[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Fri Aug 13 20:45:42 MDT 2010
The branch, master has been updated
via 4f8ef20... s3:auth Add error paths for invalid password_state values
via 70211ea... s3:auth Change winbindd -> auth interface to more standard structures
via b1b9752... s3:auth Change 'make_user_info' to be talloc based
via e66f6e7... s3:auth Whitespace fixes after auth merge
via 23994e1... s3:auth Make Samba3 use the new common struct auth_usersupplied_info
via 272e49e... s4:auth Move struct auth_usersupplied_info to a common location
via 61930f5... waf: enable gccdeps in developer mode
via 952ef31... s4-build: fixed library name in dcerpc_server.pc.in
via 3828c76... ndr: allow ndr_print to print DATA_BLOB
via 7bb5d35... dnsp: dnsp_name is 2 byte aligned
from 60eae5a... s3:idmap: fix sid_to_unixid for builtin and own domain.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4f8ef205ac05cfb445e1252b02faccf9f442f1c3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue May 4 23:44:50 2010 +1000
s3:auth Add error paths for invalid password_state values
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit 70211ea6a3517cb64f18fe7768078e7d51c51ca1
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 17 19:04:31 2010 +1000
s3:auth Change winbindd -> auth interface to more standard structures
This removes conversions to and from the source3 varient of the
server_info structure when replaced in s3compat, and presents a tidier
interface to winbindd in any case.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit b1b9752506e73766ec66c3c5d26797e9f0112527
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 17 18:10:13 2010 +1000
s3:auth Change 'make_user_info' to be talloc based
This is an ideal candidate, as it already uses a free function. It
now uses talloc destructors to clear the passwords if required.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit e66f6e715fc98641f6cb20f137867723a315f672
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jun 1 21:53:42 2010 +1000
s3:auth Whitespace fixes after auth merge
commit 23994e1b53b8528007f6325ce5f286712ec021be
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jun 1 21:52:01 2010 +1000
s3:auth Make Samba3 use the new common struct auth_usersupplied_info
This common structure will make it much easier to produce an auth
module for s3compat that calls Samba4's auth subsystem.
In order the make the link work properly (and not map twice), we mark
both that we did try and map the user, as well as if we changed the
user during the mapping.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge at samba.org>
commit 272e49e85c47d88ef0a84bce88e6f8d984f2eae4
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue May 4 16:44:08 2010 +1000
s4:auth Move struct auth_usersupplied_info to a common location
This also changes the calling convention slightly - we should always
allocate this with talloc_zero() to allow some elements to be
optional. Some elements may only make sense in Samba3, which I hope
will use this common structure.
Andrew Bartlett
commit 61930f50cbace4741500d8b53fc11a4ef3e0d4f8
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Aug 9 16:39:13 2010 +1000
waf: enable gccdeps in developer mode
there are some bugs in the waf builtin preproc this that avoids
commit 952ef310b5e96fe2529562d4bb288f313be62e8a
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Aug 9 16:38:33 2010 +1000
s4-build: fixed library name in dcerpc_server.pc.in
Thanks to Metze for spotting this
commit 3828c76c76e4e9ce7bdb33bc4871f5cf571cc18b
