diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-10-29 11:11:05 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:45:30 -0500 |
commit | 5e456b38ed0656d6364f06f31e06ebfb3ab34901 (patch) | |
tree | 74305f51fb2f7a8b1243d37e6fd449f39e5a1415 /source4 | |
parent | 0ea06b97c295baa22e0f2cf9f6e06338d1ba7c2f (diff) | |
download | samba-5e456b38ed0656d6364f06f31e06ebfb3ab34901.tar.gz samba-5e456b38ed0656d6364f06f31e06ebfb3ab34901.tar.bz2 samba-5e456b38ed0656d6364f06f31e06ebfb3ab34901.zip |
r11393: Avoid error messages and get more correctness with long plaintext passwords.
Andrew Bartlett
(This used to be commit cb0b3c00572958f5ac8413cc651f627ca1871295)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/auth/ntlm_check.c | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/source4/auth/ntlm_check.c b/source4/auth/ntlm_check.c index fc2a45efad..42748f0530 100644 --- a/source4/auth/ntlm_check.c +++ b/source4/auth/ntlm_check.c @@ -310,26 +310,27 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, && (memcmp(challenge->data, zeros, challenge->length) == 0 )) { struct samr_Password client_nt; struct samr_Password client_lm; - uint8_t dospwd[15]; - char *unix_pw; + char *unix_pw = NULL; + BOOL lm_ok; DEBUG(4,("ntlm_password_check: checking plaintext passwords for user %s\n", username)); mdfour(client_nt.hash, nt_response->data, nt_response->length); - ZERO_STRUCT(dospwd); - - convert_string_talloc(mem_ctx, CH_DOS, CH_UNIX, - lm_response->data, lm_response->length, - (void **)&unix_pw); - - /* Only the fisrt 14 chars are considered, password need not be null terminated. */ - push_ascii(dospwd, unix_pw, sizeof(dospwd), STR_UPPER); - - /* we *might* need to upper-case the string here */ - E_P16((const uint8_t *)dospwd, client_lm.hash); + if (lm_response->length && + (convert_string_talloc(mem_ctx, CH_DOS, CH_UNIX, + lm_response->data, lm_response->length, + (void **)&unix_pw) != -1)) { + if (E_deshash(unix_pw, client_lm.hash)) { + lm_ok = True; + } else { + lm_ok = False; + } + } else { + lm_ok = False; + } return hash_password_check(mem_ctx, - lm_response->length ? &client_lm : NULL, + lm_ok ? &client_lm : NULL, nt_response->length ? &client_nt : NULL, username, stored_lanman, stored_nt); |