Fix most of bug #169.

For a (very) long time, we have had a bug in Samba were an NTLMv2-only
PDC would fail, because it converted the password into NTLM format for
checking.

This patch performs the direct comparison required for interactive
logons to function in this situation.  It also removes the 'auth flags', which
simply where not ever used.

Natrually, this plays with the size of structures, so rebuild, rebuild
rebuild...

Andrew Bartlett
(This used to be commit 9598593bcf2d877b1d08cd6a7323ee0bc160d4ba)

1 files changed, 84 insertions, 83 deletions

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index f62cc2fb9e..9df5873983 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -124,9 +124,10 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
                                const char *client_domain, 
                                const char *domain,
                                const char *wksta_name, 
-                               DATA_BLOB lm_pwd, DATA_BLOB nt_pwd,
-                               DATA_BLOB plaintext, 
-                               uint32 auth_flags, BOOL encrypted)
+                               DATA_BLOB *lm_pwd, DATA_BLOB *nt_pwd,
+                               DATA_BLOB *lm_interactive_pwd, DATA_BLOB *nt_interactive_pwd,
+                               DATA_BLOB *plaintext, 
+                               BOOL encrypted)
 {
 
 	DEBUG(5,("attempting to make a user_info for %s (%s)\n", internal_username, smb_name));
@@ -183,12 +184,19 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
 
 	DEBUG(5,("making blobs for %s's user_info struct\n", internal_username));
 
-	(*user_info)->lm_resp = data_blob(lm_pwd.data, lm_pwd.length);
-	(*user_info)->nt_resp = data_blob(nt_pwd.data, nt_pwd.length);
-	(*user_info)->plaintext_password = data_blob(plaintext.data, plaintext.length);
+	if (lm_pwd)
+		(*user_info)->lm_resp = data_blob(lm_pwd->data, lm_pwd->length);
+	if (nt_pwd)
+		(*user_info)->nt_resp = data_blob(nt_pwd->data, nt_pwd->length);
+	if (lm_interactive_pwd)
+		(*user_info)->lm_interactive_pwd = data_blob(lm_interactive_pwd->data, lm_interactive_pwd->length);
+	if (nt_interactive_pwd)
+		(*user_info)->nt_interactive_pwd = data_blob(nt_interactive_pwd->data, nt_interactive_pwd->length);
+
+	if (plaintext)
+		(*user_info)->plaintext_password = data_blob(plaintext->data, plaintext->length);
 
 	(*user_info)->encrypted = encrypted;
-	(*user_info)->auth_flags = auth_flags;
 
 	DEBUG(10,("made an %sencrypted user_info for %s (%s)\n", encrypted ? "":"un" , internal_username, smb_name));
 
@@ -203,9 +211,10 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
 			    const char *smb_name, 
 			    const char *client_domain, 
 			    const char *wksta_name, 
-			    DATA_BLOB lm_pwd, DATA_BLOB nt_pwd,
-			    DATA_BLOB plaintext, 
-			    uint32 ntlmssp_flags, BOOL encrypted)
+ 			    DATA_BLOB *lm_pwd, DATA_BLOB *nt_pwd,
+ 			    DATA_BLOB *lm_interactive_pwd, DATA_BLOB *nt_interactive_pwd,
+			    DATA_BLOB *plaintext, 
+			    BOOL encrypted)
 {
 	const char *domain;
 	fstring internal_username;
@@ -233,8 +242,10 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
 	/* we know that it is a trusted domain (and we are allowing them) or it is our domain */
 	
 	return make_user_info(user_info, smb_name, internal_username, 
-		client_domain, domain, wksta_name, lm_pwd, nt_pwd,
-		plaintext, ntlmssp_flags, encrypted);
+			      client_domain, domain, wksta_name, 
+			      lm_pwd, nt_pwd,
+			      lm_interactive_pwd, nt_interactive_pwd,
+			      plaintext, encrypted);
 }
 