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Aug 9 16:37:52 2010 +1000
ndr: allow ndr_print to print DATA_BLOB
this prints DATA_BLOB structures using the ndr->print() calls
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 7bb5d353e84fa2998ae03fb7ecff1c59685dd9b7
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Aug 9 16:36:50 2010 +1000
dnsp: dnsp_name is 2 byte aligned
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/common_auth.h | 63 ++++++++++++
buildtools/wafsamba/wscript | 5 +-
librpc/ndr/libndr.h | 1 +
librpc/ndr/ndr.c | 20 +++-
librpc/ndr/ndr_basic.c | 49 +++++++++-
librpc/ndr/ndr_dnsp.c | 2 +
source3/auth/auth.c | 8 +-
source3/auth/auth_compat.c | 48 ++++-----
source3/auth/auth_domain.c | 38 ++++----
source3/auth/auth_netlogond.c | 8 +-
source3/auth/auth_ntlmssp.c | 2 +-
source3/auth/auth_script.c | 8 +-
source3/auth/auth_server.c | 29 +++--
source3/auth/auth_unix.c | 3 +-
source3/auth/auth_util.c | 79 ++++++++-------
source3/auth/auth_wbc.c | 43 +++++++--
source3/auth/auth_winbind.c | 8 +-
source3/auth/check_samsec.c | 94 ++++++++++++-----
source3/auth/pass_check.c | 8 +-
source3/auth/user_info.c | 134 ++++++++++++------------
source3/include/auth.h | 25 +----
source3/include/proto.h | 30 ++++--
source3/web/cgi.c | 2 +-
source3/winbindd/winbindd_pam.c | 31 +-----
source4/auth/auth.h | 43 +--------
source4/auth/ntlm/auth_simple.c | 2 +-
source4/auth/ntlm/auth_util.c | 6 +-
source4/auth/ntlmssp/ntlmssp_server.c | 2 +-
source4/rpc_server/dcerpc_server.pc.in | 2 +-
source4/rpc_server/netlogon/dcerpc_netlogon.c | 6 +-
source4/smb_server/smb/sesssetup.c | 4 +-
31 files changed, 460 insertions(+), 343 deletions(-)
create mode 100644 auth/common_auth.h
Changeset truncated at 500 lines:
diff --git a/auth/common_auth.h b/auth/common_auth.h
new file mode 100644
index 0000000..4ae5df9
--- /dev/null
+++ b/auth/common_auth.h
@@ -0,0 +1,63 @@
+/*
+ Unix SMB/CIFS implementation.
+ Standardised Authentication types
+ Copyright (C) Andrew Bartlett 2001-2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "librpc/gen_ndr/krb5pac.h"
+
+#define USER_INFO_CASE_INSENSITIVE_USERNAME 0x01 /* username may be in any case */
+#define USER_INFO_CASE_INSENSITIVE_PASSWORD 0x02 /* password may be in any case */
+#define USER_INFO_DONT_CHECK_UNIX_ACCOUNT 0x04 /* don't check unix account status */
+#define USER_INFO_INTERACTIVE_LOGON 0x08 /* don't check unix account status */
+
+enum auth_password_state {
+ AUTH_PASSWORD_PLAIN = 1,
+ AUTH_PASSWORD_HASH = 2,
+ AUTH_PASSWORD_RESPONSE = 3
+};
+
+struct auth_usersupplied_info
+{
+ const char *workstation_name;
+ const struct tsocket_address *remote_host;
+
+ uint32_t logon_parameters;
+
+ bool mapped_state;
+ bool was_mapped;
+ /* the values the client gives us */
+ struct {
+ const char *account_name;
+ const char *domain_name;
+ } client, mapped;
+
+ enum auth_password_state password_state;
+
+ struct {
+ struct {
+ DATA_BLOB lanman;
+ DATA_BLOB nt;
+ } response;
+ struct {
+ struct samr_Password *lanman;
+ struct samr_Password *nt;
+ } hash;
+
+ char *plaintext;
+ } password;
+ uint32_t flags;
+};
diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript
index bad65ca..bf301d2 100644
--- a/buildtools/wafsamba/wscript
+++ b/buildtools/wafsamba/wscript
@@ -160,8 +160,9 @@ def configure(conf):
# we need git for 'waf dist'
conf.find_program('git', var='GIT')
- if Options.options.enable_gccdeps:
- # don't enable gccdeps by default as it needs a very recent version gcc
+ if Options.options.enable_gccdeps or Options.options.developer:
