r23689: Squashed commit of the following:

[ira/wip.git] / source3 / auth / auth_compat.c

diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c
index c049b3867b3bc7be4e13830cf0857caf2649e7a9..65ece50a508af63393c16c072f0960a836a2cf33 100644 (file)
--- a/source3/auth/auth_compat.c
+++ b/source3/auth/auth_compat.c
@@ -20,8 +20,11 @@
 
 #include "includes.h"
 
+extern struct auth_context *negprot_global_auth_context;
+extern BOOL global_encrypted_passwords_negotiated;
+
 #undef DBGC_CLASS
-#define DBGC_CLASS DGBC_AUTH
+#define DBGC_CLASS DBGC_AUTH
 
 /****************************************************************************
  COMPATIBILITY INTERFACES:
@@ -68,7 +71,6 @@ static NTSTATUS pass_check_smb(const char *smb_name,
 
 {
        NTSTATUS nt_status;
-       extern struct auth_context *negprot_global_auth_context;
        auth_serversupplied_info *server_info = NULL;
        if (encrypted) {                
                auth_usersupplied_info *user_info = NULL;
@@ -82,7 +84,7 @@ static NTSTATUS pass_check_smb(const char *smb_name,
        } else {
                nt_status = check_plaintext_password(smb_name, plaintext_password, &server_info);
        }               
-       free_server_info(&server_info);
+       TALLOC_FREE(server_info);
        return nt_status;
 }
 
@@ -90,19 +92,28 @@ static NTSTATUS pass_check_smb(const char *smb_name,
 check if a username/password pair is ok via the auth subsystem.
 return True if the password is correct, False otherwise
 ****************************************************************************/
+
 BOOL password_ok(char *smb_name, DATA_BLOB password_blob)
 {
 
-       DATA_BLOB null_password = data_blob(NULL, 0);
-       extern BOOL global_encrypted_passwords_negotiated;
-       BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24);
+       DATA_BLOB null_password = data_blob_null;
+       BOOL encrypted = (global_encrypted_passwords_negotiated && (password_blob.length == 24 || password_blob.length > 46));
        
        if (encrypted) {
                /* 
                 * The password could be either NTLM or plain LM.  Try NTLM first, 
                 * but fall-through as required.
-                * NTLMv2 makes no sense here.
+                * Vista sends NTLMv2 here - we need to try the client given workgroup.
                 */
+               if (get_session_workgroup()) {
+                       if (NT_STATUS_IS_OK(pass_check_smb(smb_name, get_session_workgroup(), null_password, password_blob, null_password, encrypted))) {
+                               return True;
+                       }
+                       if (NT_STATUS_IS_OK(pass_check_smb(smb_name, get_session_workgroup(), password_blob, null_password, null_password, encrypted))) {
+                               return True;
+                       }
+               }
+
                if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) {
                        return True;
                }
@@ -118,5 +129,3 @@ BOOL password_ok(char *smb_name, DATA_BLOB password_blob)
 
        return False;
 }
-
-