From 7967eeb659574932cdaa770941afbcfd2e991a3e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 24 Oct 2003 01:19:23 +0000 Subject: Andrew Bartlett patch to cope with Exchange 5.5 cleartext pop password auth. Jeremy. (This used to be commit 2d09d8c9d973f5f414d31f749db12328ff315de7) --- source3/auth/auth_sam.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'source3') diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index ce97bd7df2..2a00b6fb80 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -172,6 +172,22 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, pdb_get_username(sampass))); /* No return, we want to check the LM hash below in this case */ auth_flags &= (~(AUTH_FLAG_NTLMv2_RESP | AUTH_FLAG_NTLM_RESP)); + } else { + /* Check for cleartext netlogon. Used by Exchange 5.5. */ + unsigned char zeros[8]; + + memset(zeros,'\0',sizeof(zeros)); + if (auth_context->challenge.length == sizeof(zeros) && + (memcmp(auth_context->challenge.data, zeros, auth_context->challenge.length) == 0 ) && + user_info->nt_resp.length) { + if ((nt_pw = pdb_get_nt_passwd(sampass)) != NULL) { + unsigned char pwhash[16]; + mdfour(pwhash, user_info->nt_resp.data, user_info->nt_resp.length); + if (memcmp(pwhash, nt_pw, sizeof(pwhash)) == 0) { + return NT_STATUS_OK; + } + } + } } if (auth_flags & AUTH_FLAG_NTLMv2_RESP) { -- cgit