+ # don't enable gccdeps by default for non-developer builds
+ # as it needs a very recent version gcc
conf.check_tool('gccdeps', tooldir=conf.srcdir + "/buildtools/wafsamba")
# make the install paths available in environment
diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h
index d5091a6..9134efa 100644
--- a/librpc/ndr/libndr.h
+++ b/librpc/ndr/libndr.h
@@ -105,6 +105,7 @@ struct ndr_print {
struct ndr_token_list *switch_list;
void (*print)(struct ndr_print *, const char *, ...) PRINTF_ATTRIBUTE(2,3);
void *private_data;
+ bool no_newline;
};
#define LIBNDR_FLAG_BIGENDIAN (1<<0)
diff --git a/librpc/ndr/ndr.c b/librpc/ndr/ndr.c
index 1600d51..3f553a7 100644
--- a/librpc/ndr/ndr.c
+++ b/librpc/ndr/ndr.c
@@ -176,6 +176,12 @@ _PUBLIC_ void ndr_print_debug_helper(struct ndr_print *ndr, const char *format,
return;
}
+ if (ndr->no_newline) {
+ DEBUGADD(1,("%s", s));
+ free(s);
+ return;
+ }
+
for (i=0;i<ndr->depth;i++) {
DEBUGADD(1,(" "));
}
@@ -189,17 +195,21 @@ _PUBLIC_ void ndr_print_string_helper(struct ndr_print *ndr, const char *format,
va_list ap;
int i;
- for (i=0;i<ndr->depth;i++) {
- ndr->private_data = talloc_asprintf_append_buffer(
- (char *)ndr->private_data, " ");
+ if (!ndr->no_newline) {
+ for (i=0;i<ndr->depth;i++) {
+ ndr->private_data = talloc_asprintf_append_buffer(
+ (char *)ndr->private_data, " ");
+ }
}
va_start(ap, format);
ndr->private_data = talloc_vasprintf_append_buffer((char *)ndr->private_data,
format, ap);
va_end(ap);
- ndr->private_data = talloc_asprintf_append_buffer((char *)ndr->private_data,
- "\n");
+ if (!ndr->no_newline) {
+ ndr->private_data = talloc_asprintf_append_buffer((char *)ndr->private_data,
+ "\n");
+ }
}
/*
diff --git a/librpc/ndr/ndr_basic.c b/librpc/ndr/ndr_basic.c
index d0d58b0..0becf38 100644
--- a/librpc/ndr/ndr_basic.c
+++ b/librpc/ndr/ndr_basic.c
@@ -1021,11 +1021,58 @@ _PUBLIC_ void ndr_print_array_uint8(struct ndr_print *ndr, const char *name,
ndr->depth--;
}
+static void ndr_print_asc(struct ndr_print *ndr, const uint8_t *buf, int len)
+{
+ int i;
+ for (i=0;i<len;i++)
+ ndr->print(ndr, "%c", isprint(buf[i])?buf[i]:'.');
+}
+
+/*
+ ndr_print version of dump_data()
+ */
+static void ndr_dump_data(struct ndr_print *ndr, const uint8_t *buf, int len)
+{
+ int i=0;
+
+ ndr->no_newline = true;
+
+ for (i=0;i<len;) {
+ if (i%16 == 0 && i<len) {
+ ndr->print(ndr, "[%04X] ",i);
+ }
+
+ ndr->print(ndr, "%02X ",(int)buf[i]);
+ i++;
+ if (i%8 == 0) ndr->print(ndr," ");
+ if (i%16 == 0) {
+ ndr_print_asc(ndr,&buf[i-16],8); ndr->print(ndr," ");
+ ndr_print_asc(ndr,&buf[i-8],8); ndr->print(ndr, "\n");
+ }
+ }
+
+ if (i%16) {
+ int n;
+ n = 16 - (i%16);
+ ndr->print(ndr, " ");
+ if (n>8) ndr->print(ndr," ");
+ while (n--) ndr->print(ndr," ");
+ n = MIN(8,i%16);
+ ndr_print_asc(ndr,&buf[i-(i%16)],n); ndr->print(ndr, " ");
+ n = (i%16) - n;
+ if (n>0) ndr_print_asc(ndr,&buf[i-n],n);
+ ndr->print(ndr,"\n");
+ }
+
+ ndr->no_newline = false;
+}
+
+
_PUBLIC_ void ndr_print_DATA_BLOB(struct ndr_print *ndr, const char *name, DATA_BLOB r)
{
ndr->print(ndr, "%-25s: DATA_BLOB length=%u", name, (unsigned)r.length);
if (r.length) {
- dump_data(10, r.data, r.length);
+ ndr_dump_data(ndr, r.data, r.length);
}
}
diff --git a/librpc/ndr/ndr_dnsp.c b/librpc/ndr/ndr_dnsp.c
index f24b5db..f777591 100644
--- a/librpc/ndr/ndr_dnsp.c
+++ b/librpc/ndr/ndr_dnsp.c
@@ -69,6 +69,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_dnsp_name(struct ndr_pull *ndr, int ndr_flag
total_len = newlen;
}
(*name) = ret;
+ NDR_PULL_ALIGN(ndr, 2);
return NDR_ERR_SUCCESS;
}
