s3-ntlm_auth: allow ntlm_auth --diagnostics to pass again

This still requires that the server permit LM passwords, but our s3dc test
environment has this enabled.

Andrew Bartlett

source3/utils/ntlm_auth.c

@@ -390,6 +390,7 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
 				   const DATA_BLOB *lm_response,
 				   const DATA_BLOB *nt_response,
 				   uint32 flags,
+				   uint32 extra_logon_parameters,
 				   uint8 lm_key[8],
 				   uint8 user_session_key[16],
 				   char **error_string,
@@ -409,7 +410,8 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
 
 	request.flags = flags;
 
-	request.data.auth_crap.logon_parameters = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
+	request.data.auth_crap.logon_parameters = extra_logon_parameters
+		| MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
 
 	if (require_membership_of_sid)
 		fstrcpy(request.data.auth_crap.require_membership_of_sid, require_membership_of_sid);
@@ -585,6 +587,7 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX
 					      &ntlmssp_state->lm_resp,
 					      &ntlmssp_state->nt_resp, 
 					      WBFLAG_PAM_LMKEY | WBFLAG_PAM_USER_SESSION_KEY | WBFLAG_PAM_UNIX_NAME,
+					      0,
 					      lm_key, user_sess_key, 
 					      &error_string, &unix_name);
 
@@ -2032,7 +2035,7 @@ static void manage_ntlm_server_1_request(struct ntlm_auth_state *state,
 							      &challenge, 
 							      &lm_response, 
 							      &nt_response, 
-							      flags, 
+							      flags, 0,
 							      lm_key, 
 							      user_session_key,
 							      &error_string,
@@ -2486,7 +2489,7 @@ static bool check_auth_crap(void)
 					      &opt_challenge, 
 					      &opt_lm_response, 
 					      &opt_nt_response, 
-					      flags,
+					      flags, 0,
 					      (unsigned char *)lm_key, 
 					      (unsigned char *)user_session_key, 
 					      &error_string, NULL);

source3/utils/ntlm_auth_diagnostics.c

@@ -98,7 +98,7 @@ static bool test_lm_ntlm_broken(enum ntlm_break break_which)
 					      &chall,
 					      &lm_response,
 					      &nt_response,
-					      flags,
+					      flags, 0,
 					      lm_key, 
 					      user_session_key,
 					      &error_string, NULL);
@@ -197,7 +197,7 @@ static bool test_ntlm_in_lm(void)
 					      &chall,
 					      &nt_response,
 					      NULL,
-					      flags,
+					      flags, 0,
 					      lm_key,
 					      user_session_key,
 					      &error_string, NULL);
@@ -268,7 +268,7 @@ static bool test_ntlm_in_both(void)
 					      &chall,
 					      &nt_response,
 					      &nt_response,
-					      flags,
+					      flags, 0,
 					      lm_key,
 					      user_session_key,
 					      &error_string, NULL);
@@ -359,7 +359,7 @@ static bool test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
 					      &chall,
 					      &lmv2_response,
 					      &ntlmv2_response,
-					      flags,
+					      flags, 0,
 					      NULL, 
 					      user_session_key,
 					      &error_string, NULL);
@@ -510,7 +510,7 @@ static bool test_plaintext(enum ntlm_break break_which)
 					      &chall,
 					      &lm_response,
 					      &nt_response,
-					      flags,
+					      flags, MSV1_0_CLEARTEXT_PASSWORD_ALLOWED,
 					      lm_key,
 					      user_session_key,
 					      &error_string, NULL);

source3/utils/ntlm_auth_proto.h

@@ -36,6 +36,7 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
 				   const DATA_BLOB *lm_response,
 				   const DATA_BLOB *nt_response,
 				   uint32 flags,
+				   uint32 extra_logon_parameters,
 				   uint8 lm_key[8],
 				   uint8 user_session_key[16],
 				   char **error_string,