an auth-subsystem independent lib, using callbacks.
Move some of our our NTLMSSP #defines into a new file, and add two that I found
in the COMsource docs - we seem to have a double-up, but I've verified from
traces that the NTLMSSP_TARGET_TYPE_{DOMAIN,SERVER} is real.
This code also copes with ASCII clients - not that we will ever see any here,
but I hope to use this for HTTP, were we can get them. Win2k authenticates
fine under forced ASCII, btw.
Tested with Win2k, NTLMv2 and Samba's smbclient.
Andrew Bartlett
(This used to be commit b6641badcbb2fb3bfec9d00a6466318203ea33e1)
Diffstat (limited to 'source3/auth/auth.c')
-rw-r--r-- | source3/auth/auth.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 3c4448445a..5d56603b9f 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -57,7 +57,8 @@ static const uint8 *get_ntlm_challenge(struct auth_context *auth_context) TALLOC_CTX *mem_ctx; if (auth_context->challenge.length) { - DEBUG(5, ("get_ntlm_challenge (auth subsystem): returning previous challenge (normal)\n")); + DEBUG(5, ("get_ntlm_challenge (auth subsystem): returning previous challenge by module %s (normal)\n", + auth_context->challenge_set_by)); return auth_context->challenge.data; } @@ -190,6 +191,12 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, DEBUG(3, ("check_ntlm_password: mapped user is: [%s]\\[%s]@[%s]\n", user_info->domain.str, user_info->internal_username.str, user_info->wksta_name.str)); + + if (auth_context->challenge.length != 8) { + DEBUG(0, ("check_ntlm_password: Invalid challenge stored for this auth context - cannot continue\n")); + return NT_STATUS_LOGON_FAILURE; + } + if (auth_context->challenge_set_by) DEBUG(10, ("check_ntlm_password: auth_context challenge created by %s\n", auth_context->challenge_set_by)); @@ -441,6 +448,7 @@ NTSTATUS make_auth_context_fixed(struct auth_context **auth_context, uchar chal[ } (*auth_context)->challenge = data_blob(chal, 8); + (*auth_context)->challenge_set_by = "fixed"; return nt_status; } |