Ignore:
Timestamp:
Nov 27, 2012, 4:43:17 PM (13 years ago)
Author:
Silvan Scherrer
Message:

Samba Server: updated trunk to 3.6.0

Location:
trunk/server
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/server

  • trunk/server/libcli/auth/ntlm_check.c

    r414 r745  
    55   Copyright (C) Gerald Carter                             2003
    66   Copyright (C) Luke Kenneth Casson Leighton         1996-2000
    7    
     7
    88   This program is free software; you can redistribute it and/or modify
    99   it under the terms of the GNU General Public License as published by
    1010   the Free Software Foundation; either version 3 of the License, or
    1111   (at your option) any later version.
    12    
     12
    1313   This program is distributed in the hope that it will be useful,
    1414   but WITHOUT ANY WARRANTY; without even the implied warranty of
    1515   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    1616   GNU General Public License for more details.
    17    
     17
    1818   You should have received a copy of the GNU General Public License
    1919   along with this program.  If not, see <http://www.gnu.org/licenses/>.
     
    3737        /* Finish the encryption of part_passwd. */
    3838        uint8_t p24[24];
    39        
     39
    4040        if (part_passwd == NULL) {
    4141                DEBUG(10,("No password set - DISALLOWING access\n"));
     
    4343                return false;
    4444        }
    45        
     45
    4646        if (sec_blob->length != 8) {
    4747                DEBUG(0, ("smb_pwd_check_ntlmv1: incorrect challenge size (%lu)\n",
     
    4949                return false;
    5050        }
    51        
     51
    5252        if (nt_response->length != 24) {
    5353                DEBUG(0, ("smb_pwd_check_ntlmv1: incorrect password length (%lu)\n",
     
    5757
    5858        SMBOWFencrypt(part_passwd, sec_blob->data, p24);
    59        
     59
    6060#if DEBUG_PASSWORD
    6161        DEBUG(100,("Part password (P16) was |\n"));
     
    107107                return false;
    108108        }
    109        
     109
    110110        if (ntv2_response->length < 24) {
    111111                /* We MUST have more than 16 bytes, or the stuff below will go
     
    181181                return false;
    182182        }
    183        
     183
    184184        if (ntv2_response->length < 24) {
    185185                /* We MUST have more than 16 bytes, or the stuff below will go
     
    219219
    220220NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx,
    221                                 bool lanman_auth,
     221                            bool lanman_auth,
    222222                             const struct samr_Password *client_lanman,
    223223                             const struct samr_Password *client_nt,
     
    282282
    283283NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
    284                                 bool lanman_auth,
    285                                 bool ntlm_auth,
     284                            bool lanman_auth,
     285                            bool ntlm_auth,
    286286                             uint32_t logon_parameters,
    287287                             const DATA_BLOB *challenge,
     
    319319                         username));
    320320                mdfour(client_nt.hash, nt_response->data, nt_response->length);
    321                
     321
    322322                if (lm_response->length &&
    323323                    (convert_string_talloc(mem_ctx, CH_DOS, CH_UNIX,
     
    344344                         (unsigned long)nt_response->length, username));               
    345345        }
    346        
     346
    347347        if (nt_response->length > 24 && stored_nt) {
    348348                /* We have the NT MD4 hash challenge available - see if we can
     
    362362                        return NT_STATUS_OK;
    363363                }
    364                
     364
    365365                DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", client_domain));
    366366                if (smb_pwd_check_ntlmv2(mem_ctx,
     
    376376                        return NT_STATUS_OK;
    377377                }
    378                
     378
    379379                DEBUG(4,("ntlm_password_check: Checking NTLMv2 password without a domain\n"));
    380380                if (smb_pwd_check_ntlmv2(mem_ctx,
     
    404404                                /* The LM session key for this response is not very secure,
    405405                                   so use it only if we otherwise allow LM authentication */
    406                                
     406
    407407                                if (lanman_auth && stored_lanman) {
    408408                                        *lm_sess_key = data_blob_talloc(mem_ctx, stored_lanman->hash, MIN(8, user_sess_key->length));
     
    417417                        DEBUG(2,("ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user %s\n",
    418418                                 username));                   
    419                         /* no return, becouse we might pick up LMv2 in the LM field */
    420                 }
    421         }
    422        
     419                        /* no return, because we might pick up LMv2 in the LM field */
     420                }
     421        }
     422
    423423        if (lm_response->length == 0) {
    424424                DEBUG(3,("ntlm_password_check: NEITHER LanMan nor NT password supplied for user %s\n",
     
    426426                return NT_STATUS_WRONG_PASSWORD;
    427427        }
    428        
     428
    429429        if (lm_response->length < 24) {
    430430                DEBUG(2,("ntlm_password_check: invalid LanMan password length (%lu) for user %s\n",
     
    432432                return NT_STATUS_WRONG_PASSWORD;
    433433        }
    434                
     434
    435435        if (!lanman_auth) {
    436436                DEBUG(3,("ntlm_password_check: Lanman passwords NOT PERMITTED for user %s\n",
     
    462462                }
    463463        }
    464        
     464
    465465        if (!stored_nt) {
    466466                DEBUG(4,("ntlm_password_check: LM password check failed for user, no NT password %s\n",username));
    467467                return NT_STATUS_WRONG_PASSWORD;
    468468        }
    469        
     469
    470470        /* This is for 'LMv2' authentication.  almost NTLMv2 but limited to 24 bytes.
    471471           - related to Win9X, legacy NAS pass-though authentication
     
    500500                return NT_STATUS_OK;
    501501        }
    502        
     502
    503503        DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n", client_domain));
    504504        if (smb_pwd_check_ntlmv2(mem_ctx,
     
    530530                return NT_STATUS_OK;
    531531        }
    532        
     532
    533533        DEBUG(4,("ntlm_password_check: Checking LMv2 password without a domain\n"));
    534534        if (smb_pwd_check_ntlmv2(mem_ctx,
Note: See TracChangeset for help on using the changeset viewer.