summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth_compat.c13
-rw-r--r--source3/smbd/password.c25
-rw-r--r--source3/smbd/sesssetup.c1
3 files changed, 35 insertions, 4 deletions
diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c
index bd5d7f0229..7b9802f7d4 100644
--- a/source3/auth/auth_compat.c
+++ b/source3/auth/auth_compat.c
@@ -92,18 +92,25 @@ static NTSTATUS pass_check_smb(const char *smb_name,
check if a username/password pair is ok via the auth subsystem.
return True if the password is correct, False otherwise
****************************************************************************/
+
BOOL password_ok(char *smb_name, DATA_BLOB password_blob)
{
DATA_BLOB null_password = data_blob(NULL, 0);
- BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24);
+ BOOL encrypted = (global_encrypted_passwords_negotiated && (password_blob.length == 24 || password_blob.length > 46));
if (encrypted) {
/*
* The password could be either NTLM or plain LM. Try NTLM first,
* but fall-through as required.
- * NTLMv2 makes no sense here.
+ * Vista sends NTLMv2 here - we need to try the client given workgroup.
*/
+ if (get_session_workgroup()) {
+ if (NT_STATUS_IS_OK(pass_check_smb(smb_name, get_session_workgroup(), null_password, password_blob, null_password, encrypted))) {
+ return True;
+ }
+ }
+
if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) {
return True;
}
@@ -119,5 +126,3 @@ BOOL password_ok(char *smb_name, DATA_BLOB password_blob)
return False;
}
-
-
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 38000e93f4..10cb920237 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -23,6 +23,8 @@
/* users from session setup */
static char *session_userlist = NULL;
static int len_session_userlist = 0;
+/* workgroup from session setup. */
+static char *session_workgroup = NULL;
/* this holds info on user ids that are already validated for this VC */
static user_struct *validated_users;
@@ -403,6 +405,29 @@ void add_session_user(const char *user)
}
/****************************************************************************
+ In security=share mode we need to store the client workgroup, as that's
+ what Vista uses for the NTLMv2 calculation.
+****************************************************************************/
+
+void add_session_workgroup(const char *workgroup)
+{
+ if (session_workgroup) {
+ SAFE_FREE(session_workgroup);
+ }
+ session_workgroup = smb_xstrdup(workgroup);
+}
+
+/****************************************************************************
+ In security=share mode we need to return the client workgroup, as that's
+ what Vista uses for the NTLMv2 calculation.
+****************************************************************************/
+
+const char *get_session_workgroup(void)
+{
+ return session_workgroup;
+}
+
+/****************************************************************************
Check if a user is in a netgroup user list. If at first we don't succeed,
try lower case.
****************************************************************************/
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 4d731f9c59..6c5e8f678f 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -1050,6 +1050,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
map_username(sub_user);
add_session_user(sub_user);
+ add_session_workgroup(domain);
/* Then force it to null for the benfit of the code below */
*user = 0;
}