From 2953151a655d851988450fdc88f7134a5db517d2 Mon Sep 17 00:00:00 2001 From: =?utf-8?q?G=C3=BCnther=20Deschner?= Date: Tue, 1 Sep 2009 11:58:05 +0200 Subject: [PATCH] wbclient: Fix Bug #6680: always activate handling of large (> 256 byte) ntlmv2 blobs in wbcAuthenticateUserEx(). Guenther --- nsswitch/libwbclient/wbc_pam.c | 19 +++++++++++++++---- 1 files changed, 15 insertions(+), 4 deletions(-) diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c index d3bf616..33044b2 100644 --- a/nsswitch/libwbclient/wbc_pam.c +++ b/nsswitch/libwbclient/wbc_pam.c @@ -426,15 +426,24 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, request.data.auth_crap.lm_resp_len = MIN(params->password.response.lm_length, sizeof(request.data.auth_crap.lm_resp)); - request.data.auth_crap.nt_resp_len = - MIN(params->password.response.nt_length, - sizeof(request.data.auth_crap.nt_resp)); if (params->password.response.lm_data) { memcpy(request.data.auth_crap.lm_resp, params->password.response.lm_data, request.data.auth_crap.lm_resp_len); } - if (params->password.response.nt_data) { + request.data.auth_crap.nt_resp_len = params->password.response.nt_length; + if (params->password.response.nt_length > sizeof(request.data.auth_crap.nt_resp)) { + request.flags |= WBFLAG_BIG_NTLMV2_BLOB; + request.extra_len = params->password.response.nt_length; + request.extra_data.data = talloc_zero_array(NULL, char, request.extra_len); + if (request.extra_data.data == NULL) { + wbc_status = WBC_ERR_NO_MEMORY; + BAIL_ON_WBC_ERROR(wbc_status); + } + memcpy(request.extra_data.data, + params->password.response.nt_data, + request.data.auth_crap.nt_resp_len); + } else if (params->password.response.nt_data) { memcpy(request.data.auth_crap.nt_resp, params->password.response.nt_data, request.data.auth_crap.nt_resp_len); @@ -480,6 +489,8 @@ done: if (response.extra_data.data) free(response.extra_data.data); + talloc_free(request.extra_data.data); + return wbc_status; } -- 1.6.2.5