@@ -93,6 +94,7 @@ enum ndr_err_code ndr_push_dnsp_name(struct ndr_push *ndr, int ndr_flags, const
NDR_CHECK(ndr_push_bytes(ndr, (const uint8_t *)name, sublen));
name += sublen + 1;
}
+ NDR_PUSH_ALIGN(ndr, 2);
return NDR_ERR_SUCCESS;
}
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 5dc1d97..ed8888f 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -233,11 +233,11 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
#ifdef DEBUG_PASSWORD
DEBUG(100, ("user_info has passwords of length %d and %d\n",
- (int)user_info->lm_resp.length, (int)user_info->nt_resp.length));
+ (int)user_info->password.response.lanman.length, (int)user_info->password.response.nt.length));
DEBUG(100, ("lm:\n"));
- dump_data(100, user_info->lm_resp.data, user_info->lm_resp.length);
+ dump_data(100, user_info->password.response.lanman.data, user_info->password.response.lanman.length);
DEBUG(100, ("nt:\n"));
- dump_data(100, user_info->nt_resp.data, user_info->nt_resp.length);
+ dump_data(100, user_info->password.response.nt.data, user_info->password.response.nt.length);
#endif
/* This needs to be sorted: If it doesn't match, what should we do? */
@@ -248,7 +248,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
NTSTATUS result;
mem_ctx = talloc_init("%s authentication for user %s\\%s", auth_method->name,
- user_info->mapped.domain_name, user_info->client.account_name);
+ user_info->mapped.domain_name, user_info->client.account_name);
result = auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info);
diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c
index cdd4096..bd4c433 100644
--- a/source3/auth/auth_compat.c
+++ b/source3/auth/auth_compat.c
@@ -30,13 +30,12 @@ extern bool global_encrypted_passwords_negotiated;
***************************************************************************/
/****************************************************************************
-check if a username/password is OK assuming the password is a 24 byte
-SMB hash
+check if a username/password is OK assuming the password is in plaintext
return True if the password is correct, False otherwise
****************************************************************************/
NTSTATUS check_plaintext_password(const char *smb_name,
- DATA_BLOB plaintext_password,
+ DATA_BLOB plaintext_blob,
struct auth_serversupplied_info **server_info)
{
struct auth_context *plaintext_auth_context = NULL;
@@ -52,7 +51,7 @@ NTSTATUS check_plaintext_password(const char *smb_name,
if (!make_user_info_for_reply(&user_info,
smb_name, lp_workgroup(), chal,
- plaintext_password)) {
+ plaintext_blob)) {
return NT_STATUS_NO_MEMORY;
}
@@ -68,27 +67,21 @@ static NTSTATUS pass_check_smb(struct auth_context *actx,
const char *smb_name,
const char *domain,
DATA_BLOB lm_pwd,
- DATA_BLOB nt_pwd,
- DATA_BLOB plaintext_password,
- bool encrypted)
+ DATA_BLOB nt_pwd)
{
NTSTATUS nt_status;
struct auth_serversupplied_info *server_info = NULL;
- if (encrypted) {
- struct auth_usersupplied_info *user_info = NULL;
- if (actx == NULL) {
- return NT_STATUS_INTERNAL_ERROR;
- }
- make_user_info_for_reply_enc(&user_info, smb_name,
- domain,
- lm_pwd,
- nt_pwd);
- nt_status = actx->check_ntlm_password(actx, user_info, &server_info);
- free_user_info(&user_info);
- } else {
- nt_status = check_plaintext_password(smb_name, plaintext_password, &server_info);
- }
+ struct auth_usersupplied_info *user_info = NULL;
+ if (actx == NULL) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ make_user_info_for_reply_enc(&user_info, smb_name,
+ domain,
+ lm_pwd,
+ nt_pwd);
