ntlm_auth3: let contact_winbind_auth_crap() return pauthoritative
authorStefan Metzmacher <metze@samba.org>
Fri, 17 Mar 2017 10:49:40 +0000 (11:49 +0100)
committerStefan Metzmacher <metze@samba.org>
Fri, 24 Mar 2017 10:57:09 +0000 (11:57 +0100)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source3/utils/ntlm_auth.c
source3/utils/ntlm_auth_diagnostics.c
source3/utils/ntlm_auth_proto.h

index 829eb8f96b2280fc44220c2ffc3ba912ff58455f..4bfab5ba45bfa063a969bc1a5537c5490d6e1ede 100644 (file)
@@ -528,6 +528,7 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
                                   uint32_t extra_logon_parameters,
                                   uint8_t lm_key[8],
                                   uint8_t user_session_key[16],
+                                  uint8_t *pauthoritative,
                                   char **error_string,
                                   char **unix_name)
 {
@@ -536,6 +537,8 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
        struct winbindd_request request;
        struct winbindd_response response;
 
+       *pauthoritative = 1;
+
        if (!get_require_membership_sid()) {
                return NT_STATUS_INVALID_PARAMETER;
        }
@@ -605,6 +608,7 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
        if (!NT_STATUS_IS_OK(nt_status)) {
                if (error_string) 
                        *error_string = smb_xstrdup(response.data.auth.error_string);
+               *pauthoritative = response.data.auth.authoritative;
                winbindd_free_response(&response);
                return nt_status;
        }
@@ -951,6 +955,7 @@ static NTSTATUS winbind_pw_check(struct auth4_context *auth4_context,
        uint8_t lm_key[8]; 
        uint8_t user_sess_key[16]; 
        char *unix_name = NULL;
+       uint8_t authoritative = 0;
 
        nt_status = contact_winbind_auth_crap(user_info->client.account_name, user_info->client.domain_name, 
                                              user_info->workstation_name, 
@@ -960,6 +965,7 @@ static NTSTATUS winbind_pw_check(struct auth4_context *auth4_context,
                                              WBFLAG_PAM_LMKEY | WBFLAG_PAM_USER_SESSION_KEY | WBFLAG_PAM_UNIX_NAME,
                                              0,
                                              lm_key, user_sess_key, 
+                                             &authoritative,
                                              &error_string, &unix_name);
 
        if (NT_STATUS_IS_OK(nt_status)) {
@@ -1719,6 +1725,8 @@ static void manage_ntlm_server_1_request(enum stdio_helper_mode stdio_helper_mod
                                TALLOC_FREE(mem_ctx);
 
                        } else {
+                               uint8_t authoritative = 0;
+
                                if (!domain) {
                                        domain = smb_xstrdup(get_winbind_domain());
                                }
@@ -1738,6 +1746,7 @@ static void manage_ntlm_server_1_request(enum stdio_helper_mode stdio_helper_mod
                                                                      flags, 0,
                                                                      lm_key,
                                                                      user_session_key,
+                                                                     &authoritative,
                                                                      &error_string,
                                                                      NULL);
                        }
@@ -2185,6 +2194,7 @@ static bool check_auth_crap(void)
        char *hex_lm_key;
        char *hex_user_session_key;
        char *error_string;
+       uint8_t authoritative = 0;
 
        setbuf(stdout, NULL);
 
@@ -2204,6 +2214,7 @@ static bool check_auth_crap(void)
                                              flags, 0,
                                              (unsigned char *)lm_key, 
                                              (unsigned char *)user_session_key, 
+                                             &authoritative,
                                              &error_string, NULL);
 
        if (!NT_STATUS_IS_OK(nt_status)) {
index 5533fd201fc5de20ee019fdf9466700bc8e3ed62..41591a8de33920eee193dbb729f7cac4ff583ccb 100644 (file)
@@ -54,7 +54,7 @@ static bool test_lm_ntlm_broken(enum ntlm_break break_which)
        DATA_BLOB lm_response = data_blob(NULL, 24);
        DATA_BLOB nt_response = data_blob(NULL, 24);
        DATA_BLOB session_key = data_blob(NULL, 16);
-
+       uint8_t authoritative = 0;
        uchar lm_key[8];
        uchar user_session_key[16];
        uchar lm_hash[16];
@@ -101,6 +101,7 @@ static bool test_lm_ntlm_broken(enum ntlm_break break_which)
                                              flags, 0,
                                              lm_key, 
                                              user_session_key,
+                                             &authoritative,
                                              &error_string, NULL);
        
        data_blob_free(&lm_response);
@@ -176,7 +177,7 @@ static bool test_ntlm_in_lm(void)
        NTSTATUS nt_status;
        uint32_t flags = 0;
        DATA_BLOB nt_response = data_blob(NULL, 24);
-
+       uint8_t authoritative = 0;
        uchar lm_key[8];
        uchar lm_hash[16];
        uchar user_session_key[16];
@@ -200,6 +201,7 @@ static bool test_ntlm_in_lm(void)
                                              flags, 0,
                                              lm_key,
                                              user_session_key,
+                                             &authoritative,
                                              &error_string, NULL);
        
        data_blob_free(&nt_response);
@@ -243,7 +245,7 @@ static bool test_ntlm_in_both(void)
        uint32_t flags = 0;
        DATA_BLOB nt_response = data_blob(NULL, 24);
        DATA_BLOB session_key = data_blob(NULL, 16);
-
+       uint8_t authoritative = 0;
        uint8_t lm_key[8];
        uint8_t lm_hash[16];
        uint8_t user_session_key[16];
@@ -271,6 +273,7 @@ static bool test_ntlm_in_both(void)
                                              flags, 0,
                                              lm_key,
                                              user_session_key,
+                                             &authoritative,
                                              &error_string, NULL);
        
        data_blob_free(&nt_response);
@@ -319,7 +322,7 @@ static bool test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
        DATA_BLOB lmv2_response = data_blob_null;
        DATA_BLOB ntlmv2_session_key = data_blob_null;
        DATA_BLOB names_blob = NTLMv2_generate_names_blob(NULL, get_winbind_netbios_name(), get_winbind_domain());
-
+       uint8_t authoritative = 0;
        uchar user_session_key[16];
        DATA_BLOB chall = get_challenge();
        char *error_string;
@@ -362,6 +365,7 @@ static bool test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
                                              flags, 0,
                                              NULL, 
                                              user_session_key,
+                                             &authoritative,
                                              &error_string, NULL);
        
        data_blob_free(&lmv2_response);
@@ -448,7 +452,7 @@ static bool test_plaintext(enum ntlm_break break_which)
        char *password;
        smb_ucs2_t *nt_response_ucs2;
        size_t converted_size;
-
+       uint8_t authoritative = 0;
        uchar user_session_key[16];
        uchar lm_key[16];
        static const uchar zeros[8] = { 0, };
@@ -513,6 +517,7 @@ static bool test_plaintext(enum ntlm_break break_which)
                                              flags, MSV1_0_CLEARTEXT_PASSWORD_ALLOWED,
                                              lm_key,
                                              user_session_key,
+                                             &authoritative,
                                              &error_string, NULL);
        
        TALLOC_FREE(nt_response.data);
index 367fd79d3d975b2340f132cbc0b5f694b4142f44..63c476372983fb2bcdd505a318ffd3ced1fcf41c 100644 (file)
@@ -39,6 +39,7 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
                                   uint32_t extra_logon_parameters,
                                   uint8_t lm_key[8],
                                   uint8_t user_session_key[16],
+                                  uint8_t *pauthoritative,
                                   char **error_string,
                                   char **unix_name);