From 5047a66d39fdd56a5895037de8c519a828a03b19 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 11 Jan 2002 05:29:09 +0000 Subject: Back out the crazy notion that the NTLMSSP flags actually mean anything... Replace this with some flags that *we* define. We can do a mapping later if we actually get some more reliable info about what passwords are actually valid. Andrew Bartlett (This used to be commit 7f7a42c3e4d5798ac87ea16a42e4976c3778a76b) --- source3/auth/auth_sam.c | 14 +++++++------- source3/auth/auth_util.c | 42 +++++++++++++++++++++--------------------- 2 files changed, 28 insertions(+), 28 deletions(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index f1bcae461e..107e33c600 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -140,7 +140,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, { uint16 acct_ctrl; const uint8 *nt_pw, *lm_pw; - uint32 ntlmssp_flags; + uint32 auth_flags; acct_ctrl = pdb_get_acct_ctrl(sampass); if (acct_ctrl & ACB_PWNOTREQ) @@ -160,16 +160,16 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, nt_pw = pdb_get_nt_passwd(sampass); lm_pw = pdb_get_lanman_passwd(sampass); - ntlmssp_flags = user_info->ntlmssp_flags; + auth_flags = user_info->auth_flags; if (nt_pw == NULL) { DEBUG(3,("sam_password_ok: NO NT password stored for user %s.\n", pdb_get_username(sampass))); /* No return, we want to check the LM hash below in this case */ - ntlmssp_flags &= (~(NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_NTLM2)); + auth_flags &= (~(AUTH_FLAG_NTLMv2_RESP | AUTH_FLAG_NTLM_RESP)); } - if (ntlmssp_flags & NTLMSSP_NEGOTIATE_NTLM2) { + if (auth_flags & AUTH_FLAG_NTLMv2_RESP) { /* We have the NT MD4 hash challenge available - see if we can use it (ie. does it exist in the smbpasswd file). */ @@ -185,7 +185,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, DEBUG(3,("sam_password_ok: NTLMv2 password check failed\n")); return NT_STATUS_WRONG_PASSWORD; } - } else if (ntlmssp_flags & NTLMSSP_NEGOTIATE_NTLM) { + } else if (auth_flags & AUTH_FLAG_NTLM_RESP) { if (lp_ntlm_auth()) { /* We have the NT MD4 hash challenge available - see if we can use it (ie. does it exist in the smbpasswd file). @@ -208,10 +208,10 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, if (lm_pw == NULL) { DEBUG(3,("sam_password_ok: NO LanMan password set for user %s (and no NT password supplied)\n",pdb_get_username(sampass))); - ntlmssp_flags &= (~NTLMSSP_NEGOTIATE_OEM); + auth_flags &= (~AUTH_FLAG_LM_RESP); } - if (ntlmssp_flags & NTLMSSP_NEGOTIATE_OEM) { + if (auth_flags & AUTH_FLAG_LM_RESP) { if (user_info->lm_resp.length != 24) { DEBUG(2,("sam_password_ok: invalid LanMan password length (%d) for user %s\n", diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index a479f52ab2..a747cf8a35 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -111,7 +111,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info, const char *wksta_name, DATA_BLOB lm_pwd, DATA_BLOB nt_pwd, DATA_BLOB plaintext, - uint32 ntlmssp_flags, BOOL encrypted) + uint32 auth_flags, BOOL encrypted) { DEBUG(5,("attempting to make a user_info for %s (%s)\n", internal_username, smb_name)); @@ -173,7 +173,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info, (*user_info)->plaintext_password = data_blob(plaintext.data, plaintext.length); (*user_info)->encrypted = encrypted; - (*user_info)->ntlmssp_flags = ntlmssp_flags; + (*user_info)->auth_flags = auth_flags; DEBUG(10,("made an %sencrypted user_info for %s (%s)\n", encrypted ? "":"un" , internal_username, smb_name)); @@ -248,14 +248,14 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info, DATA_BLOB lm_blob = data_blob(lm_network_pwd, lm_pwd_len); DATA_BLOB nt_blob = data_blob(nt_network_pwd, nt_pwd_len); DATA_BLOB plaintext_blob = data_blob(NULL, 0); - uint32 ntlmssp_flags = 0; + uint32 