[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5346-g7253d96

Wed, 02 Sep 2009 01:43:15 -0700 

The branch, v3-3-test has been updated
       via  7253d96fc205717d9fed973bbcad2884ce656fd9 (commit)
      from  983c6f22f411aab2488fe41b5b06174c55108868 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit 7253d96fc205717d9fed973bbcad2884ce656fd9
Author: Günther Deschner <g...@samba.org>
Date:   Tue Sep 1 11:58:05 2009 +0200

    wbclient: Fix Bug #6680: always activate handling of large (> 256 byte) 
ntlmv2 blobs in wbcAuthenticateUserEx().
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source/nsswitch/libwbclient/wbc_pam.c |   19 +++++++++++++++----
 1 files changed, 15 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/nsswitch/libwbclient/wbc_pam.c 
b/source/nsswitch/libwbclient/wbc_pam.c
index 401d2ad..3f44681 100644
--- a/source/nsswitch/libwbclient/wbc_pam.c
+++ b/source/nsswitch/libwbclient/wbc_pam.c
@@ -439,15 +439,24 @@ wbcErr wbcAuthenticateUserEx(const struct 
wbcAuthUserParams *params,
                request.data.auth_crap.lm_resp_len =
                                MIN(params->password.response.lm_length,
                                    sizeof(request.data.auth_crap.lm_resp));
-               request.data.auth_crap.nt_resp_len =
-                               MIN(params->password.response.nt_length,
-                                   sizeof(request.data.auth_crap.nt_resp));
                if (params->password.response.lm_data) {
                        memcpy(request.data.auth_crap.lm_resp,
                               params->password.response.lm_data,
                               request.data.auth_crap.lm_resp_len);
                }
-               if (params->password.response.nt_data) {
+               request.data.auth_crap.nt_resp_len = 
params->password.response.nt_length;
+               if (params->password.response.nt_length > 
sizeof(request.data.auth_crap.nt_resp)) {
+                       request.flags |= WBFLAG_BIG_NTLMV2_BLOB;
+                       request.extra_len = params->password.response.nt_length;
+                       request.extra_data.data = talloc_zero_array(NULL, char, 
request.extra_len);
+                       if (request.extra_data.data == NULL) {
+                               wbc_status = WBC_ERR_NO_MEMORY;
+                               BAIL_ON_WBC_ERROR(wbc_status);
+                       }
+                       memcpy(request.extra_data.data,
+                              params->password.response.nt_data,
+                              request.data.auth_crap.nt_resp_len);
+               } else if (params->password.response.nt_data) {
                        memcpy(request.data.auth_crap.nt_resp,
                               params->password.response.nt_data,
                               request.data.auth_crap.nt_resp_len);
@@ -493,6 +502,8 @@ done:
        if (response.extra_data.data)
                free(response.extra_data.data);
 
+       talloc_free(request.extra_data.data);
+
        return wbc_status;
 }
 


-- 
Samba Shared Repository

Reply via email to