summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2001-04-10 19:43:14 +0000
committerJeremy Allison <jra@samba.org>2001-04-10 19:43:14 +0000
commit6d96224f81039756180d496a95b121768953f5ed (patch)
treef6857c0ab69e6eb49f350991e0e6ce9f3afe9acb
parentef1a7311cec15f4444c80b92301de0dec92df288 (diff)
downloadsamba-6d96224f81039756180d496a95b121768953f5ed.tar.gz
samba-6d96224f81039756180d496a95b121768953f5ed.tar.bz2
samba-6d96224f81039756180d496a95b121768953f5ed.zip
passdb/pass_check.c: Ensure second check is done only if given username is all in caps.
rpc_server/srv_srvsvc_nt.c: Added "CONFIGFILE" arg to scripts so path to smb.conf is given. Jeremy. (This used to be commit 3c4c649951464be51541d5890afb997e3ecfcd23)
-rw-r--r--source3/auth/pass_check.c88
-rw-r--r--source3/passdb/pass_check.c88
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c18
3 files changed, 63 insertions, 131 deletions
diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c
index 6acbb91606..236465bc90 100644
--- a/source3/auth/pass_check.c
+++ b/source3/auth/pass_check.c
@@ -499,8 +499,7 @@ static int linux_bigcrypt(char *password, char *salt1, char *crypted)
StrnCpy(salt, salt1, 2);
crypted += 2;
- for (i = strlen(password); i > 0; i -= LINUX_PASSWORD_SEG_CHARS)
- {
+ for (i = strlen(password); i > 0; i -= LINUX_PASSWORD_SEG_CHARS) {
char *p = crypt(password, salt) + 2;
if (strncmp(p, crypted, LINUX_PASSWORD_SEG_CHARS) != 0)
return (0);
@@ -525,16 +524,13 @@ static char *osf1_bigcrypt(char *password, char *salt1)
int i;
int parts = strlen(password) / AUTH_CLEARTEXT_SEG_CHARS;
if (strlen(password) % AUTH_CLEARTEXT_SEG_CHARS)
- {
parts++;
- }
StrnCpy(salt, salt1, 2);
StrnCpy(result, salt1, 2);
result[2] = '\0';
- for (i = 0; i < parts; i++)
- {
+ for (i = 0; i < parts; i++) {
p1 = crypt(p2, salt);
strncat(result, p1 + 2,
AUTH_MAX_PASSWD_LENGTH - strlen(p1 + 2) - 1);
@@ -565,12 +561,9 @@ static BOOL string_combinations2(char *s, int offset, BOOL (*fn) (char *),
#endif
if (N <= 0 || offset >= len)
- {
return (fn(s));
- }
- for (i = offset; i < (len - (N - 1)); i++)
- {
+ for (i = offset; i < (len - (N - 1)); i++) {
char c = s[i];
if (!islower(c))
continue;
@@ -635,22 +628,17 @@ static BOOL password_check(char *password)
(strcmp
(osf1_bigcrypt(password, this_salt),
this_crypted) == 0);
- if (!ret)
- {
+ if (!ret) {
DEBUG(2,
("OSF1_ENH_SEC failed. Trying normal crypt.\n"));
- ret =
- (strcmp
- ((char *)crypt(password, this_salt),
- this_crypted) == 0);
+ ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0);
}
return ret;
}
#endif /* OSF1_ENH_SEC */
#ifdef ULTRIX_AUTH
- return (strcmp((char *)crypt16(password, this_salt), this_crypted) ==
- 0);
+ return (strcmp((char *)crypt16(password, this_salt), this_crypted) == 0);
#endif /* ULTRIX_AUTH */
#ifdef LINUX_BIGCRYPT
@@ -669,9 +657,7 @@ static BOOL password_check(char *password)
if (strcmp(bigcrypt(password, this_salt), this_crypted) == 0)
return True;
else
- return (strcmp
- ((char *)crypt(password, this_salt),
- this_crypted) == 0);
+ return (strcmp((char *)crypt(password, this_salt), this_crypted) == 0);
#else /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */
#ifdef HAVE_BIGCRYPT
@@ -682,8 +668,7 @@ static BOOL password_check(char *password)
DEBUG(1, ("Warning - no crypt available\n"));
return (False);
#else /* HAVE_CRYPT */
- return (strcmp((char *)crypt(password, this_salt), this_crypted) ==
- 0);
+ return (strcmp((char *)crypt(password, this_salt), this_crypted) == 0);
#endif /* HAVE_CRYPT */
#endif /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */
}
@@ -711,30 +696,22 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
#endif
if (!password)
- {
return (False);
- }
if (((!*password) || (!pwlen)) && !lp_null_passwords())
