svn commit: samba r21128 - in branches: SAMBA_3_0/source/auth
SAMBA_3_0/source/smbd SAMBA_3_0_24/source/auth
SAMBA_3_0_24/source/smbd
jra at samba.org
jra at samba.org
Fri Feb 2 22:02:43 GMT 2007
Author: jra
Date: 2007-02-02 22:02:42 +0000 (Fri, 02 Feb 2007)
New Revision: 21128
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21128
Log:
Fix Vista connecting to Samba in share level security.
Vista sends the NTLMv2 blob by default in the tconX
packet. Make sure we save off the workgroup the user
was logged into on the client in the sessionsetupX
and re-use it for the NTLMv2 calc.
Jeremy.
Modified:
branches/SAMBA_3_0/source/auth/auth_compat.c
branches/SAMBA_3_0/source/smbd/password.c
branches/SAMBA_3_0/source/smbd/sesssetup.c
branches/SAMBA_3_0_24/source/auth/auth_compat.c
branches/SAMBA_3_0_24/source/smbd/password.c
branches/SAMBA_3_0_24/source/smbd/sesssetup.c
Changeset:
Modified: branches/SAMBA_3_0/source/auth/auth_compat.c
===================================================================
--- branches/SAMBA_3_0/source/auth/auth_compat.c 2007-02-02 17:48:21 UTC (rev 21127)
+++ branches/SAMBA_3_0/source/auth/auth_compat.c 2007-02-02 22:02:42 UTC (rev 21128)
@@ -92,18 +92,25 @@
check if a username/password pair is ok via the auth subsystem.
return True if the password is correct, False otherwise
****************************************************************************/
+
BOOL password_ok(char *smb_name, DATA_BLOB password_blob)
{
DATA_BLOB null_password = data_blob(NULL, 0);
- BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24);
+ BOOL encrypted = (global_encrypted_passwords_negotiated && (password_blob.length == 24 || password_blob.length > 46));
if (encrypted) {
/*
* The password could be either NTLM or plain LM. Try NTLM first,
* but fall-through as required.
- * NTLMv2 makes no sense here.
+ * Vista sends NTLMv2 here - we need to try the client given workgroup.
*/
+ if (get_session_workgroup()) {
+ if (NT_STATUS_IS_OK(pass_check_smb(smb_name, get_session_workgroup(), null_password, password_blob, null_password, encrypted))) {
+ return True;
+ }
+ }
+
if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) {
return True;
}
@@ -119,5 +126,3 @@
return False;
}
-
-
Modified: branches/SAMBA_3_0/source/smbd/password.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/password.c 2007-02-02 17:48:21 UTC (rev 21127)
+++ branches/SAMBA_3_0/source/smbd/password.c 2007-02-02 22:02:42 UTC (rev 21128)
@@ -23,6 +23,8 @@
/* users from session setup */
static char *session_userlist = NULL;
static int len_session_userlist = 0;
+/* workgroup from session setup. */
+static char *session_workgroup = NULL;
/* this holds info on user ids that are already validated for this VC */
static user_struct *validated_users;
@@ -403,6 +405,29 @@
}
/****************************************************************************
+ In security=share mode we need to store the client workgroup, as that's
+ what Vista uses for the NTLMv2 calculation.
+****************************************************************************/
+
+void add_session_workgroup(const char *workgroup)
+{
+ if (session_workgroup) {
+ SAFE_FREE(session_workgroup);
+ }
+ session_workgroup = smb_xstrdup(workgroup);
+}
+
+/****************************************************************************
+ In security=share mode we need to return the client workgroup, as that's
+ what Vista uses for the NTLMv2 calculation.
+****************************************************************************/
+
+const char *get_session_workgroup(void)
+{
+ return session_workgroup;
+}
+
+/****************************************************************************
Check if a user is in a netgroup user list. If at first we don't succeed,
try lower case.
