Add support for a weird behaviour apparently used by Win9X pass-through

authentication - we can have an NT hash in the LM hash feild.

(I need to double-check this fix with tpot, who discovered it).

Also remove silly casts back and forth between uchar and char.

Andrew Bartlett

diff --git a/source/auth/auth_sam.c b/source/auth/auth_sam.c
index 76579150ce9da4918f91c38c08a93852d961c512..155370546a5b3827f56f85ecbbd4b8c766c305e5 100644 (file)
--- a/source/auth/auth_sam.c
+++ b/source/auth/auth_sam.c
@@ -107,7 +107,7 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB ntv2_response,
        memcpy(client_response, ntv2_response.data, sizeof(client_response));
 
        ntv2_owf_gen(part_passwd, user, domain, kr);
-       SMBOWFencrypt_ntv2(kr, sec_blob, client_key_data, (char *)value_from_encryption);
+       SMBOWFencrypt_ntv2(kr, sec_blob, client_key_data, value_from_encryption);
        if (user_sess_key != NULL)
        {
                SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key);
@@ -232,11 +232,26 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
                {
                        return NT_STATUS_OK;
                } else {
+                       if (lp_ntlm_auth()) {                           
+                               /* Apparently NT accepts NT responses in the LM feild
+                                  - I think this is related to Win9X pass-though authenticaion
+                               */
+                               DEBUG(4,("sam_password_ok: Checking NT MD4 password in LM feild\n"));
+                               if (smb_pwd_check_ntlmv1(user_info->lm_resp, 
+                                                        nt_pw, auth_context->challenge,
+                                                        user_sess_key)) 
+                               {
+                                       return NT_STATUS_OK;
+                               } else {
+                                       DEBUG(3,("sam_password_ok: NT MD4 password in LM feild failed for user %s\n",pdb_get_username(sampass)));
+                                       return NT_STATUS_WRONG_PASSWORD;
+                               }
+                       }
                        DEBUG(4,("sam_password_ok: LM password check failed for user %s\n",pdb_get_username(sampass)));
                        return NT_STATUS_WRONG_PASSWORD;
                } 
        }
-
+               
        /* Should not be reached, but if they send nothing... */
        DEBUG(3,("sam_password_ok: NEITHER LanMan nor NT password supplied for user %s\n",pdb_get_username(sampass)));
        return NT_STATUS_WRONG_PASSWORD;

diff --git a/source/libsmb/smbencrypt.c b/source/libsmb/smbencrypt.c
index 95434d0ae4e102f42a54377906721b280bc3d6fa..d15a83a5153545ac2db194773ca1ad2175f19215 100644 (file)
--- a/source/libsmb/smbencrypt.c
+++ b/source/libsmb/smbencrypt.c
@@ -226,14 +226,14 @@ BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[
 void SMBOWFencrypt_ntv2(const uchar kr[16],
                        const DATA_BLOB srv_chal,
                        const DATA_BLOB cli_chal,
-                       char resp_buf[16])
+                       uchar resp_buf[16])
 {
        HMACMD5Context ctx;
 
        hmac_md5_init_limK_to_64(kr, 16, &ctx);
        hmac_md5_update(srv_chal.data, srv_chal.length, &ctx);
        hmac_md5_update(cli_chal.data, cli_chal.length, &ctx);
-       hmac_md5_final((unsigned char *)resp_buf, &ctx);
+       hmac_md5_final(resp_buf, &ctx);
 
 #ifdef DEBUG_PASSWORD
        DEBUG(100, ("SMBOWFencrypt_ntv2: srv_chal, cli_chal, resp_buf\n"));