wbclient: Fix Bug #6680: always activate handling of large (> 256 byte) ntlmv2 blobs...

author Günther Deschner <gd@samba.org>

Tue, 1 Sep 2009 09:58:05 +0000 (11:58 +0200)

committer Volker Lendecke <vl@samba.org>

Mon, 19 Oct 2009 10:07:57 +0000 (12:07 +0200)
author Günther Deschner <gd@samba.org>
Tue, 1 Sep 2009 09:58:05 +0000 (11:58 +0200)
committer Volker Lendecke <vl@samba.org>
Mon, 19 Oct 2009 10:07:57 +0000 (12:07 +0200)
diff --git a/source/nsswitch/libwbclient/wbc_pam.c b/source/nsswitch/libwbclient/wbc_pam.c

index 5427ddb46a1c79a86de04e54ff80784e6904300f..8f1df165dedc97cac33bb689b4569959bd7abc18 100644 (file)
--- a/source/nsswitch/libwbclient/wbc_pam.c
+++ b/source/nsswitch/libwbclient/wbc_pam.c
@@ -369,15 +369,24 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
                 request.data.auth_crap.lm_resp_len =
                                 MIN(params->password.response.lm_length,
                                     sizeof(request.data.auth_crap.lm_resp));
-               request.data.auth_crap.nt_resp_len =
-                               MIN(params->password.response.nt_length,
-                                   sizeof(request.data.auth_crap.nt_resp));
                 if (params->password.response.lm_data) {
                         memcpy(request.data.auth_crap.lm_resp,
                                params->password.response.lm_data,
                                request.data.auth_crap.lm_resp_len);
                 }
-               if (params->password.response.nt_data) {
+               request.data.auth_crap.nt_resp_len = params->password.response.nt_length;
+               if (params->password.response.nt_length > sizeof(request.data.auth_crap.nt_resp)) {
+                       request.flags |= WBFLAG_BIG_NTLMV2_BLOB;
+                       request.extra_len = params->password.response.nt_length;
+                       request.extra_data.data = talloc_zero_array(NULL, char, request.extra_len);
+                       if (request.extra_data.data == NULL) {
+                               wbc_status = WBC_ERR_NO_MEMORY;
+                               BAIL_ON_WBC_ERROR(wbc_status);
+                       }
+                       memcpy(request.extra_data.data,
+                              params->password.response.nt_data,
+                              request.data.auth_crap.nt_resp_len);
+               } else if (params->password.response.nt_data) {
                         memcpy(request.data.auth_crap.nt_resp,
                                params->password.response.nt_data,
                                request.data.auth_crap.nt_resp_len);
@@ -419,6 +428,8 @@ done:
         if (response.extra_data.data)
                 free(response.extra_data.data);
  
+       talloc_free(request.extra_data.data);
+
         return wbc_status;
  }
author	Günther Deschner <gd@samba.org>
	Tue, 1 Sep 2009 09:58:05 +0000 (11:58 +0200)
committer	Volker Lendecke <vl@samba.org>
	Mon, 19 Oct 2009 10:07:57 +0000 (12:07 +0200)