s3-ntlm_auth: allow ntlm_auth --diagnostics to pass again

This still requires that the server permit LM passwords, but our s3dc test
environment has this enabled.

Andrew Bartlett

diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index ff9b60ed0f6a7bb7359696a4810191fc6c1047c9..02652b15e4803ca5d3ecc6bf283e5689ba043ed6 100644 (file)
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -390,6 +390,7 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
                                   const DATA_BLOB *lm_response,
                                   const DATA_BLOB *nt_response,
                                   uint32 flags,
+                                  uint32 extra_logon_parameters,
                                   uint8 lm_key[8],
                                   uint8 user_session_key[16],
                                   char **error_string,
@@ -409,7 +410,8 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
 
        request.flags = flags;
 
-       request.data.auth_crap.logon_parameters = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
+       request.data.auth_crap.logon_parameters = extra_logon_parameters
+               | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
 
        if (require_membership_of_sid)
                fstrcpy(request.data.auth_crap.require_membership_of_sid, require_membership_of_sid);
@@ -585,6 +587,7 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX
                                              &ntlmssp_state->lm_resp,
                                              &ntlmssp_state->nt_resp, 
                                              WBFLAG_PAM_LMKEY | WBFLAG_PAM_USER_SESSION_KEY | WBFLAG_PAM_UNIX_NAME,
+                                             0,
                                              lm_key, user_sess_key, 
                                              &error_string, &unix_name);
 
@@ -2032,7 +2035,7 @@ static void manage_ntlm_server_1_request(struct ntlm_auth_state *state,
                                                              &challenge, 
                                                              &lm_response, 
                                                              &nt_response, 
-                                                             flags, 
+                                                             flags, 0,
                                                              lm_key, 
                                                              user_session_key,
                                                              &error_string,
@@ -2486,7 +2489,7 @@ static bool check_auth_crap(void)
                                              &opt_challenge, 
                                              &opt_lm_response, 
                                              &opt_nt_response, 
-                                             flags,
+                                             flags, 0,
                                              (unsigned char *)lm_key, 
                                              (unsigned char *)user_session_key, 
                                              &error_string, NULL);

diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c
index 41462c052be53c4fc6fe0ff8084523836ab1b2ea..e83e975ffda80c8084c90cec3c5f166e946d6ddd 100644 (file)
--- a/source3/utils/ntlm_auth_diagnostics.c
+++ b/source3/utils/ntlm_auth_diagnostics.c
@@ -98,7 +98,7 @@ static bool test_lm_ntlm_broken(enum ntlm_break break_which)
                                              &chall,
                                              &lm_response,
                                              &nt_response,
-                                             flags,
+                                             flags, 0,
                                              lm_key, 
                                              user_session_key,
                                              &error_string, NULL);
@@ -197,7 +197,7 @@ static bool test_ntlm_in_lm(void)
                                              &chall,
                                              &nt_response,
                                              NULL,
-                                             flags,
+                                             flags, 0,
                                              lm_key,
                                              user_session_key,
                                              &error_string, NULL);
@@ -268,7 +268,7 @@ static bool test_ntlm_in_both(void)
                                              &chall,
                                              &nt_response,
                                              &nt_response,
-                                             flags,
+                                             flags, 0,
                                              lm_key,
                                              user_session_key,
                                              &error_string, NULL);
@@ -359,7 +359,7 @@ static bool test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
                                              &chall,
                                              &lmv2_response,
                                              &ntlmv2_response,
-                                             flags,
+                                             flags, 0,
                                              NULL, 
                                              user_session_key,
                                              &error_string, NULL);
@@ -510,7 +510,7 @@ static bool test_plaintext(enum ntlm_break break_which)
                                              &chall,
                                              &lm_response,
                                              &nt_response,
-                                             flags,
+                                             flags, MSV1_0_CLEARTEXT_PASSWORD_ALLOWED,
                                              lm_key,
                                              user_session_key,
                                              &error_string, NULL);

diff --git a/source3/utils/ntlm_auth_proto.h b/source3/utils/ntlm_auth_proto.h
index 5f8d26465bf02dc4a796885f548840ca104943a8..ae26c948b83c91dd7fe407cee0b7c315bf789bac 100644 (file)
--- a/source3/utils/ntlm_auth_proto.h
+++ b/source3/utils/ntlm_auth_proto.h
@@ -36,6 +36,7 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
                                   const DATA_BLOB *lm_response,
                                   const DATA_BLOB *nt_response,
                                   uint32 flags,
+                                  uint32 extra_logon_parameters,
                                   uint8 lm_key[8],
                                   uint8 user_session_key[16],
                                   char **error_string,