| Subject: | does not authenticate against Windows Server 2008 |
Due to a incomplete smbval/smblib.c the Authen::Smb 0.91 does not
authenticate against a Windows Server 2008. It uses only the LanMan part
of the password encoding.
We added the support for the NT4 hash method that Windows Server 2008
uses as the only way to encode the password.
The attached smblib.c.patch contains the changes.
We are using the patched Authen::Smb since several month for
authentication of users on a Linux (SuSE) server against a Server 2008R2 AD.
Due to the lack of (very) old Windows or OS/2 versions, we were not able
to check the patched module against the old methods.
So this patch comes with absolutely no warranty, try it at your own.
| Subject: | smblib.c.patch |
*** smblib.c 2010-11-14 22:57:33.716522048 +0100
--- smblib_new.c 2010-11-14 22:56:50.940522010 +0100
***************
*** 336,353 ****
strcpy(pword, PassWord);
- if (Con_Handle -> encrypt_passwords)
- {
- pass_len=24;
- SMBencrypt((uchar *) PassWord, (uchar *)Con_Handle -> Encrypt_Key,(uchar *)pword);
- }
- else
- pass_len=strlen(pword);
-
/* Now build the correct structure */
if (Con_Handle -> protocol < SMB_P_NT1) {
param_len = strlen(UserName) + 1 + pass_len + 1 +
strlen(Con_Handle -> PDomain) + 1 +
--- 336,354 ----
strcpy(pword, PassWord);
/* Now build the correct structure */
if (Con_Handle -> protocol < SMB_P_NT1) {
+ if (Con_Handle -> encrypt_passwords)
+ {
+ pass_len=24;
+ SMBencrypt((uchar *) PassWord, (uchar *)Con_Handle -> Encrypt_Key,(uchar *)pword);
+ }
+ else
+ {
+ pass_len=strlen(pword);
+ }
param_len = strlen(UserName) + 1 + pass_len + 1 +
strlen(Con_Handle -> PDomain) + 1 +
***************
*** 410,415 ****
--- 411,425 ----
}
else {
+ if (Con_Handle -> encrypt_passwords)
+ {
+ pass_len=24;
+ SMBNTencrypt((uchar *) PassWord, (uchar *)Con_Handle -> Encrypt_Key,(uchar *)pword);
+ }
+ else
+ {
+ pass_len=strlen(pword);
+ }
/* We don't admit to UNICODE support ... */