summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-07-20 06:55:05 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-07-20 06:55:05 +0000
commit129b3966c04f4f1be33d35ca720e5946fbe76051 (patch)
treee055d275480eb2fadbadfb1aa4100850bc0bdb00 /source3
parent60815388180bef868eda9073ea11a3fe494a23a5 (diff)
downloadsamba-129b3966c04f4f1be33d35ca720e5946fbe76051.tar.gz
samba-129b3966c04f4f1be33d35ca720e5946fbe76051.tar.bz2
samba-129b3966c04f4f1be33d35ca720e5946fbe76051.zip
Add support for a weird behaviour apparently used by Win9X pass-through
authentication - we can have an NT hash in the LM hash feild. (I need to double-check this fix with tpot, who discovered it). Also remove silly casts back and forth between uchar and char. Andrew Bartlett (This used to be commit 07e2b36311f91d7a20865a2ccc94716772e53fd7)
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth_sam.c19
-rw-r--r--source3/libsmb/smbencrypt.c4
2 files changed, 19 insertions, 4 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 76579150ce..155370546a 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -107,7 +107,7 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB ntv2_response,
memcpy(client_response, ntv2_response.data, sizeof(client_response));
ntv2_owf_gen(part_passwd, user, domain, kr);
- SMBOWFencrypt_ntv2(kr, sec_blob, client_key_data, (char *)value_from_encryption);
+ SMBOWFencrypt_ntv2(kr, sec_blob, client_key_data, value_from_encryption);
if (user_sess_key != NULL)
{
SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key);
@@ -232,11 +232,26 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
{
return NT_STATUS_OK;
} else {
+ if (lp_ntlm_auth()) {
+ /* Apparently NT accepts NT responses in the LM feild
+ - I think this is related to Win9X pass-though authenticaion
+ */
+ DEBUG(4,("sam_password_ok: Checking NT MD4 password in LM feild\n"));
+ if (smb_pwd_check_ntlmv1(user_info->lm_resp,
+ nt_pw, auth_context->challenge,
+ user_sess_key))
+ {
+ return NT_STATUS_OK;
+ } else {
+ DEBUG(3,("sam_password_ok: NT MD4 password in LM feild failed for user %s\n",pdb_get_username(sampass)));
+ return NT_STATUS_WRONG_PASSWORD;
+ }
+ }
DEBUG(4,("sam_password_ok: LM password check failed for user %s\n",pdb_get_username(sampass)));
return NT_STATUS_WRONG_PASSWORD;
}
}
-
+
/* Should not be reached, but if they send nothing... */
DEBUG(3,("sam_password_ok: NEITHER LanMan nor NT password supplied for user %s\n",pdb_get_username(sampass)));
return NT_STATUS_WRONG_PASSWORD;
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 95434d0ae4..d15a83a515 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -226,14 +226,14 @@ BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[
void SMBOWFencrypt_ntv2(const uchar kr[16],
const DATA_BLOB srv_chal,
const DATA_BLOB cli_chal,
- char resp_buf[16])
+ uchar resp_buf[16])
{
HMACMD5Context ctx;
hmac_md5_init_limK_to_64(kr, 16, &ctx);
hmac_md5_update(srv_chal.data, srv_chal.length, &ctx);
hmac_md5_update(cli_chal.data, cli_chal.length, &ctx);
- hmac_md5_final((unsigned char *)resp_buf, &ctx);
+ hmac_md5_final(resp_buf, &ctx);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("SMBOWFencrypt_ntv2: srv_chal, cli_chal, resp_buf\n"));