summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-01-11 05:29:09 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-01-11 05:29:09 +0000
commit5047a66d39fdd56a5895037de8c519a828a03b19 (patch)
tree5e60c94008f3d1254447aad9e97fbef30906e49b /source3
parent348f1784289ac1e15cc8cd6e543734f414b88f66 (diff)
downloadsamba-5047a66d39fdd56a5895037de8c519a828a03b19.tar.gz
samba-5047a66d39fdd56a5895037de8c519a828a03b19.tar.bz2
samba-5047a66d39fdd56a5895037de8c519a828a03b19.zip
Back out the crazy notion that the NTLMSSP flags actually mean anything...
Replace this with some flags that *we* define. We can do a mapping later if we actually get some more reliable info about what passwords are actually valid. Andrew Bartlett (This used to be commit 7f7a42c3e4d5798ac87ea16a42e4976c3778a76b)
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth_sam.c14
-rw-r--r--source3/auth/auth_util.c42
-rw-r--r--source3/include/auth.h8
-rw-r--r--source3/smbd/sesssetup.c13
4 files changed, 47 insertions, 30 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index f1bcae461e..107e33c600 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -140,7 +140,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
{
uint16 acct_ctrl;
const uint8 *nt_pw, *lm_pw;
- uint32 ntlmssp_flags;
+ uint32 auth_flags;
acct_ctrl = pdb_get_acct_ctrl(sampass);
if (acct_ctrl & ACB_PWNOTREQ)
@@ -160,16 +160,16 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
nt_pw = pdb_get_nt_passwd(sampass);
lm_pw = pdb_get_lanman_passwd(sampass);
- ntlmssp_flags = user_info->ntlmssp_flags;
+ auth_flags = user_info->auth_flags;
if (nt_pw == NULL) {
DEBUG(3,("sam_password_ok: NO NT password stored for user %s.\n",
pdb_get_username(sampass)));
/* No return, we want to check the LM hash below in this case */
- ntlmssp_flags &= (~(NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_NTLM2));
+ auth_flags &= (~(AUTH_FLAG_NTLMv2_RESP | AUTH_FLAG_NTLM_RESP));
}
- if (ntlmssp_flags & NTLMSSP_NEGOTIATE_NTLM2) {
+ if (auth_flags & AUTH_FLAG_NTLMv2_RESP) {
/* We have the NT MD4 hash challenge available - see if we can
use it (ie. does it exist in the smbpasswd file).
*/
@@ -185,7 +185,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
DEBUG(3,("sam_password_ok: NTLMv2 password check failed\n"));
return NT_STATUS_WRONG_PASSWORD;
}
- } else if (ntlmssp_flags & NTLMSSP_NEGOTIATE_NTLM) {
+ } else if (auth_flags & AUTH_FLAG_NTLM_RESP) {
if (lp_ntlm_auth()) {
/* We have the NT MD4 hash challenge available - see if we can
use it (ie. does it exist in the smbpasswd file).
@@ -208,10 +208,10 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
if (lm_pw == NULL) {
DEBUG(3,("sam_password_ok: NO LanMan password set for user %s (and no NT password supplied)\n",pdb_get_username(sampass)));
- ntlmssp_flags &= (~NTLMSSP_NEGOTIATE_OEM);
+ auth_flags &= (~AUTH_FLAG_LM_RESP);
}
- if (ntlmssp_flags & NTLMSSP_NEGOTIATE_OEM) {
+ if (auth_flags & AUTH_FLAG_LM_RESP) {
if (user_info->lm_resp.length != 24) {
DEBUG(2,("sam_password_ok: invalid LanMan password length (%d) for user %s\n",
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index a479f52ab2..a747cf8a35 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -111,7 +111,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
const char *wksta_name,
DATA_BLOB lm_pwd, DATA_BLOB nt_pwd,
DATA_BLOB plaintext,
- uint32 ntlmssp_flags, BOOL encrypted)
+ uint32 auth_flags, BOOL encrypted)
{
DEBUG(5,("attempting to make a user_info for %s (%s)\n", internal_username, smb_name));
@@ -173,7 +173,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
(*user_info)->plaintext_password = data_blob(plaintext.data, plaintext.length);
(*user_info)->encrypted = encrypted;
- (*user_info)->ntlmssp_flags = ntlmssp_flags;
+ (*user_info)->auth_flags = auth_flags;
DEBUG(10,("made an %sencrypted user_info for %s (%s)\n", encrypted ? "":"un" , internal_username, smb_name));
@@ -248,14 +248,14 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info,
DATA_BLOB lm_blob = data_blob(lm_network_pwd, lm_pwd_len);
DATA_BLOB nt_blob = data_blob(nt_network_pwd, nt_pwd_len);
DATA_BLOB plaintext_blob = data_blob(NULL, 0);
- uint32 ntlmssp_flags = 0;
+ uint32 auth_flags = AUTH_FLAG_NONE;
if (lm_pwd_len)
- ntlmssp_flags |= NTLMSSP_NEGOTIATE_OEM;
+ auth_flags |= AUTH_FLAG_LM_RESP;
if (nt_pwd_len == 24) {
- ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM;
+ auth_flags |= AUTH_FLAG_NTLM_RESP;
} else if (nt_pwd_len != 0) {
- ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM2;
+ auth_flags |= AUTH_FLAG_NTLMv2_RESP;
}
ret = make_user_info_map(user_info,
@@ -263,7 +263,7 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info,
wksta_name,
lm_blob, nt_blob,
plaintext_blob,
- ntlmssp_flags, True);
+ auth_flags, True);
data_blob_free(&lm_blob);
data_blob_free(&nt_blob);
@@ -289,7 +289,7 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
unsigned char local_lm_response[24];
unsigned char local_nt_response[24];
unsigned char key[16];
- uint32 ntlmssp_flags = 0;
+ uint32 auth_flags = AUTH_FLAG_NONE;
ZERO_STRUCT(key);
memcpy(key, dc_sess_key, 8);
@@ -334,9 +334,9 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
DATA_BLOB plaintext_blob = data_blob(NULL, 0);
if (lm_interactive_pwd)
- ntlmssp_flags |= NTLMSSP_NEGOTIATE_OEM;
+ auth_flags |= AUTH_FLAG_LM_RESP;
if (nt_interactive_pwd)
- ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM;
+ auth_flags |= AUTH_FLAG_NTLM_RESP;
ret = make_user_info_map(user_info,
smb_name, client_domain,
@@ -344,7 +344,7 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
local_lm_blob,
local_nt_blob,
plaintext_blob,
- ntlmssp_flags, True);
+ auth_flags, True);
data_blob_free(&local_lm_blob);
data_blob_free(&local_nt_blob);
@@ -367,7 +367,7 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info,
DATA_BLOB local_lm_blob;
DATA_BLOB local_nt_blob;
BOOL ret = False;
- uint32 ntlmssp_flags = 0;
+ uint32 auth_flags = AUTH_FLAG_NONE;
/*
* Not encrypted - do so.