- {
return (False);
- }
- if (pwd && !user)
- {
+ if (pwd && !user) {
pass = (struct passwd *)pwd;
user = pass->pw_name;
- }
- else
- {
+ } else {
pass = Get_Pwnam(user, True);
}
DEBUG(4, ("Checking password for user %s (l=%d)\n", user, pwlen));
- if (!pass)
- {
+ if (!pass) {
DEBUG(3, ("Couldn't find user %s\n", user));
return (False);
}
@@ -750,9 +727,7 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
spass = getspnam(pass->pw_name);
if (spass && spass->sp_pwdp)
- {
pstrcpy(pass->pw_passwd, spass->sp_pwdp);
- }
}
#elif defined(IA_UINFO)
{
@@ -762,9 +737,7 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
2.1. (tangent@cyberport.com) */
uinfo_t uinfo;
if (ia_openinfo(pass->pw_name, &uinfo) != -1)
- {
ia_get_logpwd(uinfo, &(pass->pw_passwd));
- }
}
#endif
@@ -782,13 +755,10 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
DEBUG(5, ("Checking password for user %s in OSF1_ENH_SEC\n",
user));
mypasswd = getprpwnam(user);
- if (mypasswd)
- {
+ if (mypasswd) {
fstrcpy(pass->pw_name, mypasswd->ufld.fd_name);
fstrcpy(pass->pw_passwd, mypasswd->ufld.fd_encrypt);
- }
- else
- {
+ } else {
DEBUG(5,
("OSF1_ENH_SEC: No entry for user %s in protected database !\n",
user));
@@ -799,8 +769,7 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
#ifdef ULTRIX_AUTH
{
AUTHORIZATION *ap = getauthuid(pass->pw_uid);
- if (ap)
- {
+ if (ap) {
fstrcpy(pass->pw_passwd, ap->a_password);
endauthent();
}
@@ -834,8 +803,7 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
}
/* try it as it came to us */
- if (password_check(password))
- {
+ if (password_check(password)) {
if (fn)
fn(user, password);
return (True);
@@ -844,38 +812,34 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
/* if the password was given to us with mixed case then we don't
need to proceed as we know it hasn't been case modified by the
client */
- if (strhasupper(password) && strhaslower(password))
- {
+ if (strhasupper(password) && strhaslower(password)) {
return (False);
}
/* make a copy of it */
StrnCpy(pass2, password, sizeof(pstring) - 1);
- /* try all lowercase */
- strlower(password);
- if (password_check(password))
- {
- if (fn)
- fn(user, password);
- return (True);
+ /* try all lowercase if it's currently all uppercase */
+ if (strhasupper(password)) {
+ strlower(password);
+ if (password_check(password)) {
+ if (fn)
+ fn(user, password);
+ return (True);
+ }
}
/* give up? */
- if (level < 1)
- {
-
+ if (level < 1) {
/* restore it */
fstrcpy(password, pass2);
-
return (False);
}
/* last chance - all combinations of up to level chars upper! */
strlower(password);
- if (string_combinations(password, password_check, level))
- {
+ if (string_combinations(password, password_check, level)) {
if (fn)
fn(user, password);
return (True);
diff --git a/source3/passdb/pass_check.c b/source3/passdb/pass_check.c
index 6acbb91606..236465bc90 100644
--- a/source3/passdb/pass_check.c
+++ b/source3/passdb/pass_check.c
@@ -499,8 +499,7 @@ static int linux_bigcrypt(char *password, char *salt1, char *crypted)
StrnCpy(salt, salt1, 2);
crypted += 2;
- for (i = strlen(password); i > 0; i -= LINUX_PASSWORD_SEG_CHARS)
- {
+ for (i = strlen(password); i > 0; i -= LINUX_PASSWORD_SEG_CHARS) {
char *p = crypt(password, salt) + 2;
if (strncmp(p, crypted, LINUX_PASSWORD_SEG_CHARS) != 0)
return (0);
@@ -525,16 +524,13 @@ static char *osf1_bigcrypt(char *password, char *salt1)
int i;
int parts = strlen(password) / AUTH_CLEARTEXT_SEG_CHARS;
if (strlen(password) % AUTH_CLEARTEXT_SEG_CHARS)
- {
parts++;
- }
StrnCpy(salt, salt1, 2);
StrnCpy(result, salt1, 2);
result[2] = '\0';
- for (i = 0; i < parts; i++)
- {
+ for (i = 0; i < parts; i++) {
p1 = crypt(p2, salt);
strncat(result, p1 + 2,
