diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2002-07-20 06:55:05 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2002-07-20 06:55:05 +0000 |
| commit | 129b3966c04f4f1be33d35ca720e5946fbe76051 (patch) | |
| tree | e055d275480eb2fadbadfb1aa4100850bc0bdb00 /source3 | |
| parent | 60815388180bef868eda9073ea11a3fe494a23a5 (diff) | |
| download | samba-129b3966c04f4f1be33d35ca720e5946fbe76051.tar.gz samba-129b3966c04f4f1be33d35ca720e5946fbe76051.tar.bz2 samba-129b3966c04f4f1be33d35ca720e5946fbe76051.zip | |
Add support for a weird behaviour apparently used by Win9X pass-through
authentication - we can have an NT hash in the LM hash feild.
(I need to double-check this fix with tpot, who discovered it).
Also remove silly casts back and forth between uchar and char.
Andrew Bartlett
(This used to be commit 07e2b36311f91d7a20865a2ccc94716772e53fd7)
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/auth/auth_sam.c | 19 | ||||
| -rw-r--r-- | source3/libsmb/smbencrypt.c | 4 |
2 files changed, 19 insertions, 4 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 76579150ce..155370546a 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -107,7 +107,7 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB ntv2_response, memcpy(client_response, ntv2_response.data, sizeof(client_response)); ntv2_owf_gen(part_passwd, user, domain, kr); - SMBOWFencrypt_ntv2(kr, sec_blob, client_key_data, (char *)value_from_encryption); + SMBOWFencrypt_ntv2(kr, sec_blob, client_key_data, value_from_encryption); if (user_sess_key != NULL) { SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key); @@ -232,11 +232,26 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, { return NT_STATUS_OK; } else { + if (lp_ntlm_auth()) { + /* Apparently NT accepts NT responses in the LM feild + - I think this is related to Win9X pass-though authenticaion + */ + DEBUG(4,("sam_password_ok: Checking NT MD4 password in LM feild\n")); + if (smb_pwd_check_ntlmv1(user_info->lm_resp, + nt_pw, auth_context->challenge, + user_sess_key)) + { + return NT_STATUS_OK; + } else { + DEBUG(3,("sam_password_ok: NT MD4 password in LM feild failed for user %s\n",pdb_get_username(sampass))); + return NT_STATUS_WRONG_PASSWORD; + } + } DEBUG(4,("sam_password_ok: LM password check failed for user %s\n",pdb_get_username(sampass))); return NT_STATUS_WRONG_PASSWORD; } } - + /* Should not be reached, but if they send nothing... */ DEBUG(3,("sam_password_ok: NEITHER LanMan nor NT password supplied for user %s\n",pdb_get_username(sampass))); return NT_STATUS_WRONG_PASSWORD; diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 95434d0ae4..d15a83a515 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -226,14 +226,14 @@ BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[ void SMBOWFencrypt_ntv2(const uchar kr[16], const DATA_BLOB srv_chal, const DATA_BLOB cli_chal, - char resp_buf[16]) + uchar resp_buf[16]) { HMACMD5Context ctx; hmac_md5_init_limK_to_64(kr, 16, &ctx); hmac_md5_update(srv_chal.data, srv_chal.length, &ctx); hmac_md5_update(cli_chal.data, cli_chal.length, &ctx); - hmac_md5_final((unsigned char *)resp_buf, &ctx); + hmac_md5_final(resp_buf, &ctx); #ifdef DEBUG_PASSWORD DEBUG(100, ("SMBOWFencrypt_ntv2: srv_chal, cli_chal, resp_buf\n")); |