summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/nsswitch/wbinfo.c53
-rw-r--r--source3/nsswitch/winbindd_pam.c54
2 files changed, 97 insertions, 10 deletions
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index b6a09bf2a1..2abd9c69a1 100644
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -582,13 +582,54 @@ static BOOL wbinfo_auth_crap(char *username)
generate_random_buffer(request.data.auth_crap.chal, 8);
- SMBencrypt(pass, request.data.auth_crap.chal,
- (uchar *)request.data.auth_crap.lm_resp);
- SMBNTencrypt(pass, request.data.auth_crap.chal,
- (uchar *)request.data.auth_crap.nt_resp);
+ if (lp_client_ntlmv2_auth()) {
+ DATA_BLOB server_chal;
+ DATA_BLOB names_blob;
- request.data.auth_crap.lm_resp_len = 24;
- request.data.auth_crap.nt_resp_len = 24;
+ DATA_BLOB lm_response;
+ DATA_BLOB nt_response;
+
+ server_chal = data_blob(request.data.auth_crap.chal, 8);
+
+ /* Pretend this is a login to 'us', for blob purposes */
+ names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
+
+ if (!SMBNTLMv2encrypt(name_user, name_domain, pass, &server_chal,
+ &names_blob,
+ &lm_response, &nt_response, NULL)) {
+ data_blob_free(&names_blob);
+ data_blob_free(&server_chal);
+ return False;
+ }
+ data_blob_free(&names_blob);
+ data_blob_free(&server_chal);
+
+ memcpy(request.data.auth_crap.nt_resp, nt_response.data,
+ MIN(nt_response.length,
+ sizeof(request.data.auth_crap.nt_resp)));
+ request.data.auth_crap.nt_resp_len = nt_response.length;
+
+ memcpy(request.data.auth_crap.lm_resp, lm_response.data,
+ MIN(lm_response.length,
+ sizeof(request.data.auth_crap.lm_resp)));
+ request.data.auth_crap.lm_resp_len = lm_response.length;
+
+ data_blob_free(&nt_response);
+ data_blob_free(&lm_response);
+
+ } else {
+ if (lp_client_lanman_auth()
+ && SMBencrypt(pass, request.data.auth_crap.chal,
+ (uchar *)request.data.auth_crap.lm_resp)) {
+ request.data.auth_crap.lm_resp_len = 24;
+ } else {
+ request.data.auth_crap.lm_resp_len = 0;
+ }
+ SMBNTencrypt(pass, request.data.auth_crap.chal,
+ (uchar *)request.data.auth_crap.nt_resp);
+
+ request.data.auth_crap.nt_resp_len = 24;
+ }
result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index 129f876f81..e8d15f4703 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -190,13 +190,59 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
/* do password magic */
+
generate_random_buffer(chal, 8);
- SMBencrypt(state->request.data.auth.pass, chal, local_lm_response);
+ if (lp_client_ntlmv2_auth()) {
+ DATA_BLOB server_chal;
+ DATA_BLOB names_blob;
+ DATA_BLOB nt_response;
+ DATA_BLOB lm_response;
+ server_chal = data_blob_talloc(mem_ctx, chal, 8);
+
+ /* note that the 'workgroup' here is a best guess - we don't know
+ the server's domain at this point. The 'server name' is also
+ dodgy...
+ */
+ names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
- SMBNTencrypt(state->request.data.auth.pass, chal, local_nt_response);
+ if (!SMBNTLMv2encrypt(name_user, name_domain,
+ state->request.data.auth.pass,
+ &server_chal,
+ &names_blob,
+ &lm_response, &nt_response, NULL)) {
+ data_blob_free(&names_blob);
+ data_blob_free(&server_chal);
+ DEBUG(0, ("winbindd_pam_auth: SMBNTLMv2encrypt() failed!\n"));
+ result = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ data_blob_free(&names_blob);
+ data_blob_free(&server_chal);
+ lm_resp = data_blob_talloc(mem_ctx, lm_response.data, lm_response.length);
+ nt_resp = data_blob_talloc(mem_ctx, nt_response.data, nt_response.length);
+ data_blob_free(&lm_response);
+ data_blob_free(&nt_response);
+
+ } else {
+ if (lp_client_lanman_auth()
+ && SMBencrypt(state->request.data.auth.pass,
+ chal,
+ local_lm_response)) {
+ lm_resp = data_blob_talloc(mem_ctx,
+ local_lm_response,
+ sizeof(local_lm_response));
+ } else {
+ lm_resp = data_blob(NULL, 0);
+ }
+ SMBNTencrypt(state->request.data.auth.pass,
+ chal,
+ local_nt_response);
+
+ nt_resp = data_blob_talloc(mem_ctx,
+ local_nt_response,
+ sizeof(local_nt_response));
+ }
- lm_resp = data_blob_talloc(mem_ctx, local_lm_response, sizeof(local_lm_response));
- nt_resp = data_blob_talloc(mem_ctx, local_nt_response, sizeof(local_nt_response));
/* what domain should we contact? */