diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2003-02-16 22:10:48 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2003-02-16 22:10:48 +0000 |
| commit | b7868582413a346a71997b23587450588d59b9d0 (patch) | |
| tree | ef04fab435f60ebc833c0f2bcddb1c843c062236 /source3/auth | |
| parent | 12074e79796a0e861825b748edc59c7af454ff79 (diff) | |
| download | samba-b7868582413a346a71997b23587450588d59b9d0.tar.gz samba-b7868582413a346a71997b23587450588d59b9d0.tar.bz2 samba-b7868582413a346a71997b23587450588d59b9d0.zip | |
Add the 'session key' output of the NTLMSSP exchange to the cli struct, so
it can be used for 'net rpc join'.
Also fix a bug in our server-side NTLMSSP code - a client without any domain
trust links to us may calculate the NTLMv2 response with "" as the domain.
Andrew Bartlett
(This used to be commit ddaa42423bc952e59b95362f5f5aa7cca10d1ad4)
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_ntlmssp.c | 2 | ||||
| -rw-r--r-- | source3/auth/auth_sam.c | 24 |
2 files changed, 23 insertions, 3 deletions
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 43542b2474..d32d248296 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -131,7 +131,7 @@ NTSTATUS auth_ntlmssp_end(AUTH_NTLMSSP_STATE **auth_ntlmssp_state) } NTSTATUS auth_ntlmssp_update(AUTH_NTLMSSP_STATE *auth_ntlmssp_state, - DATA_BLOB request, DATA_BLOB *reply) + const DATA_BLOB request, DATA_BLOB *reply) { return ntlmssp_server_update(auth_ntlmssp_state->ntlmssp_state, request, reply); } diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 06e27f1d48..48fabba0a2 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -184,7 +184,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, /* We have the NT MD4 hash challenge available - see if we can use it (ie. does it exist in the smbpasswd file). */ - DEBUG(4,("sam_password_ok: Checking NTLMv2 password\n")); + DEBUG(4,("sam_password_ok: Checking NTLMv2 password with domain [%s]\n", user_info->client_domain.str)); if (smb_pwd_check_ntlmv2( user_info->nt_resp, nt_pw, auth_context->challenge, user_info->smb_name.str, @@ -192,6 +192,16 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, user_sess_key)) { return NT_STATUS_OK; + } + + DEBUG(4,("sam_password_ok: Checking NTLMv2 password without a domain\n")); + if (smb_pwd_check_ntlmv2( user_info->nt_resp, + nt_pw, auth_context->challenge, + user_info->smb_name.str, + "", + user_sess_key)) + { + return NT_STATUS_OK; } else { DEBUG(3,("sam_password_ok: NTLMv2 password check failed\n")); return NT_STATUS_WRONG_PASSWORD; @@ -250,7 +260,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, /* This is for 'LMv2' authentication. almost NTLMv2 but limited to 24 bytes. - related to Win9X, legacy NAS pass-though authentication */ - DEBUG(4,("sam_password_ok: Checking LMv2 password\n")); + DEBUG(4,("sam_password_ok: Checking LMv2 password with domain %s\n", user_info->client_domain.str)); if (smb_pwd_check_ntlmv2( user_info->lm_resp, nt_pw, auth_context->challenge, user_info->smb_name.str, @@ -260,6 +270,16 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, return NT_STATUS_OK; } + DEBUG(4,("sam_password_ok: Checking LMv2 password without a domain\n")); + if (smb_pwd_check_ntlmv2( user_info->lm_resp, + nt_pw, auth_context->challenge, + user_info->smb_name.str, + "", + user_sess_key)) + { + return NT_STATUS_OK; + } + /* Apparently NT accepts NT responses in the LM field - I think this is related to Win9X pass-though authentication */ |