diff options
Diffstat (limited to 'source3/auth/check_samsec.c')
-rw-r--r-- | source3/auth/check_samsec.c | 55 |
1 files changed, 27 insertions, 28 deletions
diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c index 5228811422..df5dc31b9c 100644 --- a/source3/auth/check_samsec.c +++ b/source3/auth/check_samsec.c @@ -41,11 +41,10 @@ static NTSTATUS sam_password_ok(TALLOC_CTX *mem_ctx, DATA_BLOB *user_sess_key, DATA_BLOB *lm_sess_key) { - struct samr_Password _lm_hash, _nt_hash, _client_lm_hash, _client_nt_hash; + NTSTATUS status; + struct samr_Password _lm_hash, _nt_hash; struct samr_Password *lm_hash = NULL; struct samr_Password *nt_hash = NULL; - struct samr_Password *client_lm_hash = NULL; - struct samr_Password *client_nt_hash = NULL; *user_sess_key = data_blob_null; *lm_sess_key = data_blob_null; @@ -68,36 +67,35 @@ static NTSTATUS sam_password_ok(TALLOC_CTX *mem_ctx, memcpy(_nt_hash.hash, nt_pw, sizeof(_nt_hash.hash)); nt_hash = &_nt_hash; } - if (user_info->lm_interactive_pwd.data && sizeof(_client_lm_hash.hash) == user_info->lm_interactive_pwd.length) { - memcpy(_client_lm_hash.hash, user_info->lm_interactive_pwd.data, sizeof(_lm_hash.hash)); - client_lm_hash = &_client_lm_hash; - } - if (user_info->nt_interactive_pwd.data && sizeof(_client_nt_hash.hash) == user_info->nt_interactive_pwd.length) { - memcpy(_client_nt_hash.hash, user_info->nt_interactive_pwd.data, sizeof(_nt_hash.hash)); - client_nt_hash = &_client_nt_hash; - } - - if (client_lm_hash || client_nt_hash) { - if (!nt_pw) { - return NT_STATUS_WRONG_PASSWORD; - } - *user_sess_key = data_blob_talloc(mem_ctx, NULL, 16); - if (!user_sess_key->data) { - return NT_STATUS_NO_MEMORY; + switch (user_info->password_state) { + case AUTH_PASSWORD_HASH: + status = hash_password_check(mem_ctx, lp_lanman_auth(), + user_info->password.hash.lanman, + user_info->password.hash.nt, + username, + lm_hash, + nt_hash); + if (NT_STATUS_IS_OK(status)) { + if (nt_pw) { + *user_sess_key = data_blob_talloc(mem_ctx, NULL, 16); + if (!user_sess_key->data) { + return NT_STATUS_NO_MEMORY; + } + SMBsesskeygen_ntv1(nt_pw, user_sess_key->data); + } } - SMBsesskeygen_ntv1(nt_pw, user_sess_key->data); - return hash_password_check(mem_ctx, lp_lanman_auth(), - client_lm_hash, - client_nt_hash, - username, - lm_hash, - nt_hash); - } else { + return status; + + /* Eventually we should test plaintext passwords in their own + * function, not assuming the caller has done a + * mapping */ + case AUTH_PASSWORD_PLAIN: + case AUTH_PASSWORD_RESPONSE: return ntlm_password_check(mem_ctx, lp_lanman_auth(), lp_ntlm_auth(), user_info->logon_parameters, challenge, - &user_info->lm_resp, &user_info->nt_resp, + &user_info->password.response.lanman, &user_info->password.response.nt, username, user_info->client.account_name, user_info->client.domain_name, @@ -105,6 +103,7 @@ static NTSTATUS sam_password_ok(TALLOC_CTX *mem_ctx, nt_hash, user_sess_key, lm_sess_key); } + return NT_STATUS_INVALID_PARAMETER; } /**************************************************************************** |