diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2004-09-30 00:49:41 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:52:51 -0500 |
| commit | e357bc3216b226dbd61d6a816e199a9450b706db (patch) | |
| tree | 6b80635c0bbb6c09aefbfe06d10a958ed3acd5d8 /source3/nsswitch/wbinfo.c | |
| parent | 823936d180765e6eac59ba906aaf08438c7b5f7e (diff) | |
| download | samba-e357bc3216b226dbd61d6a816e199a9450b706db.tar.gz samba-e357bc3216b226dbd61d6a816e199a9450b706db.tar.bz2 samba-e357bc3216b226dbd61d6a816e199a9450b706db.zip | |
r2755: Fix NTLMv2 for use with pam_winbind, the plaintext ntlm_auth modes,
and the wbinfo -a test tool.
If 'client ntlmv2 auth' is set, then we will send an NTLMv2, rather
than an NT/LM response to the server.
Andrew Bartlett
(This used to be commit ce2456e436c5d57cd95cd10c6edf759592d0e843)
Diffstat (limited to 'source3/nsswitch/wbinfo.c')
| -rw-r--r-- | source3/nsswitch/wbinfo.c | 53 |
1 files changed, 47 insertions, 6 deletions
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index b6a09bf2a1..2abd9c69a1 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -582,13 +582,54 @@ static BOOL wbinfo_auth_crap(char *username) generate_random_buffer(request.data.auth_crap.chal, 8); - SMBencrypt(pass, request.data.auth_crap.chal, - (uchar *)request.data.auth_crap.lm_resp); - SMBNTencrypt(pass, request.data.auth_crap.chal, - (uchar *)request.data.auth_crap.nt_resp); + if (lp_client_ntlmv2_auth()) { + DATA_BLOB server_chal; + DATA_BLOB names_blob; - request.data.auth_crap.lm_resp_len = 24; - request.data.auth_crap.nt_resp_len = 24; + DATA_BLOB lm_response; + DATA_BLOB nt_response; + + server_chal = data_blob(request.data.auth_crap.chal, 8); + + /* Pretend this is a login to 'us', for blob purposes */ + names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup()); + + if (!SMBNTLMv2encrypt(name_user, name_domain, pass, &server_chal, + &names_blob, + &lm_response, &nt_response, NULL)) { + data_blob_free(&names_blob); + data_blob_free(&server_chal); + return False; + } + data_blob_free(&names_blob); + data_blob_free(&server_chal); + + memcpy(request.data.auth_crap.nt_resp, nt_response.data, + MIN(nt_response.length, + sizeof(request.data.auth_crap.nt_resp))); + request.data.auth_crap.nt_resp_len = nt_response.length; + + memcpy(request.data.auth_crap.lm_resp, lm_response.data, + MIN(lm_response.length, + sizeof(request.data.auth_crap.lm_resp))); + request.data.auth_crap.lm_resp_len = lm_response.length; + + data_blob_free(&nt_response); + data_blob_free(&lm_response); + + } else { + if (lp_client_lanman_auth() + && SMBencrypt(pass, request.data.auth_crap.chal, + (uchar *)request.data.auth_crap.lm_resp)) { + request.data.auth_crap.lm_resp_len = 24; + } else { + request.data.auth_crap.lm_resp_len = 0; + } + SMBNTencrypt(pass, request.data.auth_crap.chal, + (uchar *)request.data.auth_crap.nt_resp); + + request.data.auth_crap.nt_resp_len = 24; + } result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response); |