Based on the detective work of Jianliang Lu <j.lu@tiesse.com>, allow yet

another NTLMv2 combination.

We should allow the NTLMv2 response to be calculated with either the domain
as supplied, or the domain in UPPER case (as we always did in the past).

As a client, we always UPPER case it (as per the spec), but we also
make sure to UPPER case the domain, when we send it.  This should give
us maximum compatability.

Andrew Bartlett
(This used to be commit 1e91cd0cf87b29899641585f46b0dcecaefd848e)

1 files changed, 7 insertions, 3 deletions

diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index c5acedae51..270a659e57 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -127,7 +127,9 @@ void nt_lm_owf_gen(const char *pwd, uchar nt_p16[16], uchar p16[16])
 
 /* Does both the NTLMv2 owfs of a user's password */
 BOOL ntv2_owf_gen(const uchar owf[16],
-		  const char *user_in, const char *domain_in, uchar kr_buf[16])
+		  const char *user_in, const char *domain_in,
+		  BOOL upper_case_domain, /* Transform the domain into UPPER case */
+		  uchar kr_buf[16])
 {
 	smb_ucs2_t *user;
 	smb_ucs2_t *domain;
@@ -150,7 +152,9 @@ BOOL ntv2_owf_gen(const uchar owf[16],
 	}
 
 	strupper_w(user);
-	strupper_w(domain);
+
+	if (upper_case_domain)
+		strupper_w(domain);
 
 	SMB_ASSERT(user_byte_len >= 2);
 	SMB_ASSERT(domain_byte_len >= 2);
@@ -426,7 +430,7 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password
 	   the username and domain.
 	   This prevents username swapping during the auth exchange
 	*/
-	if (!ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash)) {
+	if (!ntv2_owf_gen(nt_hash, user, domain, True, ntlm_v2_hash)) {
 		return False;
 	}