#include "includes.h"
+extern struct auth_context *negprot_global_auth_context;
+extern BOOL global_encrypted_passwords_negotiated;
+
#undef DBGC_CLASS
-#define DBGC_CLASS DGBC_AUTH
+#define DBGC_CLASS DBGC_AUTH
/****************************************************************************
COMPATIBILITY INTERFACES:
{
NTSTATUS nt_status;
- extern struct auth_context *negprot_global_auth_context;
auth_serversupplied_info *server_info = NULL;
if (encrypted) {
auth_usersupplied_info *user_info = NULL;
} else {
nt_status = check_plaintext_password(smb_name, plaintext_password, &server_info);
}
- free_server_info(&server_info);
+ TALLOC_FREE(server_info);
return nt_status;
}
check if a username/password pair is ok via the auth subsystem.
return True if the password is correct, False otherwise
****************************************************************************/
+
BOOL password_ok(char *smb_name, DATA_BLOB password_blob)
{
- DATA_BLOB null_password = data_blob(NULL, 0);
- extern BOOL global_encrypted_passwords_negotiated;
- BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24);
+ DATA_BLOB null_password = data_blob_null;
+ BOOL encrypted = (global_encrypted_passwords_negotiated && (password_blob.length == 24 || password_blob.length > 46));
if (encrypted) {
/*
* The password could be either NTLM or plain LM. Try NTLM first,
* but fall-through as required.
- * NTLMv2 makes no sense here.
+ * Vista sends NTLMv2 here - we need to try the client given workgroup.
*/
+ if (get_session_workgroup()) {
+ if (NT_STATUS_IS_OK(pass_check_smb(smb_name, get_session_workgroup(), null_password, password_blob, null_password, encrypted))) {
+ return True;
+ }
+ if (NT_STATUS_IS_OK(pass_check_smb(smb_name, get_session_workgroup(), password_blob, null_password, null_password, encrypted))) {
+ return True;
+ }
+ }
+
if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) {
return True;
}
return False;
}
-
-