+ nt_status = actx->check_ntlm_password(actx, user_info, &server_info);
+ free_user_info(&user_info);
TALLOC_FREE(server_info);
return nt_status;
}
@@ -113,23 +106,26 @@ bool password_ok(struct auth_context *actx, bool global_encrypted,
* Vista sends NTLMv2 here - we need to try the client given workgroup.
*/
if (session_workgroup) {
- if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, session_workgroup, null_password, password_blob, null_password, encrypted))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, session_workgroup, null_password, password_blob))) {
return True;
}
- if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, session_workgroup, password_blob, null_password, null_password, encrypted))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, session_workgroup, password_blob, null_password))) {
return True;
}
}
- if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), null_password, password_blob))) {
return True;
}
- if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), password_blob, null_password, null_password, encrypted))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), password_blob, null_password))) {
return True;
}
} else {
- if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), null_password, null_password, password_blob, encrypted))) {
+ struct auth_serversupplied_info *server_info = NULL;
+ NTSTATUS nt_status = check_plaintext_password(smb_name, password_blob, &server_info);
+ TALLOC_FREE(server_info);
+ if (NT_STATUS_IS_OK(nt_status)) {
return True;
}
}
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 0fc6410..445aff5 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -307,15 +307,15 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
nt_status = rpccli_netlogon_sam_network_logon(netlogon_pipe,
mem_ctx,
- user_info->logon_parameters,/* flags such as 'allow workstation logon' */
- dc_name, /* server name */
- user_info->client.account_name, /* user name logging on. */
- user_info->client.domain_name, /* domain name */
- user_info->workstation_name,/* workstation name */
- chal, /* 8 byte challenge. */
- user_info->lm_resp, /* lanman 24 byte response */
- user_info->nt_resp, /* nt 24 byte response */
- &info3); /* info3 out */
+ user_info->logon_parameters, /* flags such as 'allow workstation logon' */
+ dc_name, /* server name */
+ user_info->client.account_name, /* user name logging on. */
+ user_info->client.domain_name, /* domain name */
+ user_info->workstation_name, /* workstation name */
+ chal, /* 8 byte challenge. */
+ user_info->password.response.lanman, /* lanman 24 byte response */
+ user_info->password.response.nt, /* nt 24 byte response */
+ &info3); /* info3 out */
/* Let go as soon as possible so we avoid any potential deadlocks
with winbind lookup up users or groups. */
@@ -335,10 +335,10 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
}
} else {
nt_status = make_server_info_info3(mem_ctx,
- user_info->client.account_name,
- domain,
- server_info,
- info3);
+ user_info->client.account_name,
+ domain,
+ server_info,
+ info3);
if (NT_STATUS_IS_OK(nt_status)) {
(*server_info)->nss_token |= user_info->was_mapped;
@@ -522,12 +522,12 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte
}
nt_status = domain_client_validate(mem_ctx,
- user_info,
- user_info->mapped.domain_name,
- (uchar *)auth_context->challenge.data,
- server_info,
- dc_name,
- &dc_ss);
+ user_info,
+ user_info->mapped.domain_name,
+ (uchar *)auth_context->challenge.data,
+ server_info,
+ dc_name,
+ &dc_ss);
return nt_status;
}
diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c
