diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-01-03 06:23:02 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:08:15 -0500 |
commit | 8eb981c90a6094b15d4b71cc14fee4f23c713cf8 (patch) | |
tree | 4a1fe311f020c986233596799ff82699bdd999c8 /source4/auth | |
parent | dd1c0a56b4e09454b6612923acfeef2fb4be7639 (diff) | |
download | samba-8eb981c90a6094b15d4b71cc14fee4f23c713cf8.tar.gz samba-8eb981c90a6094b15d4b71cc14fee4f23c713cf8.tar.bz2 samba-8eb981c90a6094b15d4b71cc14fee4f23c713cf8.zip |
r4499: Almost make our Samba4 server pass the RPC-SAMLOGON torture test.
I just need to fix a couple of NTLMv2 issues before we can fully pass,
and put this in test_rpc.sh, as a 'should pass' test.
Andrew Bartlett
(This used to be commit 4b52409e385366d87724bb79f4fad4803e8ecfec)
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/ntlm_check.c | 105 |
1 files changed, 63 insertions, 42 deletions
diff --git a/source4/auth/ntlm_check.c b/source4/auth/ntlm_check.c index e6a8ce681f..474742bee0 100644 --- a/source4/auth/ntlm_check.c +++ b/source4/auth/ntlm_check.c @@ -285,48 +285,57 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, (unsigned long)nt_response->length, username)); } - if (nt_response->length >= 24 && nt_pw) { - if (nt_response->length > 24) { - /* We have the NT MD4 hash challenge available - see if we can - use it - */ - DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n", client_domain)); - if (smb_pwd_check_ntlmv2(mem_ctx, - nt_response, - nt_pw, challenge, - client_username, - client_domain, - False, - user_sess_key)) { - return NT_STATUS_OK; + if (nt_response->length > 24 && nt_pw) { + /* We have the NT MD4 hash challenge available - see if we can + use it + */ + DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n", client_domain)); + if (smb_pwd_check_ntlmv2(mem_ctx, + nt_response, + nt_pw, challenge, + client_username, + client_domain, + False, + user_sess_key)) { + if (lm_sess_key) { + *lm_sess_key = *user_sess_key; + lm_sess_key->length = 8; } - - DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", client_domain)); - if (smb_pwd_check_ntlmv2(mem_ctx, - nt_response, - nt_pw, challenge, - client_username, - client_domain, - True, - user_sess_key)) { - return NT_STATUS_OK; + return NT_STATUS_OK; + } + + DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", client_domain)); + if (smb_pwd_check_ntlmv2(mem_ctx, + nt_response, + nt_pw, challenge, + client_username, + client_domain, + True, + user_sess_key)) { + if (lm_sess_key) { + *lm_sess_key = *user_sess_key; + lm_sess_key->length = 8; } - - DEBUG(4,("ntlm_password_check: Checking NTLMv2 password without a domain\n")); - if (smb_pwd_check_ntlmv2(mem_ctx, - nt_response, - nt_pw, challenge, - client_username, - "", - False, - user_sess_key)) { - return NT_STATUS_OK; - } else { - DEBUG(3,("ntlm_password_check: NTLMv2 password check failed\n")); - return NT_STATUS_WRONG_PASSWORD; + return NT_STATUS_OK; + } + + DEBUG(4,("ntlm_password_check: Checking NTLMv2 password without a domain\n")); + if (smb_pwd_check_ntlmv2(mem_ctx, + nt_response, + nt_pw, challenge, + client_username, + "", + False, + user_sess_key)) { + if (lm_sess_key) { + *lm_sess_key = *user_sess_key; + lm_sess_key->length = 8; } + return NT_STATUS_OK; + } else { + DEBUG(3,("ntlm_password_check: NTLMv2 password check failed\n")); } - + } else if (nt_response->length == 24 && nt_pw) { if (lp_ntlm_auth()) { /* We have the NT MD4 hash challenge available - see if we can use it (ie. does it exist in the smbpasswd file). @@ -338,7 +347,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, user_sess_key)) { /* The LM session key for this response is not very secure, so use it only if we otherwise allow LM authentication */ - + if (lp_lanman_auth() && lm_pw) { *lm_sess_key = data_blob_talloc(mem_ctx, lm_pw, 8); } @@ -409,7 +418,11 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, client_username, client_domain, False, - NULL)) { + user_sess_key)) { + if (lm_sess_key) { + *lm_sess_key = *user_sess_key; + lm_sess_key->length = 8; + } return NT_STATUS_OK; } @@ -420,7 +433,11 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, client_username, client_domain, True, - NULL)) { + user_sess_key)) { + if (lm_sess_key) { + *lm_sess_key = *user_sess_key; + lm_sess_key->length = 8; + } return NT_STATUS_OK; } @@ -431,7 +448,11 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, client_username, "", False, - NULL)) { + user_sess_key)) { + if (lm_sess_key) { + *lm_sess_key = *user_sess_key; + lm_sess_key->length = 8; + } return NT_STATUS_OK; } |