diff options
author | Luke Leighton <lkcl@samba.org> | 1999-06-29 18:47:06 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1999-06-29 18:47:06 +0000 |
commit | 73891ca8e4f6cca6aa8bb0ae043f660a64baa056 (patch) | |
tree | 9ed22c56d9f3eeac6608f25971e7b29f8006ae79 /source3/rpc_server/srv_netlog.c | |
parent | 1dc6c6c7ca54578d9e6040a9d4d5e509f1ad3af3 (diff) | |
download | samba-73891ca8e4f6cca6aa8bb0ae043f660a64baa056.tar.gz samba-73891ca8e4f6cca6aa8bb0ae043f660a64baa056.tar.bz2 samba-73891ca8e4f6cca6aa8bb0ae043f660a64baa056.zip |
improving authentication code (tidyup).
(This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7)
Diffstat (limited to 'source3/rpc_server/srv_netlog.c')
-rw-r--r-- | source3/rpc_server/srv_netlog.c | 45 |
1 files changed, 14 insertions, 31 deletions
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 7ee45ada16..9c260d5759 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -630,43 +630,26 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, struct sam_passwd *smb_pass, user_struct *vuser) { - DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n", - id2->hdr_lm_chal_resp.str_str_len, - id2->hdr_nt_chal_resp.str_str_len)); + fstring user; + fstring domain; - /* JRA. Check the NT password first if it exists - this is a higher quality - password, if it exists and it doesn't match - fail. */ + int nt_pw_len = id2->hdr_nt_chal_resp.str_str_len >= 24; + int lm_pw_len = id2->hdr_lm_chal_resp.str_str_len >= 24; - if (id2->hdr_nt_chal_resp.str_str_len == 24 && - smb_pass->smb_nt_passwd != NULL) - { - if(smb_password_check((char *)id2->nt_chal_resp.buffer, - smb_pass->smb_nt_passwd, - id2->lm_chal)) - return 0x0; - else - return 0xC0000000 | NT_STATUS_WRONG_PASSWORD; - } + unistr2_to_ascii(user , &id2->uni_user_name, sizeof(user)-1); + unistr2_to_ascii(domain, &id2->uni_domain_name, sizeof(domain)-1); + + DEBUG(5,("net_login_network: lm_len:%d nt_len:%d user:%s domain:%s\n", + lm_pw_len, nt_pw_len, user, domain)); - /* lkclXXXX this is not a good place to put disabling of LM hashes in. - if that is to be done, first move this entire function into a - library routine that calls the two smb_password_check() functions. - if disabling LM hashes (which nt can do for security reasons) then - an attempt should be made to disable them everywhere (which nt does - not do, for various security-hole reasons). - */ - - if (id2->hdr_lm_chal_resp.str_str_len == 24 && - smb_password_check((char *)id2->lm_chal_resp.buffer, - smb_pass->smb_passwd, - id2->lm_chal)) + if (smb_password_ok(pwdb_sam_to_smb(smb_pass), id2->lm_chal, + user, domain, + (uchar *)id2->lm_chal_resp.buffer, lm_pw_len, + (uchar *)id2->nt_chal_resp.buffer, nt_pw_len)) { - return 0x0; + return 0x0; } - - /* oops! neither password check succeeded */ - return 0xC0000000 | NT_STATUS_WRONG_PASSWORD; } |