diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2001-09-26 13:55:59 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2001-09-26 13:55:59 +0000 |
| commit | 41821943daef5a4fd077e38068539ae4e24121b3 (patch) | |
| tree | 3694b89ec3ea0c5fb67c97a112940b2a16210f26 /source3/smbd/negprot.c | |
| parent | 865467c82f39a98afa3c65f25b7e24137f904e93 (diff) | |
| download | samba-41821943daef5a4fd077e38068539ae4e24121b3.tar.gz samba-41821943daef5a4fd077e38068539ae4e24121b3.tar.bz2 samba-41821943daef5a4fd077e38068539ae4e24121b3.zip | |
Kill of the reply.c end of the workstaion trust account mess.
Fix the NT errror codes, this time in line with WinXP/2k.
- Return the normal error codes, expect for bad user/bad password. These map
to logon failure, as a quick security hack. We follow suit.
Simplfy some of the password extraction code, the auth subsytem has the
intelegence to sort this stuff out, no need to do it here.
Move to 'global_encrypted_passwords_negotiated' to determine the use of
unencrypted hacks, replacing the current mess.
Andrew Bartlett
(This used to be commit c04f063573c61d8ef3f43815bbb9b6b076dc23eb)
Diffstat (limited to 'source3/smbd/negprot.c')
| -rw-r--r-- | source3/smbd/negprot.c | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index b065cab53e..82222e6725 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -26,6 +26,7 @@ extern int Protocol; extern int max_recv; extern fstring global_myworkgroup; extern fstring remote_machine; +BOOL global_encrypted_passwords_negotiated; /**************************************************************************** reply for the core protocol @@ -66,16 +67,17 @@ static int reply_lanman1(char *outbuf) { int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0); int secword=0; - BOOL doencrypt = lp_encrypted_passwords(); time_t t = time(NULL); + global_encrypted_passwords_negotiated = lp_encrypted_passwords(); + if (lp_security()>=SEC_USER) secword |= 1; - if (doencrypt) secword |= 2; + if (global_encrypted_passwords_negotiated) secword |= 2; - set_message(outbuf,13,doencrypt?8:0,True); + set_message(outbuf,13,global_encrypted_passwords_negotiated?8:0,True); SSVAL(outbuf,smb_vwv1,secword); /* Create a token value and add it to the outgoing packet. */ - if (doencrypt) + if (global_encrypted_passwords_negotiated) generate_next_challenge(smb_buf(outbuf)); Protocol = PROTOCOL_LANMAN1; @@ -103,25 +105,26 @@ static int reply_lanman2(char *outbuf) { int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0); int secword=0; - BOOL doencrypt = lp_encrypted_passwords(); time_t t = time(NULL); struct cli_state *cli = NULL; char cryptkey[8]; char crypt_len = 0; + global_encrypted_passwords_negotiated = lp_encrypted_passwords(); + if (lp_security() == SEC_SERVER) { cli = server_cryptkey(); } if (cli) { DEBUG(3,("using password server validation\n")); - doencrypt = ((cli->sec_mode & 2) != 0); + global_encrypted_passwords_negotiated = ((cli->sec_mode & 2) != 0); } if (lp_security()>=SEC_USER) secword |= 1; - if (doencrypt) secword |= 2; + if (global_encrypted_passwords_negotiated) secword |= 2; - if (doencrypt) { + if (global_encrypted_passwords_negotiated) { crypt_len = 8; if (!cli) { generate_next_challenge(cryptkey); @@ -134,7 +137,7 @@ static int reply_lanman2(char *outbuf) set_message(outbuf,13,crypt_len,True); SSVAL(outbuf,smb_vwv1,secword); SIVAL(outbuf,smb_vwv6,sys_getpid()); - if (doencrypt) + if (global_encrypted_passwords_negotiated) memcpy(smb_buf(outbuf), cryptkey, 8); Protocol = PROTOCOL_LANMAN2; @@ -162,13 +165,14 @@ static int reply_nt1(char *outbuf) CAP_LEVEL_II_OPLOCKS|CAP_STATUS32; int secword=0; - BOOL doencrypt = lp_encrypted_passwords(); time_t t = time(NULL); struct cli_state *cli = NULL; char cryptkey[8]; char crypt_len = 0; char *p, *q; + global_encrypted_passwords_negotiated = lp_encrypted_passwords(); + if (lp_security() == SEC_SERVER) { DEBUG(5,("attempting password server validation\n")); cli = server_cryptkey(); @@ -178,12 +182,12 @@ static int reply_nt1(char *outbuf) if (cli) { DEBUG(3,("using password server validation\n")); - doencrypt = ((cli->sec_mode & 2) != 0); + global_encrypted_passwords_negotiated = ((cli->sec_mode & 2) != 0); } else { DEBUG(3,("not using password server validation\n")); } - if (doencrypt) { + if (global_encrypted_passwords_negotiated) { crypt_len = 8; if (!cli) { generate_next_challenge(cryptkey); @@ -216,7 +220,7 @@ static int reply_nt1(char *outbuf) capabilities |= CAP_DFS; if (lp_security() >= SEC_USER) secword |= 1; - if (doencrypt) secword |= 2; + if (global_encrypted_passwords_negotiated) secword |= 2; set_message(outbuf,17,0,True); @@ -235,7 +239,7 @@ static int reply_nt1(char *outbuf) SSVALS(outbuf,smb_vwv15+1,TimeDiff(t)/60); p = q = smb_buf(outbuf); - if (doencrypt) memcpy(p, cryptkey, 8); + if (global_encrypted_passwords_negotiated) memcpy(p, cryptkey, 8); p += 8; p += srvstr_push(outbuf, p, global_myworkgroup, -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN); |