---------------------
PatchSet 3364 
Date: 2001/11/22 17:58:46
Author: kinkie
Branch: ntlm
Tag: (none) 
Log:
Speeded up checks by precomputing hashes.
Added checks on the NT hash (not very useful though).

Members: 
	src/auth/ntlm/helpers/NTLMSSP/libntlmssp.c:1.1.4.12->1.1.4.13 

Index: squid/src/auth/ntlm/helpers/NTLMSSP/libntlmssp.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/helpers/NTLMSSP/Attic/libntlmssp.c,v
retrieving revision 1.1.4.12
retrieving revision 1.1.4.13
diff -u -r1.1.4.12 -r1.1.4.13
--- squid/src/auth/ntlm/helpers/NTLMSSP/libntlmssp.c	22 Nov 2001 07:49:40 -0000	1.1.4.12
+++ squid/src/auth/ntlm/helpers/NTLMSSP/libntlmssp.c	22 Nov 2001 17:58:46 -0000	1.1.4.13
@@ -70,7 +70,10 @@
 #endif /* DEBUG */
 
 
+#define ENCODED_PASS_LEN 24
 static char challenge[NONCE_LEN];
+static char lmencoded_empty_pass[ENCODED_PASS_LEN],
+	ntencoded_empty_pass[ENCODED_PASS_LEN];
 SMB_Handle_Type handle = NULL;
 
 /* Disconnects from the DC. A reconnection will be done upon the next request
@@ -135,6 +138,8 @@
 	return 3;
     }
     memcpy(challenge, handle->Encrypt_Key, NONCE_LEN);
+		SMBencrypt("",challenge,lmencoded_empty_pass);
+		SMBNTencrypt("",challenge,ntencoded_empty_pass);
     return 0;
 }
 
@@ -232,23 +237,36 @@
 	return NULL;
     }
 		
+    memcpy(pass, tmp.str, tmp.l);
+    pass[25] = '\0';
+
 #if 1
-		bzero(encrypted_pass,40);
-		SMBencrypt("",challenge,encrypted_pass);
-		debug ("Empty pass detection: (user: '%s', ours:'%s')\n",
-					 tmp.str,encrypted_pass);
-		if (memcmp(tmp.str,encrypted_pass,tmp.l)==0) {
-			fprintf(stderr,"Empty password supplied for user %s\\%s. "
+		debug ("Empty LM pass detection: user: '%s', ours:'%s', his: '%s'"
+					 "(length: %d)\n",
+					 user,lmencoded_empty_pass,tmp.str,tmp.l);
+		if (memcmp(tmp.str,lmencoded_empty_pass,ENCODED_PASS_LEN)==0) {
+			fprintf(stderr,"Empty LM password supplied for user %s\\%s. "
 							"No-auth\n",domain,user);
 			ntlm_errno=NTLM_LOGON_ERROR;
 			return NULL;
 		}
+		
+		tmp = ntlm_fetch_string ((char *) auth, auth_length, &auth->ntresponse);
+		if (tmp.str != NULL && tmp.l != 0) {
+			debug ("Empty NT pass detection: user: '%s', ours:'%s', his: '%s'"
+						 "(length: %d)\n",
+						 user,ntencoded_empty_pass,tmp.str,tmp.l);
+			if (memcmp(tmp.str,lmencoded_empty_pass,ENCODED_PASS_LEN)==0) {
+				fprintf(stderr,"Empty NT password supplied for user %s\\%s. "
+								"No-auth\n",domain,user);
+				ntlm_errno=NTLM_LOGON_ERROR;
+				return NULL;
+			}
+		}
 #endif
 
 		/* TODO: check against empty password!!!!! */
 		
-    memcpy(pass, tmp.str, tmp.l);
-    pass[25] = '\0';
 
 
     debug("checking domain: '%s', user: '%s', pass='%s'\n", domain, user, pass);