mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
Move uppercasing the domain out of smb_pwd_check_ntlmv2()
Allows us to remove a silly bool parameter. Based on work done by "Blohm, Guntram (I/FP-37, extern)" <extern.guntram.blohm@audi.de>.
This commit is contained in:
parent
ced27e1c5d
commit
43870fb2c8
@ -297,6 +297,14 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
|
|||||||
{
|
{
|
||||||
const static uint8_t zeros[8];
|
const static uint8_t zeros[8];
|
||||||
DATA_BLOB tmp_sess_key;
|
DATA_BLOB tmp_sess_key;
|
||||||
|
const char *upper_client_domain = NULL;
|
||||||
|
|
||||||
|
if (client_domain != NULL) {
|
||||||
|
upper_client_domain = talloc_strdup_upper(mem_ctx, client_domain);
|
||||||
|
if (upper_client_domain == NULL) {
|
||||||
|
return NT_STATUS_NO_MEMORY;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (stored_nt == NULL) {
|
if (stored_nt == NULL) {
|
||||||
DEBUG(3,("ntlm_password_check: NO NT password stored for user %s.\n",
|
DEBUG(3,("ntlm_password_check: NO NT password stored for user %s.\n",
|
||||||
@ -349,7 +357,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
|
|||||||
/* We have the NT MD4 hash challenge available - see if we can
|
/* We have the NT MD4 hash challenge available - see if we can
|
||||||
use it
|
use it
|
||||||
*/
|
*/
|
||||||
DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n", client_domain));
|
DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n",
|
||||||
|
client_domain ? client_domain : "<NULL>"));
|
||||||
if (smb_pwd_check_ntlmv2(mem_ctx,
|
if (smb_pwd_check_ntlmv2(mem_ctx,
|
||||||
nt_response,
|
nt_response,
|
||||||
stored_nt->hash, challenge,
|
stored_nt->hash, challenge,
|
||||||
@ -363,13 +372,14 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
|
|||||||
return NT_STATUS_OK;
|
return NT_STATUS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", client_domain));
|
DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n",
|
||||||
|
upper_client_domain ? upper_client_domain : "<NULL>"));
|
||||||
if (smb_pwd_check_ntlmv2(mem_ctx,
|
if (smb_pwd_check_ntlmv2(mem_ctx,
|
||||||
nt_response,
|
nt_response,
|
||||||
stored_nt->hash, challenge,
|
stored_nt->hash, challenge,
|
||||||
client_username,
|
client_username,
|
||||||
client_domain,
|
upper_client_domain,
|
||||||
true,
|
false,
|
||||||
user_sess_key)) {
|
user_sess_key)) {
|
||||||
if (user_sess_key->length) {
|
if (user_sess_key->length) {
|
||||||
*lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length));
|
*lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length));
|
||||||
@ -471,7 +481,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
|
|||||||
/* This is for 'LMv2' authentication. almost NTLMv2 but limited to 24 bytes.
|
/* This is for 'LMv2' authentication. almost NTLMv2 but limited to 24 bytes.
|
||||||
- related to Win9X, legacy NAS pass-though authentication
|
- related to Win9X, legacy NAS pass-though authentication
|
||||||
*/
|
*/
|
||||||
DEBUG(4,("ntlm_password_check: Checking LMv2 password with domain %s\n", client_domain));
|
DEBUG(4,("ntlm_password_check: Checking LMv2 password with domain %s\n",
|
||||||
|
client_domain ? client_domain : "<NULL>"));
|
||||||
if (smb_pwd_check_ntlmv2(mem_ctx,
|
if (smb_pwd_check_ntlmv2(mem_ctx,
|
||||||
lm_response,
|
lm_response,
|
||||||
stored_nt->hash, challenge,
|
stored_nt->hash, challenge,
|
||||||
@ -501,13 +512,14 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
|
|||||||
return NT_STATUS_OK;
|
return NT_STATUS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n", client_domain));
|
DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n",
|
||||||
|
upper_client_domain ? upper_client_domain : "<NULL>"));
|
||||||
if (smb_pwd_check_ntlmv2(mem_ctx,
|
if (smb_pwd_check_ntlmv2(mem_ctx,
|
||||||
lm_response,
|
lm_response,
|
||||||
stored_nt->hash, challenge,
|
stored_nt->hash, challenge,
|
||||||
client_username,
|
client_username,
|
||||||
client_domain,
|
upper_client_domain,
|
||||||
true,
|
false,
|
||||||
&tmp_sess_key)) {
|
&tmp_sess_key)) {
|
||||||
if (nt_response->length > 24) {
|
if (nt_response->length > 24) {
|
||||||
/* If NTLMv2 authentication has preceeded us
|
/* If NTLMv2 authentication has preceeded us
|
||||||
@ -518,7 +530,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
|
|||||||
nt_response,
|
nt_response,
|
||||||
stored_nt->hash, challenge,
|
stored_nt->hash, challenge,
|
||||||
client_username,
|
client_username,
|
||||||
client_domain,
|
upper_client_domain,
|
||||||
true,
|
true,
|
||||||
user_sess_key);
|
user_sess_key);
|
||||||
} else {
|
} else {
|
||||||
|
Loading…
Reference in New Issue
Block a user