AUTH_MAX_PASSWD_LENGTH - strlen(p1 + 2) - 1);
@@ -565,12 +561,9 @@ static BOOL string_combinations2(char *s, int offset, BOOL (*fn) (char *),
#endif
if (N <= 0 || offset >= len)
- {
return (fn(s));
- }
- for (i = offset; i < (len - (N - 1)); i++)
- {
+ for (i = offset; i < (len - (N - 1)); i++) {
char c = s[i];
if (!islower(c))
continue;
@@ -635,22 +628,17 @@ static BOOL password_check(char *password)
(strcmp
(osf1_bigcrypt(password, this_salt),
this_crypted) == 0);
- if (!ret)
- {
+ if (!ret) {
DEBUG(2,
("OSF1_ENH_SEC failed. Trying normal crypt.\n"));
- ret =
- (strcmp
- ((char *)crypt(password, this_salt),
- this_crypted) == 0);
+ ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0);
}
return ret;
}
#endif /* OSF1_ENH_SEC */
#ifdef ULTRIX_AUTH
- return (strcmp((char *)crypt16(password, this_salt), this_crypted) ==
- 0);
+ return (strcmp((char *)crypt16(password, this_salt), this_crypted) == 0);
#endif /* ULTRIX_AUTH */
#ifdef LINUX_BIGCRYPT
@@ -669,9 +657,7 @@ static BOOL password_check(char *password)
if (strcmp(bigcrypt(password, this_salt), this_crypted) == 0)
return True;
else
- return (strcmp
- ((char *)crypt(password, this_salt),
- this_crypted) == 0);
+ return (strcmp((char *)crypt(password, this_salt), this_crypted) == 0);
#else /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */
#ifdef HAVE_BIGCRYPT
@@ -682,8 +668,7 @@ static BOOL password_check(char *password)
DEBUG(1, ("Warning - no crypt available\n"));
return (False);
#else /* HAVE_CRYPT */
- return (strcmp((char *)crypt(password, this_salt), this_crypted) ==
- 0);
+ return (strcmp((char *)crypt(password, this_salt), this_crypted) == 0);
#endif /* HAVE_CRYPT */
#endif /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */
}
@@ -711,30 +696,22 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
#endif
if (!password)
- {
return (False);
- }
if (((!*password) || (!pwlen)) && !lp_null_passwords())
- {
return (False);
- }
- if (pwd && !user)
- {
+ if (pwd && !user) {
pass = (struct passwd *)pwd;
user = pass->pw_name;
- }
- else
- {
+ } else {
pass = Get_Pwnam(user, True);
}
DEBUG(4, ("Checking password for user %s (l=%d)\n", user, pwlen));
- if (!pass)
- {
+ if (!pass) {
DEBUG(3, ("Couldn't find user %s\n", user));
return (False);
}
@@ -750,9 +727,7 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
spass = getspnam(pass->pw_name);
if (spass && spass->sp_pwdp)
- {
pstrcpy(pass->pw_passwd, spass->sp_pwdp);
- }
}
#elif defined(IA_UINFO)
{
@@ -762,9 +737,7 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
2.1. (tangent@cyberport.com) */
uinfo_t uinfo;
if (ia_openinfo(pass->pw_name, &uinfo) != -1)
- {
ia_get_logpwd(uinfo, &(pass->pw_passwd));
- }
}
#endif
@@ -782,13 +755,10 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
DEBUG(5, ("Checking password for user %s in OSF1_ENH_SEC\n",
user));
mypasswd = getprpwnam(user);
- if (mypasswd)
- {
+ if (mypasswd) {
fstrcpy(pass->pw_name, mypasswd->ufld.fd_name);
fstrcpy(pass->pw_passwd, mypasswd->ufld.fd_encrypt);
- }
- else
- {
+ } else {
DEBUG(5,
("OSF1_ENH_SEC: No entry for user %s in protected database !\n",
user));
@@ -799,8 +769,7 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
#ifdef ULTRIX_AUTH
{
AUTHORIZATION *ap = getauthuid(pass->pw_uid);
- if (ap)
- {
+ if (ap) {
fstrcpy(pass->pw_passwd, ap->a_password);
endauthent();
}
@@ -834,8 +803,7 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
}
/* try it as it came to us */
- if (password_check(password))
- {
+ if (password_check(password)) {
if (fn)
fn(user, password);
return (True);
@@ -844,38 +812,34 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
/* if the password was given to us with mixed case then we don't
