Contents of /trunk/samba/patches/samba-3.0.24-share-security-ntlmv2.patch
Parent Directory | Revision Log
Revision 153 -
(show annotations)
(download)
Tue May 8 20:52:56 2007 UTC (17 years, 4 months ago) by niro
File size: 3607 byte(s)
Tue May 8 20:52:56 2007 UTC (17 years, 4 months ago) by niro
File size: 3607 byte(s)
-import
1 | Index: samba-3.0.24/source/auth/auth_compat.c |
2 | =================================================================== |
3 | --- samba-3.0.24.orig/source/auth/auth_compat.c 2007-02-08 08:01:57.000000000 -0600 |
4 | +++ samba-3.0.24/source/auth/auth_compat.c 2007-02-08 08:02:08.000000000 -0600 |
5 | @@ -92,18 +92,25 @@ |
6 | check if a username/password pair is ok via the auth subsystem. |
7 | return True if the password is correct, False otherwise |
8 | ****************************************************************************/ |
9 | + |
10 | BOOL password_ok(char *smb_name, DATA_BLOB password_blob) |
11 | { |
12 | |
13 | DATA_BLOB null_password = data_blob(NULL, 0); |
14 | - BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24); |
15 | + BOOL encrypted = (global_encrypted_passwords_negotiated && (password_blob.length == 24 || password_blob.length > 46)); |
16 | |
17 | if (encrypted) { |
18 | /* |
19 | * The password could be either NTLM or plain LM. Try NTLM first, |
20 | * but fall-through as required. |
21 | - * NTLMv2 makes no sense here. |
22 | + * Vista sends NTLMv2 here - we need to try the client given workgroup. |
23 | */ |
24 | + if (get_session_workgroup()) { |
25 | + if (NT_STATUS_IS_OK(pass_check_smb(smb_name, get_session_workgroup(), null_password, password_blob, null_password, encrypted))) { |
26 | + return True; |
27 | + } |
28 | + } |
29 | + |
30 | if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) { |
31 | return True; |
32 | } |
33 | @@ -119,5 +126,3 @@ |
34 | |
35 | return False; |
36 | } |
37 | - |
38 | - |
39 | Index: samba-3.0.24/source/smbd/password.c |
40 | =================================================================== |
41 | --- samba-3.0.24.orig/source/smbd/password.c 2007-02-08 08:01:42.000000000 -0600 |
42 | +++ samba-3.0.24/source/smbd/password.c 2007-02-08 08:02:08.000000000 -0600 |
43 | @@ -23,6 +23,8 @@ |
44 | /* users from session setup */ |
45 | static char *session_userlist = NULL; |
46 | static int len_session_userlist = 0; |
47 | +/* workgroup from session setup. */ |
48 | +static char *session_workgroup = NULL; |
49 | |
50 | /* this holds info on user ids that are already validated for this VC */ |
51 | static user_struct *validated_users; |
52 | @@ -406,6 +408,29 @@ |
53 | } |
54 | |
55 | /**************************************************************************** |
56 | + In security=share mode we need to store the client workgroup, as that's |
57 | + what Vista uses for the NTLMv2 calculation. |
58 | +****************************************************************************/ |
59 | + |
60 | +void add_session_workgroup(const char *workgroup) |
61 | +{ |
62 | + if (session_workgroup) { |
63 | + SAFE_FREE(session_workgroup); |
64 | + } |
65 | + session_workgroup = smb_xstrdup(workgroup); |
66 | +} |
67 | + |
68 | +/**************************************************************************** |
69 | + In security=share mode we need to return the client workgroup, as that's |
70 | + what Vista uses for the NTLMv2 calculation. |
71 | +****************************************************************************/ |
72 | + |
73 | +const char *get_session_workgroup(void) |
74 | +{ |
75 | + return session_workgroup; |
76 | +} |
77 | + |
78 | +/**************************************************************************** |
79 | Check if a user is in a netgroup user list. If at first we don't succeed, |
80 | try lower case. |
81 | ****************************************************************************/ |
82 | Index: samba-3.0.24/source/smbd/sesssetup.c |
83 | =================================================================== |
84 | --- samba-3.0.24.orig/source/smbd/sesssetup.c 2007-02-08 08:01:38.000000000 -0600 |
85 | +++ samba-3.0.24/source/smbd/sesssetup.c 2007-02-08 08:02:08.000000000 -0600 |
86 | @@ -1035,6 +1035,7 @@ |
87 | |
88 | map_username(sub_user); |
89 | add_session_user(sub_user); |
90 | + add_session_workgroup(domain); |
91 | /* Then force it to null for the benfit of the code below */ |
92 | *user = 0; |
93 | } |