s3-ntlm_auth: allow ntlm_auth --diagnostics to pass again
authorAndrew Bartlett <abartlet@samba.org>
Sat, 18 Feb 2012 23:56:12 +0000 (10:56 +1100)
committerAndrew Bartlett <abartlet@samba.org>
Sun, 19 Feb 2012 23:50:48 +0000 (10:50 +1100)
This still requires that the server permit LM passwords, but our s3dc test
environment has this enabled.

Andrew Bartlett

source3/utils/ntlm_auth.c
source3/utils/ntlm_auth_diagnostics.c
source3/utils/ntlm_auth_proto.h

index ff9b60e..02652b1 100644 (file)
@@ -390,6 +390,7 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
                                   const DATA_BLOB *lm_response,
                                   const DATA_BLOB *nt_response,
                                   uint32 flags,
+                                  uint32 extra_logon_parameters,
                                   uint8 lm_key[8],
                                   uint8 user_session_key[16],
                                   char **error_string,
@@ -409,7 +410,8 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
 
        request.flags = flags;
 
-       request.data.auth_crap.logon_parameters = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
+       request.data.auth_crap.logon_parameters = extra_logon_parameters
+               | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
 
        if (require_membership_of_sid)
                fstrcpy(request.data.auth_crap.require_membership_of_sid, require_membership_of_sid);
@@ -585,6 +587,7 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX
                                              &ntlmssp_state->lm_resp,
                                              &ntlmssp_state->nt_resp, 
                                              WBFLAG_PAM_LMKEY | WBFLAG_PAM_USER_SESSION_KEY | WBFLAG_PAM_UNIX_NAME,
+                                             0,
                                              lm_key, user_sess_key, 
                                              &error_string, &unix_name);
 
@@ -2032,7 +2035,7 @@ static void manage_ntlm_server_1_request(struct ntlm_auth_state *state,
                                                              &challenge, 
                                                              &lm_response, 
                                                              &nt_response, 
-                                                             flags, 
+                                                             flags, 0,
                                                              lm_key, 
                                                              user_session_key,
                                                              &error_string,
@@ -2486,7 +2489,7 @@ static bool check_auth_crap(void)
                                              &opt_challenge, 
                                              &opt_lm_response, 
                                              &opt_nt_response, 
-                                             flags,
+                                             flags, 0,
                                              (unsigned char *)lm_key, 
                                              (unsigned char *)user_session_key, 
                                              &error_string, NULL);
index 41462c0..e83e975 100644 (file)
@@ -98,7 +98,7 @@ static bool test_lm_ntlm_broken(enum ntlm_break break_which)
                                              &chall,
                                              &lm_response,
                                              &nt_response,
-                                             flags,
+                                             flags, 0,
                                              lm_key, 
                                              user_session_key,
                                              &error_string, NULL);
@@ -197,7 +197,7 @@ static bool test_ntlm_in_lm(void)
                                              &chall,
                                              &nt_response,
                                              NULL,
-                                             flags,
+                                             flags, 0,
                                              lm_key,
                                              user_session_key,
                                              &error_string, NULL);
@@ -268,7 +268,7 @@ static bool test_ntlm_in_both(void)
                                              &chall,
                                              &nt_response,
                                              &nt_response,
-                                             flags,
+                                             flags, 0,
                                              lm_key,
                                              user_session_key,
                                              &error_string, NULL);
@@ -359,7 +359,7 @@ static bool test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
                                              &chall,
                                              &lmv2_response,
                                              &ntlmv2_response,
-                                             flags,
+                                             flags, 0,
                                              NULL, 
                                              user_session_key,
                                              &error_string, NULL);
@@ -510,7 +510,7 @@ static bool test_plaintext(enum ntlm_break break_which)
                                              &chall,
                                              &lm_response,
                                              &nt_response,
-                                             flags,
+                                             flags, MSV1_0_CLEARTEXT_PASSWORD_ALLOWED,
                                              lm_key,
                                              user_session_key,
                                              &error_string, NULL);
index 5f8d264..ae26c94 100644 (file)
@@ -36,6 +36,7 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
                                   const DATA_BLOB *lm_response,
                                   const DATA_BLOB *nt_response,
                                   uint32 flags,
+                                  uint32 extra_logon_parameters,
                                   uint8 lm_key[8],
                                   uint8 user_session_key[16],
                                   char **error_string,