Andrew Bartlett patch to cope with Exchange 5.5 cleartext pop password auth.

Jeremy.
author: Jeremy Allison <jra@samba.org> 2003-10-24 01:19:23 +0000
committer: Jeremy Allison <jra@samba.org> 2003-10-24 01:19:23 +0000
commit: 2d09d8c9d973f5f414d31f749db12328ff315de7 (patch)
tree: 25be0296e270287b5242de8d60cf84ad9c2c232f /source
parent: 8a75e2dfb6ee9099e7f9a970c522e71ab144d919 (diff)
download: samba-2d09d8c9d973f5f414d31f749db12328ff315de7.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/source/auth/auth_sam.c b/source/auth/auth_sam.c
index ce97bd7df26..2a00b6fb807 100644
--- a/source/auth/auth_sam.c
+++ b/source/auth/auth_sam.c
@@ -172,6 +172,22 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
 			 pdb_get_username(sampass)));
 		/* No return, we want to check the LM hash below in this case */
 		auth_flags &= (~(AUTH_FLAG_NTLMv2_RESP |  AUTH_FLAG_NTLM_RESP));
+	} else {
+		/* Check for cleartext netlogon. Used by Exchange 5.5. */
+		unsigned char zeros[8];
+
+		memset(zeros,'\0',sizeof(zeros));
+		if (auth_context->challenge.length == sizeof(zeros) && 
+				(memcmp(auth_context->challenge.data, zeros, auth_context->challenge.length) == 0 ) &&
+				user_info->nt_resp.length) {
+			if ((nt_pw = pdb_get_nt_passwd(sampass)) != NULL) {
+				unsigned char pwhash[16];
+				mdfour(pwhash, user_info->nt_resp.data, user_info->nt_resp.length);
+				if (memcmp(pwhash, nt_pw, sizeof(pwhash)) == 0) {
+					return NT_STATUS_OK;
+				}
+			}
+		}
 	}
 	
 	if (auth_flags & AUTH_FLAG_NTLMv2_RESP) {
author	Jeremy Allison <jra@samba.org>	2003-10-24 01:19:23 +0000
committer	Jeremy Allison <jra@samba.org>	2003-10-24 01:19:23 +0000
commit	2d09d8c9d973f5f414d31f749db12328ff315de7 (patch)
tree	25be0296e270287b5242de8d60cf84ad9c2c232f /source
parent	8a75e2dfb6ee9099e7f9a970c522e71ab144d919 (diff)
download	samba-2d09d8c9d973f5f414d31f749db12328ff315de7.tar.gz