s3: Make sure we call wbcAuthenticateUserEx correctly

There are cases where we fill in params.password.response.lm_data with non-NULL
where params.password.response.lm_length is 0. wbcAuthenticateUserEx does not
like that.

diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index d1b00a32686495447c5fa0bb635ea15d32a886d8..1e14ff022e65209eaa65024b47e5212f5c46a2d8 100644 (file)
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -39,6 +39,8 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
        struct wbcAuthUserInfo *info = NULL;
        struct wbcAuthErrorInfo *err = NULL;
 
+       ZERO_STRUCT(params);
+
        if (!user_info) {
                return NT_STATUS_INVALID_PARAMETER;
        }
@@ -70,10 +72,14 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
               auth_context->challenge.data,
               sizeof(params.password.response.challenge));
 
-       params.password.response.nt_length      = user_info->nt_resp.length;
-       params.password.response.nt_data        = user_info->nt_resp.data;
-       params.password.response.lm_length      = user_info->lm_resp.length;
-       params.password.response.lm_data        = user_info->lm_resp.data;
+       if (user_info->nt_resp.length != 0) {
+               params.password.response.nt_length = user_info->nt_resp.length;
+               params.password.response.nt_data = user_info->nt_resp.data;
+       }
+       if (user_info->lm_resp.length != 0) {
+               params.password.response.lm_length = user_info->lm_resp.length;
+               params.password.response.lm_data = user_info->lm_resp.data;
+       }
 
        /* we are contacting the privileged pipe */
        become_root();