summaryrefslogtreecommitdiff
path: root/source3/auth/auth_sam.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-02-16 22:10:48 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-02-16 22:10:48 +0000
commitb7868582413a346a71997b23587450588d59b9d0 (patch)
treeef04fab435f60ebc833c0f2bcddb1c843c062236 /source3/auth/auth_sam.c
parent12074e79796a0e861825b748edc59c7af454ff79 (diff)
downloadsamba-b7868582413a346a71997b23587450588d59b9d0.tar.gz
samba-b7868582413a346a71997b23587450588d59b9d0.tar.bz2
samba-b7868582413a346a71997b23587450588d59b9d0.zip
Add the 'session key' output of the NTLMSSP exchange to the cli struct, so
it can be used for 'net rpc join'. Also fix a bug in our server-side NTLMSSP code - a client without any domain trust links to us may calculate the NTLMv2 response with "" as the domain. Andrew Bartlett (This used to be commit ddaa42423bc952e59b95362f5f5aa7cca10d1ad4)
Diffstat (limited to 'source3/auth/auth_sam.c')
-rw-r--r--source3/auth/auth_sam.c24
1 files changed, 22 insertions, 2 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 06e27f1d48..48fabba0a2 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -184,7 +184,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
/* We have the NT MD4 hash challenge available - see if we can
use it (ie. does it exist in the smbpasswd file).
*/
- DEBUG(4,("sam_password_ok: Checking NTLMv2 password\n"));
+ DEBUG(4,("sam_password_ok: Checking NTLMv2 password with domain [%s]\n", user_info->client_domain.str));
if (smb_pwd_check_ntlmv2( user_info->nt_resp,
nt_pw, auth_context->challenge,
user_info->smb_name.str,
@@ -192,6 +192,16 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
user_sess_key))
{
return NT_STATUS_OK;
+ }
+
+ DEBUG(4,("sam_password_ok: Checking NTLMv2 password without a domain\n"));
+ if (smb_pwd_check_ntlmv2( user_info->nt_resp,
+ nt_pw, auth_context->challenge,
+ user_info->smb_name.str,
+ "",
+ user_sess_key))
+ {
+ return NT_STATUS_OK;
} else {
DEBUG(3,("sam_password_ok: NTLMv2 password check failed\n"));
return NT_STATUS_WRONG_PASSWORD;
@@ -250,7 +260,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
/* This is for 'LMv2' authentication. almost NTLMv2 but limited to 24 bytes.
- related to Win9X, legacy NAS pass-though authentication
*/
- DEBUG(4,("sam_password_ok: Checking LMv2 password\n"));
+ DEBUG(4,("sam_password_ok: Checking LMv2 password with domain %s\n", user_info->client_domain.str));
if (smb_pwd_check_ntlmv2( user_info->lm_resp,
nt_pw, auth_context->challenge,
user_info->smb_name.str,
@@ -260,6 +270,16 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
return NT_STATUS_OK;
}
+ DEBUG(4,("sam_password_ok: Checking LMv2 password without a domain\n"));
+ if (smb_pwd_check_ntlmv2( user_info->lm_resp,
+ nt_pw, auth_context->challenge,
+ user_info->smb_name.str,
+ "",
+ user_sess_key))
+ {
+ return NT_STATUS_OK;
+ }
+
/* Apparently NT accepts NT responses in the LM field
- I think this is related to Win9X pass-though authentication
*/