 /****************************************************************************
@@ -253,23 +264,14 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info,
 	NTSTATUS nt_status;
 	DATA_BLOB lm_blob = data_blob(lm_network_pwd, lm_pwd_len);
 	DATA_BLOB nt_blob = data_blob(nt_network_pwd, nt_pwd_len);
-	DATA_BLOB plaintext_blob = data_blob(NULL, 0);
-	uint32 auth_flags = AUTH_FLAG_NONE;
-
-	if (lm_pwd_len)
-		auth_flags |= AUTH_FLAG_LM_RESP;
-	if (nt_pwd_len == 24) {
-		auth_flags |= AUTH_FLAG_NTLM_RESP; 
-	} else if (nt_pwd_len != 0) {
-		auth_flags |= AUTH_FLAG_NTLMv2_RESP; 
-	}
 
 	nt_status = make_user_info_map(user_info,
-	                              smb_name, client_domain, 
-                                  wksta_name, 
-	                              lm_blob, nt_blob,
-	                              plaintext_blob, 
-	                              auth_flags, True);
+				       smb_name, client_domain, 
+				       wksta_name, 
+				       lm_pwd_len ? &lm_blob : NULL, 
+				       nt_pwd_len ? &nt_blob : NULL,
+				       NULL, NULL, NULL,
+				       True);
 	
 	ret = NT_STATUS_IS_OK(nt_status) ? True : False;
 		
@@ -297,7 +299,6 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
 	unsigned char local_lm_response[24];
 	unsigned char local_nt_response[24];
 	unsigned char key[16];
-	uint32 auth_flags = AUTH_FLAG_NONE;
 	
 	ZERO_STRUCT(key);
 	memcpy(key, dc_sess_key, 8);
@@ -316,8 +317,11 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
 	dump_data(100, nt_pwd, sizeof(nt_pwd));
 #endif
 	
-	SamOEMhash((uchar *)lm_pwd, key, sizeof(lm_pwd));
-	SamOEMhash((uchar *)nt_pwd, key, sizeof(nt_pwd));
+	if (lm_interactive_pwd)
+		SamOEMhash((uchar *)lm_pwd, key, sizeof(lm_pwd));
+	
+	if (nt_interactive_pwd)
+		SamOEMhash((uchar *)nt_pwd, key, sizeof(nt_pwd));
 	
 #ifdef DEBUG_PASSWORD
 	DEBUG(100,("decrypt of lm owf password:"));
@@ -327,37 +331,51 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
 	dump_data(100, nt_pwd, sizeof(nt_pwd));
 #endif
 	
-	SMBOWFencrypt((const unsigned char *)lm_pwd, chal, local_lm_response);
-	SMBOWFencrypt((const unsigned char *)nt_pwd, chal, local_nt_response);
+	if (lm_interactive_pwd)
+		SMBOWFencrypt((const unsigned char *)lm_pwd, chal, local_lm_response);
+
+	if (nt_interactive_pwd)
+		SMBOWFencrypt((const unsigned char *)nt_pwd, chal, local_nt_response);
 	
 	/* Password info paranoia */
-	ZERO_STRUCT(lm_pwd);
-	ZERO_STRUCT(nt_pwd);
 	ZERO_STRUCT(key);
 
 	{
 		BOOL ret;
 		NTSTATUS nt_status;
-		DATA_BLOB local_lm_blob = data_blob(local_lm_response, sizeof(local_lm_response));
-		DATA_BLOB local_nt_blob = data_blob(local_nt_response, sizeof(local_nt_response));
-		DATA_BLOB plaintext_blob = data_blob(NULL, 0);
+		DATA_BLOB local_lm_blob;
+		DATA_BLOB local_nt_blob;
 
-		if (lm_interactive_pwd)
-			auth_flags |= AUTH_FLAG_LM_RESP;
-		if (nt_interactive_pwd)
-			auth_flags |= AUTH_FLAG_NTLM_RESP; 
+		DATA_BLOB lm_interactive_blob;
+		DATA_BLOB nt_interactive_blob;
+		
+		if (lm_interactive_pwd) {
+			local_lm_blob = data_blob(local_lm_response, sizeof(local_lm_response));
+			lm_interactive_blob = data_blob(lm_pwd, sizeof(lm_pwd));
+			ZERO_STRUCT(lm_pwd);
+		}
+		
+		if (nt_interactive_pwd) {
+			local_nt_blob = data_blob(local_nt_response, sizeof(local_nt_response));
+			nt_interactive_blob = data_blob(nt_pwd, sizeof(nt_pwd));
+			ZERO_STRUCT(nt_pwd);
+		}
 
 		nt_status = make_user_info_map(user_info, 
 		                               smb_name, client_domain, 
 		                               wksta_name, 
-		                               local_lm_blob,
-		                               local_nt_blob,
-		                               plaintext_blob, 
-		                               auth_flags, True);
-		
+		                               lm_interactive_pwd ? &local_lm_blob : NULL,
+		                               nt_interactive_pwd ? &local_nt_blob : NULL,
+		                               lm_interactive_pwd ? &lm_interactive_blob : NULL,
+		                               nt_interactive_pwd ? &nt_interactive_blob : NULL,
+		                               NULL,
+		                               True);
+
 		ret = NT_STATUS_IS_OK(nt_status) ? True : False;
 		data_blob_free(&local_lm_blob);
 		data_blob_free(&local_nt_blob);
+		data_blob_free(&lm_interactive_blob);
+		data_blob_free(&nt_interactive_blob);
 		return ret;
 	}
 }
@@ -377,7 +395,6 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info,
 	DATA_BLOB local_lm_blob;
 	DATA_BLOB local_nt_blob;
 	NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-	uint32 auth_flags = AUTH_FLAG_NONE;
 			
