5 files changed, 61 insertions, 10 deletions

diff --git a/source3/lib/talloc.c b/source3/lib/talloc.c
index 485dc28f31..093a221fd3 100644
--- a/source3/lib/talloc.c
+++ b/source3/lib/talloc.c
@@ -276,6 +276,24 @@ char *talloc_strdup(TALLOC_CTX *t, const char *p)
 		return NULL;
 }
 
+/** strdup_upper with a talloc */
+char *talloc_strdup_upper(TALLOC_CTX *t, const char *p)
+{
+	char *r;
+	if (p) {
+		char *q = strdup_upper(p);
+		if (q) { 
+			r = talloc_strdup(t, q);
+			SAFE_FREE(q);
+			return r;
+		} else {
+			return NULL;
+		}
+	} else {
+		return NULL;
+	}
+}
+
 /** strdup_w with a talloc */
 smb_ucs2_t *talloc_strdup_w(TALLOC_CTX *t, const smb_ucs2_t *p)
 {
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 63541e18b5..adfeec2290 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -358,7 +358,9 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user,
 		memcpy(p,nt_response.data, nt_response.length); p += nt_response.length;
 	}
 	p += clistr_push(cli, p, user, -1, STR_TERMINATE);
-	p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE);
+
+	/* Upper case here might help some NTLMv2 implementations */
+	p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER);
 	p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
 	p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
 	cli_setup_bcc(cli, p);
@@ -649,7 +651,7 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use
 			   for checking the first reply from the server */
 			cli_calculate_sign_mac(cli);
 			
-			if (!cli_check_sign_mac(cli, True)) {
+			if (!cli_check_sign_mac(cli, False)) {
 				nt_status = NT_STATUS_ACCESS_DENIED;
 			}
 		}
@@ -874,7 +876,7 @@ BOOL cli_send_tconX(struct cli_state *cli,
 
 	if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && *pass && passlen != 24) {
 		if (!lp_client_lanman_auth()) {
-			DEBUG(1, ("Server requested LANMAN password but 'client use lanman auth'"
+			DEBUG(1, ("Server requested LANMAN password (share-level security) but 'client use lanman auth'"
 				  " is disabled\n"));
 			return False;
 		}
diff --git a/source3/libsmb/ntlm_check.c b/source3/libsmb/ntlm_check.c
index 362b640f91..bc291b5128 100644
--- a/source3/libsmb/ntlm_check.c
+++ b/source3/libsmb/ntlm_check.c
@@ -85,6 +85,7 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
 				 const uchar *part_passwd,
 				 const DATA_BLOB *sec_blob,
 				 const char *user, const char *domain,
+				 BOOL upper_case_domain, /* should the domain be transformed into upper case? */
 				 DATA_BLOB *user_sess_key)
 {
 	/* Finish the encryption of part_passwd. */
@@ -122,7 +123,7 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
 
 	memcpy(client_response, ntv2_response->data, sizeof(client_response));
 
-	if (!ntv2_owf_gen(part_passwd, user, domain, kr)) {
+	if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) {
 		return False;
 	}
 
@@ -235,13 +236,24 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 	if (nt_response->length >= 24 && nt_pw) {
 		if (nt_response->length > 24) {
 			/* We have the NT MD4 hash challenge available - see if we can
-			   use it (ie. does it exist in the smbpasswd file).
+			   use it 
 			*/
 			DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n", client_domain));
 			if (smb_pwd_check_ntlmv2( nt_response, 
 						  nt_pw, challenge, 
-					  client_username, 
+						  client_username, 
+						  client_domain,
+						  False,
+						  user_sess_key)) {
+				return NT_STATUS_OK;
+			}
+			
+			DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", client_domain));
+			if (smb_pwd_check_ntlmv2( nt_response, 
+						  nt_pw, challenge, 
+						  client_username, 
 						  client_domain,
+						  True,
 						  user_sess_key)) {
 				return NT_STATUS_OK;
 			}
@@ -251,6 +263,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 						  nt_pw, challenge, 
 						  client_username, 
 						  "",
+						  False,
 						  user_sess_key)) {
 				return NT_STATUS_OK;
 			} else {
@@ -334,6 +347,17 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 				  nt_pw, challenge, 
 				  client_username,
 				  client_domain,
+				  False,
+				  NULL)) {
+		return NT_STATUS_OK;
+	}
+	
+	DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n", client_domain));
+	if (smb_pwd_check_ntlmv2( lm_response, 
+				  nt_pw, challenge, 
+				  client_username,
+				  client_domain,
+				  True,
 				  NULL)) {
 		return NT_STATUS_OK;
 	}
@@ -343,6 +367,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 				  nt_pw, challenge, 
 				  client_username,
 				  "",
+				  False,
 				  NULL)) {
 		return NT_STATUS_OK;
 	}
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 60523ddf9d..82eafc4cd5 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -168,7 +168,9 @@ NTSTATUS ntlmssp_set_password(NTLMSSP_STATE *ntlmssp_state, const char *password
  */
 NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain) 
 {
-	ntlmssp_state->domain = talloc_strdup(ntlmssp_state->mem_ctx, domain);
+	/* Possibly make our NTLMv2 client more robust by always having 
+	   an uppercase domain */
+	ntlmssp_state->domain = talloc_strdup_upper(ntlmssp_state->mem_ctx, domain);
 	if (!ntlmssp_state->domain) {
 		return NT_STATUS_NO_MEMORY;
 	}
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index c5acedae51..270a659e57 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -127,7 +127,9 @@ void nt_lm_owf_gen(const char *pwd, uchar nt_p16[16], uchar p16[16])
 
 /* Does both the NTLMv2 owfs of a user's password */
 BOOL ntv2_owf_gen(const uchar owf[16],
-		  const char *user_in, const char *domain_in, uchar kr_buf[16])
+		  const char *user_in, const char *domain_in,
+		  BOOL upper_case_domain, /* Transform the domain into UPPER case */
+		  uchar kr_buf[16])
 {
 	smb_ucs2_t *user;
 	smb_ucs2_t *domain;
@@ -150,7 +152,9 @@ BOOL ntv2_owf_gen(const uchar owf[16],
 	}
 
 	strupper_w(user);
-	strupper_w(domain);
+
+	if (upper_case_domain)
+		strupper_w(domain);
 
 	SMB_ASSERT(user_byte_len >= 2);
 	SMB_ASSERT(domain_byte_len >= 2);
@@ -426,7 +430,7 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password
 	   the username and domain.
 	   This prevents username swapping during the auth exchange
 	*/
-	if (!ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash)) {
+	if (!ntv2_owf_gen(nt_hash, user, domain, True, ntlm_v2_hash)) {
 		return False;
 	}