Andrew Bartlett patch to cope with Exchange 5.5 cleartext pop password auth.

Jeremy.
(This used to be commit 46e66ee950eee035ad008c189cd2378f734af605)

diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index ce97bd7df267c61da055687b2a59e8c05889626e..2a00b6fb807712fd93a5e544b77650d4b835003b 100644 (file)
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -172,6 +172,22 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
                         pdb_get_username(sampass)));
                /* No return, we want to check the LM hash below in this case */
                auth_flags &= (~(AUTH_FLAG_NTLMv2_RESP |  AUTH_FLAG_NTLM_RESP));
+       } else {
+               /* Check for cleartext netlogon. Used by Exchange 5.5. */
+               unsigned char zeros[8];
+
+               memset(zeros,'\0',sizeof(zeros));
+               if (auth_context->challenge.length == sizeof(zeros) && 
+                               (memcmp(auth_context->challenge.data, zeros, auth_context->challenge.length) == 0 ) &&
+                               user_info->nt_resp.length) {
+                       if ((nt_pw = pdb_get_nt_passwd(sampass)) != NULL) {
+                               unsigned char pwhash[16];
+                               mdfour(pwhash, user_info->nt_resp.data, user_info->nt_resp.length);
+                               if (memcmp(pwhash, nt_pw, sizeof(pwhash)) == 0) {
+                                       return NT_STATUS_OK;
+                               }
+                       }
+               }
        }
        
        if (auth_flags & AUTH_FLAG_NTLMv2_RESP) {