check if a username/password pair is ok via the auth subsystem.
return True if the password is correct, False otherwise
****************************************************************************/
+
BOOL password_ok(char *smb_name, DATA_BLOB password_blob)
{
DATA_BLOB null_password = data_blob(NULL, 0);
- BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24);
+ BOOL encrypted = (global_encrypted_passwords_negotiated && (password_blob.length == 24 || password_blob.length > 46));
if (encrypted) {
/*
* The password could be either NTLM or plain LM. Try NTLM first,
* but fall-through as required.
- * NTLMv2 makes no sense here.
+ * Vista sends NTLMv2 here - we need to try the client given workgroup.
*/
+ if (get_session_workgroup()) {
+ if (NT_STATUS_IS_OK(pass_check_smb(smb_name, get_session_workgroup(), null_password, password_blob, null_password, encrypted))) {
+ return True;
+ }
+ }
+
if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) {
return True;
}
return False;
}
-
-
/* users from session setup */
static char *session_userlist = NULL;
static int len_session_userlist = 0;
+/* workgroup from session setup. */
+static char *session_workgroup = NULL;
/* this holds info on user ids that are already validated for this VC */
static user_struct *validated_users;
safe_strcat(session_userlist,suser,len_session_userlist-1);
}
+/****************************************************************************
+ In security=share mode we need to store the client workgroup, as that's
+ what Vista uses for the NTLMv2 calculation.
+****************************************************************************/
+
+void add_session_workgroup(const char *workgroup)
+{
+ if (session_workgroup) {
+ SAFE_FREE(session_workgroup);
+ }
+ session_workgroup = smb_xstrdup(workgroup);
+}
+
+/****************************************************************************
+ In security=share mode we need to return the client workgroup, as that's
+ what Vista uses for the NTLMv2 calculation.
+****************************************************************************/
+
+const char *get_session_workgroup(void)
+{
+ return session_workgroup;
+}
+
/****************************************************************************
Check if a user is in a netgroup user list. If at first we don't succeed,
try lower case.