From 7f204e07ae56d2727702b5e375ffd7d2f7f65ca9 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 16 Feb 2003 22:23:33 +0000
Subject: Merge from HEAD - allow "" as a domain in the NLTMv2 hash
 calculations.  Fixes interop with clients not in our domain.

Andrew Bartlett
(This used to be commit 6aa3aba3db604d481dc96c3befe066938cb1b0f3)
---
 source3/auth/auth_sam.c | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index e2208e1455..b309833440 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -184,7 +184,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
 		/* We have the NT MD4 hash challenge available - see if we can
 		   use it (ie. does it exist in the smbpasswd file).
 		*/
-		DEBUG(4,("sam_password_ok: Checking NTLMv2 password\n"));
+		DEBUG(4,("sam_password_ok: Checking NTLMv2 password with domain [%s]\n", user_info->client_domain.str));
 		if (smb_pwd_check_ntlmv2( user_info->nt_resp, 
 					  nt_pw, auth_context->challenge, 
 					  user_info->smb_name.str, 
@@ -192,6 +192,16 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
 					  user_sess_key))
 		{
 			return NT_STATUS_OK;
+		}
+
+		DEBUG(4,("sam_password_ok: Checking NTLMv2 password without a domain\n"));
+		if (smb_pwd_check_ntlmv2( user_info->nt_resp, 
+					  nt_pw, auth_context->challenge, 
+					  user_info->smb_name.str, 
+					  "",
+					  user_sess_key))
+		{
+			return NT_STATUS_OK;
 		} else {
 			DEBUG(3,("sam_password_ok: NTLMv2 password check failed\n"));
 			return NT_STATUS_WRONG_PASSWORD;
@@ -250,7 +260,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
 		/* This is for 'LMv2' authentication.  almost NTLMv2 but limited to 24 bytes.
 		   - related to Win9X, legacy NAS pass-though authentication
 		*/
-		DEBUG(4,("sam_password_ok: Checking LMv2 password\n"));
+		DEBUG(4,("sam_password_ok: Checking LMv2 password with domain %s\n", user_info->client_domain.str));
 		if (smb_pwd_check_ntlmv2( user_info->lm_resp, 
 					  nt_pw, auth_context->challenge, 
 					  user_info->smb_name.str, 
@@ -260,6 +270,16 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
 			return NT_STATUS_OK;
 		}
 
+		DEBUG(4,("sam_password_ok: Checking LMv2 password without a domain\n"));
+		if (smb_pwd_check_ntlmv2( user_info->lm_resp, 
+					  nt_pw, auth_context->challenge, 
+					  user_info->smb_name.str, 
+					  "",
+					  user_sess_key))
+		{
+			return NT_STATUS_OK;
+		}
+
 		/* Apparently NT accepts NT responses in the LM field
 		   - I think this is related to Win9X pass-though authentication
 		*/
-- 
cgit