svn commit: samba r2755 - in branches/SAMBA_3_0/source/nsswitch: .

[abartlet at samba.org]

Author: abartlet
Date: 2004-09-30 00:49:41 +0000 (Thu, 30 Sep 2004)
New Revision: 2755

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/branches/SAMBA_3_0/source/nsswitch&rev=2755&nolog=1

Log:
Fix NTLMv2 for use with pam_winbind, the plaintext ntlm_auth modes,
and the wbinfo -a test tool.

If 'client ntlmv2 auth' is set, then we will send an NTLMv2, rather
than an NT/LM response to the server.

Andrew Bartlett

Modified:
   branches/SAMBA_3_0/source/nsswitch/wbinfo.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/wbinfo.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/wbinfo.c	2004-09-29 17:37:59 UTC (rev 2754)
+++ branches/SAMBA_3_0/source/nsswitch/wbinfo.c	2004-09-30 00:49:41 UTC (rev 2755)
@@ -582,14 +582,55 @@
 
 	generate_random_buffer(request.data.auth_crap.chal, 8);
         
-        SMBencrypt(pass, request.data.auth_crap.chal, 
-                   (uchar *)request.data.auth_crap.lm_resp);
-        SMBNTencrypt(pass, request.data.auth_crap.chal,
-                     (uchar *)request.data.auth_crap.nt_resp);
+	if (lp_client_ntlmv2_auth()) {
+		DATA_BLOB server_chal;
+		DATA_BLOB names_blob;	
 
-        request.data.auth_crap.lm_resp_len = 24;
-        request.data.auth_crap.nt_resp_len = 24;
+		DATA_BLOB lm_response;
+		DATA_BLOB nt_response;
 
+		server_chal = data_blob(request.data.auth_crap.chal, 8); 
+		
+		/* Pretend this is a login to 'us', for blob purposes */
+		names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
+		
+		if (!SMBNTLMv2encrypt(name_user, name_domain, pass, &server_chal, 
+				      &names_blob,
+				      &lm_response, &nt_response, NULL)) {
+			data_blob_free(&names_blob);
+			data_blob_free(&server_chal);
+			return False;
+		}
+		data_blob_free(&names_blob);
+		data_blob_free(&server_chal);
+
+		memcpy(request.data.auth_crap.nt_resp, nt_response.data, 
+		       MIN(nt_response.length, 
+			   sizeof(request.data.auth_crap.nt_resp)));
+		request.data.auth_crap.nt_resp_len = nt_response.length;
+
+		memcpy(request.data.auth_crap.lm_resp, lm_response.data, 
+		       MIN(lm_response.length, 
+			   sizeof(request.data.auth_crap.lm_resp)));
+		request.data.auth_crap.lm_resp_len = lm_response.length;
+		       
+		data_blob_free(&nt_response);
+		data_blob_free(&lm_response);
+
+	} else {
+		if (lp_client_lanman_auth() 
+		    && SMBencrypt(pass, request.data.auth_crap.chal, 
+			       (uchar *)request.data.auth_crap.lm_resp)) {
+			request.data.auth_crap.lm_resp_len = 24;
+		} else {
+			request.data.auth_crap.lm_resp_len = 0;
+		}
+		SMBNTencrypt(pass, request.data.auth_crap.chal,
+			     (uchar *)request.data.auth_crap.nt_resp);
+
+		request.data.auth_crap.nt_resp_len = 24;
+	}
+
 	result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
 
 	/* Display response */

Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c	2004-09-29 17:37:59 UTC (rev 2754)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c	2004-09-30 00:49:41 UTC (rev 2755)
@@ -190,13 +190,59 @@
 
 	/* do password magic */
 	
+
 	generate_random_buffer(chal, 8);
-	SMBencrypt(state->request.data.auth.pass, chal, local_lm_response);
+	if (lp_client_ntlmv2_auth()) {
+		DATA_BLOB server_chal;
+		DATA_BLOB names_blob;
+		DATA_BLOB nt_response;
+		DATA_BLOB lm_response;
+		server_chal = data_blob_talloc(mem_ctx, chal, 8); 
 		
-	SMBNTencrypt(state->request.data.auth.pass, chal, local_nt_response);
+		/* note that the 'workgroup' here is a best guess - we don't know
+		   the server's domain at this point.  The 'server name' is also
+		   dodgy... 
+		*/
+		names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
+		
+		if (!SMBNTLMv2encrypt(name_user, name_domain, 
+				      state->request.data.auth.pass, 
+				      &server_chal, 
+				      &names_blob,
+				      &lm_response, &nt_response, NULL)) {
+			data_blob_free(&names_blob);
+			data_blob_free(&server_chal);
+			DEBUG(0, ("winbindd_pam_auth: SMBNTLMv2encrypt() failed!\n"));
+			result = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
+		data_blob_free(&names_blob);
+		data_blob_free(&server_chal);
+		lm_resp = data_blob_talloc(mem_ctx, lm_response.data, lm_response.length);
+		nt_resp = data_blob_talloc(mem_ctx, nt_response.data, nt_response.length);
+		data_blob_free(&lm_response);
+		data_blob_free(&nt_response);
 
-	lm_resp = data_blob_talloc(mem_ctx, local_lm_response, sizeof(local_lm_response));
-	nt_resp = data_blob_talloc(mem_ctx, local_nt_response, sizeof(local_nt_response));
+	} else {
+		if (lp_client_lanman_auth() 
+		    && SMBencrypt(state->request.data.auth.pass, 
+				  chal, 
+				  local_lm_response)) {
+			lm_resp = data_blob_talloc(mem_ctx, 
+						   local_lm_response, 
+						   sizeof(local_lm_response));
+		} else {
+			lm_resp = data_blob(NULL, 0);
+		}
+		SMBNTencrypt(state->request.data.auth.pass, 
+			     chal,
+			     local_nt_response);
+
+		nt_resp = data_blob_talloc(mem_ctx, 
+					   local_nt_response, 
+					   sizeof(local_nt_response));
+	}
+
 	
 	/* what domain should we contact? */