diff options
Diffstat (limited to 'source3/auth/auth_server.c')
| -rw-r--r-- | source3/auth/auth_server.c | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 8f0f98b350..76cafc6d69 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -297,7 +297,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context } if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) { - if (user_info->encrypted) { + if (user_info->password_state != AUTH_PASSWORD_PLAIN) { DEBUG(1,("password server %s is plaintext, but we are encrypted. This just can't work :-(\n", cli->desthost)); return NT_STATUS_LOGON_FAILURE; } @@ -326,8 +326,8 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context memset(badpass, 0x1f, sizeof(badpass)); - if((user_info->nt_resp.length == sizeof(badpass)) && - !memcmp(badpass, user_info->nt_resp.data, sizeof(badpass))) { + if((user_info->password.response.nt.length == sizeof(badpass)) && + !memcmp(badpass, user_info->password.response.nt.data, sizeof(badpass))) { /* * Very unlikely, our random bad password is the same as the users * password. @@ -391,22 +391,24 @@ use this machine as the password server.\n")); * Now we know the password server will correctly set the guest bit, or is * not guest enabled, we can try with the real password. */ - - if (!user_info->encrypted) { + switch (user_info->password_state) { + case AUTH_PASSWORD_PLAIN: /* Plaintext available */ nt_status = cli_session_setup( cli, user_info->client.account_name, - (char *)user_info->plaintext_password.data, - user_info->plaintext_password.length, + user_info->password.plaintext, + strlen(user_info->password.plaintext), NULL, 0, user_info->mapped.domain_name); - } else { + /* currently the hash values include a challenge-response as well */ + case AUTH_PASSWORD_HASH: + case AUTH_PASSWORD_RESPONSE: nt_status = cli_session_setup( cli, user_info->client.account_name, - (char *)user_info->lm_resp.data, - user_info->lm_resp.length, - (char *)user_info->nt_resp.data, - user_info->nt_resp.length, + (char *)user_info->password.response.lanman.data, + user_info->password.response.lanman.length, + (char *)user_info->password.response.nt.data, + user_info->password.response.nt.length, user_info->mapped.domain_name); } |