@@ -390,7 +390,7 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info,
case insensitive */
local_nt_blob = data_blob(NULL, 0);
- ntlmssp_flags = NTLMSSP_NEGOTIATE_OEM;
+ auth_flags = (AUTH_FLAG_PLAINTEXT | AUTH_FLAG_LM_RESP);
} else {
local_lm_blob = data_blob(NULL, 0);
local_nt_blob = data_blob(NULL, 0);
@@ -402,7 +402,7 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info,
local_lm_blob,
local_nt_blob,
plaintext_password,
- ntlmssp_flags, False);
+ auth_flags, False);
data_blob_free(&local_lm_blob);
return ret;
@@ -417,18 +417,18 @@ BOOL make_user_info_for_reply_enc(auth_usersupplied_info **user_info,
char *client_domain,
DATA_BLOB lm_resp, DATA_BLOB nt_resp)
{
- uint32 ntlmssp_flags = 0;
+ uint32 auth_flags = AUTH_FLAG_NONE;
DATA_BLOB no_plaintext_blob = data_blob(NULL, 0);
if (lm_resp.length == 24) {
- ntlmssp_flags |= NTLMSSP_NEGOTIATE_OEM;
+ auth_flags |= AUTH_FLAG_LM_RESP;
}
if (nt_resp.length == 0) {
} else if (nt_resp.length == 24) {
- ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM;
+ auth_flags |= AUTH_FLAG_NTLM_RESP;
} else {
- ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM2;
+ auth_flags |= AUTH_FLAG_NTLMv2_RESP;
}
return make_user_info_map(user_info, smb_name,
@@ -437,7 +437,7 @@ BOOL make_user_info_for_reply_enc(auth_usersupplied_info **user_info,
lm_resp,
nt_resp,
no_plaintext_blob,
- ntlmssp_flags, True);
+ auth_flags, True);
}
/****************************************************************************
@@ -449,7 +449,7 @@ BOOL make_user_info_guest(auth_usersupplied_info **user_info)
DATA_BLOB lm_blob = data_blob(NULL, 0);
DATA_BLOB nt_blob = data_blob(NULL, 0);
DATA_BLOB plaintext_blob = data_blob(NULL, 0);
- uint32 ntlmssp_flags = 0;
+ uint32 auth_flags = AUTH_FLAG_NONE;
return make_user_info(user_info,
"","",
@@ -457,7 +457,7 @@ BOOL make_user_info_guest(auth_usersupplied_info **user_info)
"",
nt_blob, lm_blob,
plaintext_blob,
- ntlmssp_flags, True);
+ auth_flags, True);
}
/***************************************************************************
diff --git a/source3/include/auth.h b/source3/include/auth.h
index fb48616273..ed0a4e45f3 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -41,6 +41,12 @@ typedef struct interactive_password
OWF_INFO nt_owf; /* NT OWF Password */
} auth_interactive_password;
+#define AUTH_FLAG_NONE 0x000000
+#define AUTH_FLAG_PLAINTEXT 0x000001
+#define AUTH_FLAG_LM_RESP 0x000002
+#define AUTH_FLAG_NTLM_RESP 0x000004
+#define AUTH_FLAG_NTLMv2_RESP 0x000008
+
typedef struct auth_usersupplied_info
{
@@ -51,7 +57,7 @@ typedef struct auth_usersupplied_info
BOOL encrypted;
- uint32 ntlmssp_flags;
+ uint32 auth_flags;
AUTH_STR client_domain; /* domain name string */
AUTH_STR domain; /* domain name after mapping */
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index f809f9ca0c..519817432d 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -346,6 +346,7 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
NTSTATUS nt_status;
int sess_vuid;
BOOL as_guest;
+ uint32 auth_flags = AUTH_FLAG_NONE;
auth_usersupplied_info *user_info = NULL;
auth_serversupplied_info *server_info = NULL;
@@ -382,12 +383,22 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
file_save("lmhash1.dat", lmhash.data, lmhash.length);
#endif
+ if (lmhash.length) {
+ auth_flags |= AUTH_FLAG_LM_RESP;
+ }
+
+ if (nthash.length == 24) {
+ auth_flags |= AUTH_FLAG_NTLM_RESP;
+ } else if (nthash.length > 24) {
+ auth_flags |= AUTH_FLAG_NTLMv2_RESP;
+ }
+
if (!make_user_info_map(&user_info,
user, workgroup,
machine,
lmhash, nthash,
plaintext_password,
- neg_flags, True)) {
+ auth_flags, True)) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}