summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2011-01-14 05:14:22 -0700
committerVolker Lendecke <vlendec@samba.org>2011-01-17 16:30:11 +0100
commit9b94f3660531e7c5e4dc4345227f781910c54f79 (patch)
tree2017dfc380ae2fd4f7208563707c8e082c941600 /source3
parent3ecce7f2ee243eb1411e4aa8cb0648d118c1c364 (diff)
downloadsamba-9b94f3660531e7c5e4dc4345227f781910c54f79.tar.gz
samba-9b94f3660531e7c5e4dc4345227f781910c54f79.tar.bz2
samba-9b94f3660531e7c5e4dc4345227f781910c54f79.zip
s3: Make sure we call wbcAuthenticateUserEx correctly
There are cases where we fill in params.password.response.lm_data with non-NULL where params.password.response.lm_length is 0. wbcAuthenticateUserEx does not like that. I haven't been able to reproduce this with smbclient yet, I've seen it with a proprietary smb client implementation. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Jan 17 16:30:11 CET 2011 on sn-devel-104
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth_wbc.c19
-rw-r--r--source3/auth/auth_winbind.c18
2 files changed, 29 insertions, 8 deletions
diff --git a/source3/auth/auth_wbc.c b/source3/auth/auth_wbc.c
index 6beec73456..c2ff4902fc 100644
--- a/source3/auth/auth_wbc.c
+++ b/source3/auth/auth_wbc.c
@@ -59,6 +59,9 @@ static NTSTATUS check_wbc_security(const struct auth_context *auth_context,
if (!user_info || !auth_context || !server_info) {
return NT_STATUS_INVALID_PARAMETER;
}
+
+ ZERO_STRUCT(params);
+
/* Send off request */
DEBUG(10, ("Check auth for: [%s]", user_info->mapped.account_name));
@@ -91,10 +94,18 @@ static NTSTATUS check_wbc_security(const struct auth_context *auth_context,
auth_context->challenge.data,
sizeof(params.password.response.challenge));
- params.password.response.nt_length = user_info->password.response.nt.length;
- params.password.response.nt_data = user_info->password.response.nt.data;
- params.password.response.lm_length = user_info->password.response.lanman.length;
- params.password.response.lm_data = user_info->password.response.lanman.data;
+ if (user_info->password.response.nt.length != 0) {
+ params.password.response.nt_length =
+ user_info->password.response.nt.length;
+ params.password.response.nt_data =
+ user_info->password.response.nt.data;
+ }
+ if (user_info->password.response.lanman.length != 0) {
+ params.password.response.lm_length =
+ user_info->password.response.lanman.length;
+ params.password.response.lm_data =
+ user_info->password.response.lanman.data;
+ }
default:
DEBUG(0,("user_info constructed for user '%s' was invalid - password_state=%u invalid.\n",user_info->mapped.account_name, user_info->password_state));
return NT_STATUS_INTERNAL_ERROR;
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index 603ec9b410..9328b66fb5 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -39,6 +39,8 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
struct wbcAuthUserInfo *info = NULL;
struct wbcAuthErrorInfo *err = NULL;
+ ZERO_STRUCT(params);
+
if (!user_info) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -72,10 +74,18 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
auth_context->challenge.data,
sizeof(params.password.response.challenge));
- params.password.response.nt_length = user_info->password.response.nt.length;
- params.password.response.nt_data = user_info->password.response.nt.data;
- params.password.response.lm_length = user_info->password.response.lanman.length;
- params.password.response.lm_data = user_info->password.response.lanman.data;
+ if (user_info->password.response.nt.length != 0) {
+ params.password.response.nt_length =
+ user_info->password.response.nt.length;
+ params.password.response.nt_data =
+ user_info->password.response.nt.data;
+ }
+ if (user_info->password.response.lanman.length != 0) {
+ params.password.response.lm_length =
+ user_info->password.response.lanman.length;
+ params.password.response.lm_data =
+ user_info->password.response.lanman.data;
+ }
/* we are contacting the privileged pipe */
become_root();