 	/*
 	 * Not encrypted - do so.
@@ -400,7 +417,6 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info,
 		   case insensitive */
 		local_nt_blob = data_blob(NULL, 0); 
 		
-		auth_flags = (AUTH_FLAG_PLAINTEXT | AUTH_FLAG_LM_RESP);
 	} else {
 		local_lm_blob = data_blob(NULL, 0); 
 		local_nt_blob = data_blob(NULL, 0); 
@@ -409,10 +425,11 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info,
 	ret = make_user_info_map(user_info, smb_name,
 	                         client_domain, 
 	                         get_remote_machine_name(),
-	                         local_lm_blob,
-	                         local_nt_blob,
-	                         plaintext_password, 
-	                         auth_flags, False);
+	                         local_lm_blob.data ? &local_lm_blob : NULL,
+	                         local_nt_blob.data ? &local_nt_blob : NULL,
+				 NULL, NULL,
+	                         plaintext_password.data ? &plaintext_password : NULL, 
+	                         False);
 	
 	data_blob_free(&local_lm_blob);
 	return NT_STATUS_IS_OK(ret) ? True : False;
@@ -427,27 +444,13 @@ NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info,
                                       const char *client_domain, 
                                       DATA_BLOB lm_resp, DATA_BLOB nt_resp)
 {
-	uint32 auth_flags = AUTH_FLAG_NONE;
-
-	DATA_BLOB no_plaintext_blob = data_blob(NULL, 0); 
-	
-	if (lm_resp.length == 24) {
-		auth_flags |= AUTH_FLAG_LM_RESP;
-	}
-	if (nt_resp.length == 0) {
-	} else if (nt_resp.length == 24) {
-		auth_flags |= AUTH_FLAG_NTLM_RESP;
-	} else {
-		auth_flags |= AUTH_FLAG_NTLMv2_RESP;
-	}
-
 	return make_user_info_map(user_info, smb_name, 
-				 client_domain, 
-				 get_remote_machine_name(), 
-				 lm_resp, 
-				 nt_resp, 
-				 no_plaintext_blob, 
-				 auth_flags, True);
+				  client_domain, 
+				  get_remote_machine_name(), 
+				  lm_resp.data ? &lm_resp : NULL, 
+				  nt_resp.data ? &nt_resp : NULL, 
+				  NULL, NULL, NULL,
+				  True);
 }
 
 /****************************************************************************
@@ -456,19 +459,16 @@ NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info,
 
 BOOL make_user_info_guest(auth_usersupplied_info **user_info) 
 {
-	DATA_BLOB lm_blob = data_blob(NULL, 0);
-	DATA_BLOB nt_blob = data_blob(NULL, 0);
-	DATA_BLOB plaintext_blob = data_blob(NULL, 0);
-	uint32 auth_flags = AUTH_FLAG_NONE;
 	NTSTATUS nt_status;
 
 	nt_status = make_user_info(user_info, 
-			      "","", 
-			      "","", 
-			      "", 
-			      nt_blob, lm_blob,
-			      plaintext_blob, 
-			      auth_flags, True);
+				   "","", 
+				   "","", 
+				   "", 
+				   NULL, NULL, 
+				   NULL, NULL, 
+				   NULL,
+				   True);
 			      
 	return NT_STATUS_IS_OK(nt_status) ? True : False;
 }
@@ -1307,7 +1307,8 @@ void free_user_info(auth_usersupplied_info **user_info)
 		SAFE_FREE((*user_info)->wksta_name.str);
 		data_blob_free(&(*user_info)->lm_resp);
 		data_blob_free(&(*user_info)->nt_resp);
-		SAFE_FREE((*user_info)->interactive_password);
+		data_blob_clear_free(&(*user_info)->lm_interactive_pwd);
+		data_blob_clear_free(&(*user_info)->nt_interactive_pwd);
 		data_blob_clear_free(&(*user_info)->plaintext_password);
 		ZERO_STRUCT(**user_info);
 	}