Annotation of /trunk/samba/patches/samba-3.0.24-share-security-ntlmv2.patch
Parent Directory | Revision Log
Revision 153 -
(hide annotations)
(download)
Tue May 8 20:52:56 2007 UTC (17 years, 4 months ago) by niro
File size: 3607 byte(s)
Tue May 8 20:52:56 2007 UTC (17 years, 4 months ago) by niro
File size: 3607 byte(s)
-import
1 | niro | 153 | Index: samba-3.0.24/source/auth/auth_compat.c |
2 | =================================================================== | ||
3 | --- samba-3.0.24.orig/source/auth/auth_compat.c 2007-02-08 08:01:57.000000000 -0600 | ||
4 | +++ samba-3.0.24/source/auth/auth_compat.c 2007-02-08 08:02:08.000000000 -0600 | ||
5 | @@ -92,18 +92,25 @@ | ||
6 | check if a username/password pair is ok via the auth subsystem. | ||
7 | return True if the password is correct, False otherwise | ||
8 | ****************************************************************************/ | ||
9 | + | ||
10 | BOOL password_ok(char *smb_name, DATA_BLOB password_blob) | ||
11 | { | ||
12 | |||
13 | DATA_BLOB null_password = data_blob(NULL, 0); | ||
14 | - BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24); | ||
15 | + BOOL encrypted = (global_encrypted_passwords_negotiated && (password_blob.length == 24 || password_blob.length > 46)); | ||
16 | |||
17 | if (encrypted) { | ||
18 | /* | ||
19 | * The password could be either NTLM or plain LM. Try NTLM first, | ||
20 | * but fall-through as required. | ||
21 | - * NTLMv2 makes no sense here. | ||
22 | + * Vista sends NTLMv2 here - we need to try the client given workgroup. | ||
23 | */ | ||
24 | + if (get_session_workgroup()) { | ||
25 | + if (NT_STATUS_IS_OK(pass_check_smb(smb_name, get_session_workgroup(), null_password, password_blob, null_password, encrypted))) { | ||
26 | + return True; | ||
27 | + } | ||
28 | + } | ||
29 | + | ||
30 | if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) { | ||
31 | return True; | ||
32 | } | ||
33 | @@ -119,5 +126,3 @@ | ||
34 | |||
35 | return False; | ||
36 | } | ||
37 | - | ||
38 | - | ||
39 | Index: samba-3.0.24/source/smbd/password.c | ||
40 | =================================================================== | ||
41 | --- samba-3.0.24.orig/source/smbd/password.c 2007-02-08 08:01:42.000000000 -0600 | ||
42 | +++ samba-3.0.24/source/smbd/password.c 2007-02-08 08:02:08.000000000 -0600 | ||
43 | @@ -23,6 +23,8 @@ | ||
44 | /* users from session setup */ | ||
45 | static char *session_userlist = NULL; | ||
46 | static int len_session_userlist = 0; | ||
47 | +/* workgroup from session setup. */ | ||
48 | +static char *session_workgroup = NULL; | ||
49 | |||
50 | /* this holds info on user ids that are already validated for this VC */ | ||
51 | static user_struct *validated_users; | ||
52 | @@ -406,6 +408,29 @@ | ||
53 | } | ||
54 | |||
55 | /**************************************************************************** | ||
56 | + In security=share mode we need to store the client workgroup, as that's | ||
57 | + what Vista uses for the NTLMv2 calculation. | ||
58 | +****************************************************************************/ | ||
59 | + | ||
60 | +void add_session_workgroup(const char *workgroup) | ||
61 | +{ | ||
62 | + if (session_workgroup) { | ||
63 | + SAFE_FREE(session_workgroup); | ||
64 | + } | ||
65 | + session_workgroup = smb_xstrdup(workgroup); | ||
66 | +} | ||
67 | + | ||
68 | +/**************************************************************************** | ||
69 | + In security=share mode we need to return the client workgroup, as that's | ||
70 | + what Vista uses for the NTLMv2 calculation. | ||
71 | +****************************************************************************/ | ||
72 | + | ||
73 | +const char *get_session_workgroup(void) | ||
74 | +{ | ||
75 | + return session_workgroup; | ||
76 | +} | ||
77 | + | ||
78 | +/**************************************************************************** | ||
79 | Check if a user is in a netgroup user list. If at first we don't succeed, | ||
80 | try lower case. | ||
81 | ****************************************************************************/ | ||
82 | Index: samba-3.0.24/source/smbd/sesssetup.c | ||
83 | =================================================================== | ||
84 | --- samba-3.0.24.orig/source/smbd/sesssetup.c 2007-02-08 08:01:38.000000000 -0600 | ||
85 | +++ samba-3.0.24/source/smbd/sesssetup.c 2007-02-08 08:02:08.000000000 -0600 | ||
86 | @@ -1035,6 +1035,7 @@ | ||
87 | |||
88 | map_username(sub_user); | ||
89 | add_session_user(sub_user); | ||
90 | + add_session_workgroup(domain); | ||
91 | /* Then force it to null for the benfit of the code below */ | ||
92 | *user = 0; | ||
93 | } |