auth_flags = AUTH_FLAG_NONE; if (lm_pwd_len) - ntlmssp_flags |= NTLMSSP_NEGOTIATE_OEM; + auth_flags |= AUTH_FLAG_LM_RESP; if (nt_pwd_len == 24) { - ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM; + auth_flags |= AUTH_FLAG_NTLM_RESP; } else if (nt_pwd_len != 0) { - ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM2; + auth_flags |= AUTH_FLAG_NTLMv2_RESP; } ret = make_user_info_map(user_info, @@ -263,7 +263,7 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info, wksta_name, lm_blob, nt_blob, plaintext_blob, - ntlmssp_flags, True); + auth_flags, True); data_blob_free(&lm_blob); data_blob_free(&nt_blob); @@ -289,7 +289,7 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, unsigned char local_lm_response[24]; unsigned char local_nt_response[24]; unsigned char key[16]; - uint32 ntlmssp_flags = 0; + uint32 auth_flags = AUTH_FLAG_NONE; ZERO_STRUCT(key); memcpy(key, dc_sess_key, 8); @@ -334,9 +334,9 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, DATA_BLOB plaintext_blob = data_blob(NULL, 0); if (lm_interactive_pwd) - ntlmssp_flags |= NTLMSSP_NEGOTIATE_OEM; + auth_flags |= AUTH_FLAG_LM_RESP; if (nt_interactive_pwd) - ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM; + auth_flags |= AUTH_FLAG_NTLM_RESP; ret = make_user_info_map(user_info, smb_name, client_domain, @@ -344,7 +344,7 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, local_lm_blob, local_nt_blob, plaintext_blob, - ntlmssp_flags, True); + auth_flags, True); data_blob_free(&local_lm_blob); data_blob_free(&local_nt_blob); @@ -367,7 +367,7 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info, DATA_BLOB local_lm_blob; DATA_BLOB local_nt_blob; BOOL ret = False; - uint32 ntlmssp_flags = 0; + uint32 auth_flags = AUTH_FLAG_NONE; /* * Not encrypted - do so. @@ -390,7 +390,7 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info, case insensitive */ local_nt_blob = data_blob(NULL, 0); - ntlmssp_flags = NTLMSSP_NEGOTIATE_OEM; + auth_flags = (AUTH_FLAG_PLAINTEXT | AUTH_FLAG_LM_RESP); } else { local_lm_blob = data_blob(NULL, 0); local_nt_blob = data_blob(NULL, 0); @@ -402,7 +402,7 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info, local_lm_blob, local_nt_blob, plaintext_password, - ntlmssp_flags, False); + auth_flags, False); data_blob_free(&local_lm_blob); return ret; @@ -417,18 +417,18 @@ BOOL make_user_info_for_reply_enc(auth_usersupplied_info **user_info, char *client_domain, DATA_BLOB lm_resp, DATA_BLOB nt_resp) { - uint32 ntlmssp_flags = 0; + uint32 auth_flags = AUTH_FLAG_NONE; DATA_BLOB no_plaintext_blob = data_blob(NULL, 0); if (lm_resp.length == 24) { - ntlmssp_flags |= NTLMSSP_NEGOTIATE_OEM; + auth_flags |= AUTH_FLAG_LM_RESP; } if (nt_resp.length == 0) { } else if (nt_resp.length == 24) { - ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM; + auth_flags |= AUTH_FLAG_NTLM_RESP; } else { - ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM2; + auth_flags |= AUTH_FLAG_NTLMv2_RESP; } return make_user_info_map(user_info, smb_name, @@ -437,7 +437,7 @@ BOOL make_user_info_for_reply_enc(auth_usersupplied_info **user_info, lm_resp, nt_resp, no_plaintext_blob, - ntlmssp_flags, True); + auth_flags, True); } /**************************************************************************** @@ -449,7 +449,7 @@ BOOL make_user_info_guest(auth_usersupplied_info **user_info) DATA_BLOB lm_blob = data_blob(NULL, 0); DATA_BLOB nt_blob = data_blob(NULL, 0); DATA_BLOB plaintext_blob = data_blob(NULL, 0); - uint32 ntlmssp_flags = 0; + uint32 auth_flags = AUTH_FLAG_NONE; return make_user_info(user_info, "","", @@ -457,7 +457,7 @@ BOOL make_user_info_guest(auth_usersupplied_info **user_info) "", nt_blob, lm_blob, plaintext_blob, - ntlmssp_flags, True); + auth_flags, True); } /*************************************************************************** -- cgit