From f91c616176555dc29052abd4c09ab1bf292c2929 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 19 Feb 2012 10:56:12 +1100 Subject: s3-ntlm_auth: allow ntlm_auth --diagnostics to pass again This still requires that the server permit LM passwords, but our s3dc test environment has this enabled. Andrew Bartlett --- source3/utils/ntlm_auth.c | 9 ++++++--- source3/utils/ntlm_auth_diagnostics.c | 10 +++++----- source3/utils/ntlm_auth_proto.h | 1 + 3 files changed, 12 insertions(+), 8 deletions(-) (limited to 'source3/utils') diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index ff9b60ed0f..02652b15e4 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -390,6 +390,7 @@ NTSTATUS contact_winbind_auth_crap(const char *username, const DATA_BLOB *lm_response, const DATA_BLOB *nt_response, uint32 flags, + uint32 extra_logon_parameters, uint8 lm_key[8], uint8 user_session_key[16], char **error_string, @@ -409,7 +410,8 @@ NTSTATUS contact_winbind_auth_crap(const char *username, request.flags = flags; - request.data.auth_crap.logon_parameters = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT; + request.data.auth_crap.logon_parameters = extra_logon_parameters + | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT; if (require_membership_of_sid) fstrcpy(request.data.auth_crap.require_membership_of_sid, require_membership_of_sid); @@ -585,6 +587,7 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX &ntlmssp_state->lm_resp, &ntlmssp_state->nt_resp, WBFLAG_PAM_LMKEY | WBFLAG_PAM_USER_SESSION_KEY | WBFLAG_PAM_UNIX_NAME, + 0, lm_key, user_sess_key, &error_string, &unix_name); @@ -2032,7 +2035,7 @@ static void manage_ntlm_server_1_request(struct ntlm_auth_state *state, &challenge, &lm_response, &nt_response, - flags, + flags, 0, lm_key, user_session_key, &error_string, @@ -2486,7 +2489,7 @@ static bool check_auth_crap(void) &opt_challenge, &opt_lm_response, &opt_nt_response, - flags, + flags, 0, (unsigned char *)lm_key, (unsigned char *)user_session_key, &error_string, NULL); diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c index 41462c052b..e83e975ffd 100644 --- a/source3/utils/ntlm_auth_diagnostics.c +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -98,7 +98,7 @@ static bool test_lm_ntlm_broken(enum ntlm_break break_which) &chall, &lm_response, &nt_response, - flags, + flags, 0, lm_key, user_session_key, &error_string, NULL); @@ -197,7 +197,7 @@ static bool test_ntlm_in_lm(void) &chall, &nt_response, NULL, - flags, + flags, 0, lm_key, user_session_key, &error_string, NULL); @@ -268,7 +268,7 @@ static bool test_ntlm_in_both(void) &chall, &nt_response, &nt_response, - flags, + flags, 0, lm_key, user_session_key, &error_string, NULL); @@ -359,7 +359,7 @@ static bool test_lmv2_ntlmv2_broken(enum ntlm_break break_which) &chall, &lmv2_response, &ntlmv2_response, - flags, + flags, 0, NULL, user_session_key, &error_string, NULL); @@ -510,7 +510,7 @@ static bool test_plaintext(enum ntlm_break break_which) &chall, &lm_response, &nt_response, - flags, + flags, MSV1_0_CLEARTEXT_PASSWORD_ALLOWED, lm_key, user_session_key, &error_string, NULL); diff --git a/source3/utils/ntlm_auth_proto.h b/source3/utils/ntlm_auth_proto.h index 5f8d26465b..ae26c948b8 100644 --- a/source3/utils/ntlm_auth_proto.h +++ b/source3/utils/ntlm_auth_proto.h @@ -36,6 +36,7 @@ NTSTATUS contact_winbind_auth_crap(const char *username, const DATA_BLOB *lm_response, const DATA_BLOB *nt_response, uint32 flags, + uint32 extra_logon_parameters, uint8 lm_key[8], uint8 user_session_key[16], char **error_string, -- cgit