diff options
| -rw-r--r-- | source3/auth/auth_compat.c | 13 | ||||
| -rw-r--r-- | source3/smbd/password.c | 25 | ||||
| -rw-r--r-- | source3/smbd/sesssetup.c | 1 |
3 files changed, 35 insertions, 4 deletions
diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c index bd5d7f0229..7b9802f7d4 100644 --- a/source3/auth/auth_compat.c +++ b/source3/auth/auth_compat.c @@ -92,18 +92,25 @@ static NTSTATUS pass_check_smb(const char *smb_name, check if a username/password pair is ok via the auth subsystem. return True if the password is correct, False otherwise ****************************************************************************/ + BOOL password_ok(char *smb_name, DATA_BLOB password_blob) { DATA_BLOB null_password = data_blob(NULL, 0); - BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24); + BOOL encrypted = (global_encrypted_passwords_negotiated && (password_blob.length == 24 || password_blob.length > 46)); if (encrypted) { /* * The password could be either NTLM or plain LM. Try NTLM first, * but fall-through as required. - * NTLMv2 makes no sense here. + * Vista sends NTLMv2 here - we need to try the client given workgroup. */ + if (get_session_workgroup()) { + if (NT_STATUS_IS_OK(pass_check_smb(smb_name, get_session_workgroup(), null_password, password_blob, null_password, encrypted))) { + return True; + } + } + if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) { return True; } @@ -119,5 +126,3 @@ BOOL password_ok(char *smb_name, DATA_BLOB password_blob) return False; } - - diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 38000e93f4..10cb920237 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -23,6 +23,8 @@ /* users from session setup */ static char *session_userlist = NULL; static int len_session_userlist = 0; +/* workgroup from session setup. */ +static char *session_workgroup = NULL; /* this holds info on user ids that are already validated for this VC */ static user_struct *validated_users; @@ -403,6 +405,29 @@ void add_session_user(const char *user) } /**************************************************************************** + In security=share mode we need to store the client workgroup, as that's + what Vista uses for the NTLMv2 calculation. +****************************************************************************/ + +void add_session_workgroup(const char *workgroup) +{ + if (session_workgroup) { + SAFE_FREE(session_workgroup); + } + session_workgroup = smb_xstrdup(workgroup); +} + +/**************************************************************************** + In security=share mode we need to return the client workgroup, as that's + what Vista uses for the NTLMv2 calculation. +****************************************************************************/ + +const char *get_session_workgroup(void) +{ + return session_workgroup; +} + +/**************************************************************************** Check if a user is in a netgroup user list. If at first we don't succeed, try lower case. ****************************************************************************/ diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 4d731f9c59..6c5e8f678f 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -1050,6 +1050,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, map_username(sub_user); add_session_user(sub_user); + add_session_workgroup(domain); /* Then force it to null for the benfit of the code below */ *user = 0; } |