Simple fix for 3.5.x, tested and confirmed as working by original reporter
"Blohm, Guntram (I/FP-37, extern)" <extern.guntram.blohm@audi.de>.
/* We don't use the NT# directly. Instead we use it mashed up with
the username and domain.
This prevents username swapping during the auth exchange
+ NB. *DON'T* tell ntv2_owf_gen() to uppercase the domain
+ name here, we may have already been added to an NTLMSSP
+ exchange in the non-uppercase form.
*/
- if (!ntv2_owf_gen(nt_hash, user, domain, true, ntlm_v2_hash)) {
+ if (!ntv2_owf_gen(nt_hash, user, domain, false, ntlm_v2_hash)) {
return false;
}
(p=strchr_m(user2,*lp_winbind_separator()))) {
*p = 0;
user = p+1;
+ strupper_m(user2);
workgroup = user2;
}