****************************************************************************/
Modified: branches/SAMBA_3_0/source/smbd/sesssetup.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/sesssetup.c 2007-02-02 17:48:21 UTC (rev 21127)
+++ branches/SAMBA_3_0/source/smbd/sesssetup.c 2007-02-02 22:02:42 UTC (rev 21128)
@@ -1050,6 +1050,7 @@
map_username(sub_user);
add_session_user(sub_user);
+ add_session_workgroup(domain);
/* Then force it to null for the benfit of the code below */
*user = 0;
}
Modified: branches/SAMBA_3_0_24/source/auth/auth_compat.c
===================================================================
--- branches/SAMBA_3_0_24/source/auth/auth_compat.c 2007-02-02 17:48:21 UTC (rev 21127)
+++ branches/SAMBA_3_0_24/source/auth/auth_compat.c 2007-02-02 22:02:42 UTC (rev 21128)
@@ -92,18 +92,25 @@
check if a username/password pair is ok via the auth subsystem.
return True if the password is correct, False otherwise
****************************************************************************/
+
BOOL password_ok(char *smb_name, DATA_BLOB password_blob)
{
DATA_BLOB null_password = data_blob(NULL, 0);
- BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24);
+ BOOL encrypted = (global_encrypted_passwords_negotiated && (password_blob.length == 24 || password_blob.length > 46));
if (encrypted) {
/*
* The password could be either NTLM or plain LM. Try NTLM first,
* but fall-through as required.
- * NTLMv2 makes no sense here.
+ * Vista sends NTLMv2 here - we need to try the client given workgroup.
*/
+ if (get_session_workgroup()) {
+ if (NT_STATUS_IS_OK(pass_check_smb(smb_name, get_session_workgroup(), null_password, password_blob, null_password, encrypted))) {
+ return True;
+ }
+ }
+
if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) {
return True;
}
@@ -119,5 +126,3 @@
return False;
}
-
-
Modified: branches/SAMBA_3_0_24/source/smbd/password.c
===================================================================
--- branches/SAMBA_3_0_24/source/smbd/password.c 2007-02-02 17:48:21 UTC (rev 21127)
+++ branches/SAMBA_3_0_24/source/smbd/password.c 2007-02-02 22:02:42 UTC (rev 21128)
@@ -23,6 +23,8 @@
/* users from session setup */
static char *session_userlist = NULL;
static int len_session_userlist = 0;
+/* workgroup from session setup. */
+static char *session_workgroup = NULL;
/* this holds info on user ids that are already validated for this VC */
static user_struct *validated_users;
@@ -403,6 +405,29 @@
}
/****************************************************************************
+ In security=share mode we need to store the client workgroup, as that's
+ what Vista uses for the NTLMv2 calculation.
+****************************************************************************/
+
+void add_session_workgroup(const char *workgroup)
+{
+ if (session_workgroup) {
+ SAFE_FREE(session_workgroup);
+ }
+ session_workgroup = smb_xstrdup(workgroup);
+}
+
+/****************************************************************************
+ In security=share mode we need to return the client workgroup, as that's
+ what Vista uses for the NTLMv2 calculation.
+****************************************************************************/
+
+const char *get_session_workgroup(void)
+{
+ return session_workgroup;
+}
+
+/****************************************************************************
Check if a user is in a netgroup user list. If at first we don't succeed,
try lower case.
****************************************************************************/
Modified: branches/SAMBA_3_0_24/source/smbd/sesssetup.c
===================================================================
--- branches/SAMBA_3_0_24/source/smbd/sesssetup.c 2007-02-02 17:48:21 UTC (rev 21127)
+++ branches/SAMBA_3_0_24/source/smbd/sesssetup.c 2007-02-02 22:02:42 UTC (rev 21128)
@@ -1050,6 +1050,7 @@
map_username(sub_user);
add_session_user(sub_user);
+ add_session_workgroup(domain);
/* Then force it to null for the benfit of the code below */
*user = 0;
}
More information about the samba-cvs
mailing list