need to proceed as we know it hasn't been case modified by the
client */
- if (strhasupper(password) && strhaslower(password))
- {
+ if (strhasupper(password) && strhaslower(password)) {
return (False);
}
/* make a copy of it */
StrnCpy(pass2, password, sizeof(pstring) - 1);
- /* try all lowercase */
- strlower(password);
- if (password_check(password))
- {
- if (fn)
- fn(user, password);
- return (True);
+ /* try all lowercase if it's currently all uppercase */
+ if (strhasupper(password)) {
+ strlower(password);
+ if (password_check(password)) {
+ if (fn)
+ fn(user, password);
+ return (True);
+ }
}
/* give up? */
- if (level < 1)
- {
-
+ if (level < 1) {
/* restore it */
fstrcpy(password, pass2);
-
return (False);
}
/* last chance - all combinations of up to level chars upper! */
strlower(password);
- if (string_combinations(password, password_check, level))
- {
+ if (string_combinations(password, password_check, level)) {
if (fn)
fn(user, password);
return (True);
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index cef31f7a8c..bce5c33225 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1219,7 +1219,7 @@ uint32 _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S
r_u->switch_value = 0;
- if (strequal(share_name,"IPC$") || strequal(share_name,"ADMIN$"))
+ if (strequal(share_name,"IPC$") || strequal(share_name,"ADMIN$") || strequal(share_name,"global"))
return ERROR_ACCESS_DENIED;
snum = find_service(share_name);
@@ -1290,8 +1290,8 @@ uint32 _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S
if (!lp_change_share_cmd() || !*lp_change_share_cmd())
return ERROR_ACCESS_DENIED;
- slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\"",
- lp_change_share_cmd(), share_name, ptr, comment);
+ slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"",
+ lp_change_share_cmd(), CONFIGFILE, share_name, ptr, comment);
dos_to_unix(command, True); /* Convert to unix-codepage */
DEBUG(10,("_srv_net_share_set_info: Running [%s]\n", command ));
@@ -1385,6 +1385,9 @@ uint32 _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S
return NT_STATUS_INVALID_INFO_CLASS;
}
+ if (strequal(share_name,"IPC$") || strequal(share_name,"ADMIN$") || strequal(share_name,"global"))
+ return ERROR_ACCESS_DENIED;
+
snum = find_service(share_name);
/* Share already exists. */
@@ -1404,8 +1407,8 @@ uint32 _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S
string_replace(ptr, '"', ' ');
string_replace(comment, '"', ' ');
- slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\"",
- lp_add_share_cmd(), share_name, ptr, comment);
+ slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"",
+ lp_add_share_cmd(), CONFIGFILE, share_name, ptr, comment);
dos_to_unix(command, True); /* Convert to unix-codepage */
DEBUG(10,("_srv_net_share_add: Running [%s]\n", command ));
@@ -1451,7 +1454,7 @@ uint32 _srv_net_share_del(pipes_struct *p, SRV_Q_NET_SHARE_DEL *q_u, SRV_R_NET_S
unistr2_to_ascii(share_name, &q_u->uni_share_name, sizeof(share_name));
- if (strequal(share_name,"IPC$") || strequal(share_name,"ADMIN$"))
+ if (strequal(share_name,"IPC$") || strequal(share_name,"ADMIN$") || strequal(share_name,"global"))
return ERROR_ACCESS_DENIED;
snum = find_service(share_name);
@@ -1471,7 +1474,8 @@ uint32 _srv_net_share_del(pipes_struct *p, SRV_Q_NET_SHARE_DEL *q_u, SRV_R_NET_S
if (!lp_delete_share_cmd() || !*lp_delete_share_cmd())
return ERROR_ACCESS_DENIED;
- slprintf(command, sizeof(command)-1, "%s \"%s\"", lp_delete_share_cmd(), lp_servicename(snum));
+ slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"",
+ lp_delete_share_cmd(), CONFIGFILE, lp_servicename(snum));
dos_to_unix(command, True); /* Convert to unix-codepage */
DEBUG(10,("_srv_net_share_del: Running [%s]\n", command ));