[Samba] Vista password being rejected on share security mode
Jeremy Allison
jra at samba.org
Tue Feb 6 18:53:30 GMT 2007
On Tue, Feb 06, 2007 at 11:37:09AM -0600, Schaefer Jr, Thomas R. wrote:
> I'm using Windows Vista Enterprise and also am having great difficulty
> with security = share and 3.0.23d (as well as 3.0.11 and 3.0.14a). It
> seems as though Vista will randomly, occasionally work with it, but in
> general it just won't work at all. I wish I had your problem of a 10
> second connection delay, far better than no connection at all. Did you
> have to do anything special to get it working, albiet with the 10 second
> delay?
You need the attached patch. It'll be up on the Vista
patches page later this week or early next.
Jeremy
-------------- next part --------------
Index: smbd/sesssetup.c
===================================================================
--- smbd/sesssetup.c (revision 21127)
+++ smbd/sesssetup.c (working copy)
@@ -1035,6 +1035,7 @@
map_username(sub_user);
add_session_user(sub_user);
+ add_session_workgroup(domain);
/* Then force it to null for the benfit of the code below */
*user = 0;
}
Index: smbd/password.c
===================================================================
--- smbd/password.c (revision 21127)
+++ smbd/password.c (working copy)
@@ -23,6 +23,8 @@
/* users from session setup */
static char *session_userlist = NULL;
static int len_session_userlist = 0;
+/* workgroup from session setup. */
+static char *session_workgroup = NULL;
/* this holds info on user ids that are already validated for this VC */
static user_struct *validated_users;
@@ -406,6 +408,29 @@
}
/****************************************************************************
+ In security=share mode we need to store the client workgroup, as that's
+ what Vista uses for the NTLMv2 calculation.
+****************************************************************************/
+
+void add_session_workgroup(const char *workgroup)
+{
+ if (session_workgroup) {
+ SAFE_FREE(session_workgroup);
+ }
+ session_workgroup = smb_xstrdup(workgroup);
+}
+
+/****************************************************************************
+ In security=share mode we need to return the client workgroup, as that's
+ what Vista uses for the NTLMv2 calculation.
+****************************************************************************/
+
+const char *get_session_workgroup(void)
+{
+ return session_workgroup;
+}
+
+/****************************************************************************
Check if a user is in a netgroup user list. If at first we don't succeed,
try lower case.
****************************************************************************/
Index: auth/auth_compat.c
===================================================================
--- auth/auth_compat.c (revision 21127)
+++ auth/auth_compat.c (working copy)
@@ -92,18 +92,25 @@
check if a username/password pair is ok via the auth subsystem.
return True if the password is correct, False otherwise
****************************************************************************/
+
BOOL password_ok(char *smb_name, DATA_BLOB password_blob)
{
DATA_BLOB null_password = data_blob(NULL, 0);
- BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24);
+ BOOL encrypted = (global_encrypted_passwords_negotiated && (password_blob.length == 24 || password_blob.length > 46));
if (encrypted) {
/*
* The password could be either NTLM or plain LM. Try NTLM first,
* but fall-through as required.
- * NTLMv2 makes no sense here.
+ * Vista sends NTLMv2 here - we need to try the client given workgroup.
*/
+ if (get_session_workgroup()) {
+ if (NT_STATUS_IS_OK(pass_check_smb(smb_name, get_session_workgroup(), null_password, password_blob, null_password, encrypted))) {
+ return True;
+ }
+ }
+
if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) {
return True;
}
@@ -119,5 +126,3 @@
return False;
}
-
-
More information about the samba
mailing list