index 8be2c6a..889371c 100644
--- a/source3/auth/auth_netlogond.c
+++ b/source3/auth/auth_netlogond.c
@@ -84,12 +84,12 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx,
user_info->logon_parameters, /* flags such as 'allow
* workstation logon' */
global_myname(), /* server name */
- user_info->client.account_name, /* user name logging on. */
- user_info->client.domain_name, /* domain name */
+ user_info->client.account_name, /* user name logging on. */
+ user_info->client.domain_name, /* domain name */
user_info->workstation_name, /* workstation name */
(uchar *)auth_context->challenge.data, /* 8 byte challenge. */
- user_info->lm_resp, /* lanman 24 byte response */
- user_info->nt_resp, /* nt 24 byte response */
+ user_info->password.response.lanman, /* lanman 24 byte response */
+ user_info->password.response.nt, /* nt 24 byte response */
&info3); /* info3 out */
DEBUG(10, ("rpccli_netlogon_sam_network_logon_ex returned %s\n",
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index bc0e9d2..a910201 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -131,7 +131,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
auth_ntlmssp_state->ntlmssp_state->lm_resp.data ? &auth_ntlmssp_state->ntlmssp_state->lm_resp : NULL,
auth_ntlmssp_state->ntlmssp_state->nt_resp.data ? &auth_ntlmssp_state->ntlmssp_state->nt_resp : NULL,
NULL, NULL, NULL,
- True);
+ AUTH_PASSWORD_RESPONSE);
user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
diff --git a/source3/auth/auth_script.c b/source3/auth/auth_script.c
index 2b83f80..ee01733 100644
--- a/source3/auth/auth_script.c
+++ b/source3/auth/auth_script.c
@@ -84,17 +84,17 @@ static NTSTATUS script_check_user_credentials(const struct auth_context *auth_co
safe_strcat( secret_str, hex_str, secret_str_len - 1);
safe_strcat( secret_str, "\n", secret_str_len - 1);
- if (user_info->lm_resp.data) {
+ if (user_info->password.response.lanman.data) {
for (i = 0; i < 24; i++) {
- slprintf(&hex_str[i*2], 3, "%02X", user_info->lm_resp.data[i]);
+ slprintf(&hex_str[i*2], 3, "%02X", user_info->password.response.lanman.data[i]);
}
safe_strcat( secret_str, hex_str, secret_str_len - 1);
}
safe_strcat( secret_str, "\n", secret_str_len - 1);
- if (user_info->nt_resp.data) {
+ if (user_info->password.response.nt.data) {
for (i = 0; i < 24; i++) {
- slprintf(&hex_str[i*2], 3, "%02X", user_info->nt_resp.data[i]);
+ slprintf(&hex_str[i*2], 3, "%02X", user_info->password.response.nt.data[i]);
}
safe_strcat( secret_str, hex_str, secret_str_len - 1);
}
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 8f0f98b..b5954e6 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -297,7 +297,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
}
if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
- if (user_info->encrypted) {
+ if (user_info->password_state != AUTH_PASSWORD_PLAIN) {
DEBUG(1,("password server %s is plaintext, but we are encrypted. This just can't work :-(\n", cli->desthost));
return NT_STATUS_LOGON_FAILURE;
}
@@ -326,8 +326,8 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
memset(badpass, 0x1f, sizeof(badpass));
- if((user_info->nt_resp.length == sizeof(badpass)) &&
- !memcmp(badpass, user_info->nt_resp.data, sizeof(badpass))) {
+ if((user_info->password.response.nt.length == sizeof(badpass)) &&
+ !memcmp(badpass, user_info->password.response.nt.data, sizeof(badpass))) {
/*
* Very unlikely, our random bad password is the same as the users
* password.
--
Samba Shared Repository
More information about the samba-cvs
mailing list