*lm_sess_key = data_blob(NULL, 0);
*user_sess_key = data_blob(NULL, 0);
status = hash_password_check(mem_ctx,
- auth_context->lp_ctx,
+ lp_lanman_auth(auth_context->lp_ctx),
user_info->password.hash.lanman,
user_info->password.hash.nt,
user_info->mapped.account_name,
case AUTH_PASSWORD_RESPONSE:
status = ntlm_password_check(mem_ctx,
- auth_context->lp_ctx,
+ lp_lanman_auth(auth_context->lp_ctx),
+ lp_ntlm_auth(auth_context->lp_ctx),
user_info->logon_parameters,
&auth_context->challenge.data,
&user_info->password.response.lanman,
#include "../lib/crypto/crypto.h"
#include "librpc/gen_ndr/netlogon.h"
#include "libcli/auth/libcli_auth.h"
-#include "param/param.h"
#include "auth/ntlm/ntlm_check.h"
/****************************************************************************
*/
NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx,
- struct loadparm_context *lp_ctx,
+ bool lanman_auth,
const struct samr_Password *client_lanman,
const struct samr_Password *client_nt,
const char *username,
}
} else if (client_lanman && stored_lanman) {
- if (!lp_lanman_auth(lp_ctx)) {
+ if (!lanman_auth) {
DEBUG(3,("ntlm_password_check: Interactive logon: only LANMAN password supplied for user %s, and LM passwords are disabled!\n",
username));
return NT_STATUS_WRONG_PASSWORD;
*/
NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
- struct loadparm_context *lp_ctx,
+ bool lanman_auth,
+ bool ntlm_auth,
uint32_t logon_parameters,
const DATA_BLOB *challenge,
const DATA_BLOB *lm_response,
mdfour(client_nt.hash, nt_response->data, nt_response->length);
if (lm_response->length &&
- (convert_string_talloc_convenience(mem_ctx, lp_iconv_convenience(lp_ctx), CH_DOS, CH_UNIX,
+ (convert_string_talloc(mem_ctx, CH_DOS, CH_UNIX,
lm_response->data, lm_response->length,
(void **)&unix_pw) != -1)) {
if (E_deshash(unix_pw, client_lm.hash)) {
lm_ok = false;
}
return hash_password_check(mem_ctx,
- lp_ctx,
+ lanman_auth,
lm_ok ? &client_lm : NULL,
nt_response->length ? &client_nt : NULL,
username,
DEBUG(3,("ntlm_password_check: NTLMv2 password check failed\n"));
}
} else if (nt_response->length == 24 && stored_nt) {
- if (lp_ntlm_auth(lp_ctx)) {
+ if (ntlm_auth) {
/* We have the NT MD4 hash challenge available - see if we can
use it (ie. does it exist in the smbpasswd file).
*/
/* The LM session key for this response is not very secure,
so use it only if we otherwise allow LM authentication */
- if (lp_lanman_auth(lp_ctx) && stored_lanman) {
+ if (lanman_auth && stored_lanman) {
*lm_sess_key = data_blob_talloc(mem_ctx, stored_lanman->hash, 8);
}
return NT_STATUS_OK;
return NT_STATUS_WRONG_PASSWORD;
}
- if (!lp_lanman_auth(lp_ctx)) {
+ if (!lanman_auth) {
DEBUG(3,("ntlm_password_check: Lanman passwords NOT PERMITTED for user %s\n",
username));
} else if (!stored_lanman) {
It not very secure, so use it only if we otherwise
allow LM authentication */
- if (lp_lanman_auth(lp_ctx) && stored_lanman) {
+ if (lanman_auth && stored_lanman) {
uint8_t first_8_lm_hash[16];
memcpy(first_8_lm_hash, stored_lanman->hash, 8);
memset(first_8_lm_hash + 8, '\0', 8);
- I think this is related to Win9X pass-though authentication
*/
DEBUG(4,("ntlm_password_check: Checking NT MD4 password in LM field\n"));
- if (lp_ntlm_auth(lp_ctx)) {
+ if (ntlm_auth) {
if (smb_pwd_check_ntlmv1(mem_ctx,
lm_response,
stored_nt->hash, challenge,
It not very secure, so use it only if we otherwise
allow LM authentication */
- if (lp_lanman_auth(lp_ctx) && stored_lanman) {
+ if (lanman_auth && stored_lanman) {
uint8_t first_8_lm_hash[16];
memcpy(first_8_lm_hash, stored_lanman->hash, 8);
memset(first_8_lm_hash + 8, '\0', 8);