diff options
author | Jeremy Allison <jra@samba.org> | 1998-02-07 12:15:20 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 1998-02-07 12:15:20 +0000 |
commit | 5546e28e69b1a43dbb48e024e233d8ebf7fa667a (patch) | |
tree | c2a05cb21a5d1d420f7b7690980539f0896564c2 /source3/smbd/password.c | |
parent | eefff40c6796638695e93b0503cff8ffdfc06596 (diff) | |
download | samba-5546e28e69b1a43dbb48e024e233d8ebf7fa667a.tar.gz samba-5546e28e69b1a43dbb48e024e233d8ebf7fa667a.tar.bz2 samba-5546e28e69b1a43dbb48e024e233d8ebf7fa667a.zip |
A small raft of changes, I will sync up with 1.9.18 also.
chgpasswd.c: Fixed typo in debug message.
includes.h: Fix include for aix.
kanji.c: Added cap_to_sj as inverse of sj_to_cap.
loadparm.c:
local.h:
password.c: Added code for "networkstation user login" parameter.
- patch from Rob Nielsen <ran@adc.com>.
printing.c: Added further aix printing fixes.
reply.c: Changed access time fetch to a function.
trans2.c: Changed access time fetch to a function.
time.c: Changed access time fetch to a function.
server.c: Made NT redirector workaround final.
util.c: Added debug for write_socket failing.
Jeremy.
(This used to be commit a031404623c22d62f8de035be2239f609af08112)
Diffstat (limited to 'source3/smbd/password.c')
-rw-r--r-- | source3/smbd/password.c | 61 |
1 files changed, 39 insertions, 22 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 0f8705d4be..607d01d2cf 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -514,9 +514,14 @@ static BOOL dfs_auth(char *this_user,char *password) * Assumes local passwd file is kept in sync w/ DCE RGY! */ - if (!strcmp((char *)crypt(password,this_salt),this_crypted) || - dcelogin_atmost_once) - return(False); + /* Fix for original (broken) code from Brett Wooldridge <brettw@austin.ibm.com> */ + if (dce_login_atmost_once) + return (False); + /* This can be ifdefed as the DCE check below is stricter... */ +#ifndef NO_CRYPT + if ( strcmp((char *)crypt(password,this_salt),this_crypted) ) + return (False); +#endif if (sec_login_setup_identity( (unsigned char *)this_user, @@ -1597,28 +1602,40 @@ BOOL server_validate(char *user, char *domain, return False; } + /* + * This patch from Rob Nielsen <ran@adc.com> makes doing + * the NetWksaUserLogon a dynamic, rather than compile-time + * parameter, defaulting to on. This is somewhat dangerous + * as it allows people to turn off this neccessary check, + * but so many people have had problems with this that I + * think it is a neccessary change. JRA. + */ + + if (lp_net_wksta_user_logon()) { + DEBUG(3,("trying NetWkstaUserLogon with password server %s\n", cli.desthost)); + if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) { + DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost)); + cli_tdis(&cli); + return False; + } -#if USE_NETWKSTAUSERLOGON - if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) { - DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost)); - cli_tdis(&cli); - return False; - } - - if (cli.privilages == 0) { - DEBUG(1,("password server %s gave guest privilages\n", cli.desthost)); - cli_tdis(&cli); - return False; - } + if (cli.privilages == 0) { + DEBUG(1,("password server %s gave guest privilages\n", cli.desthost)); + cli_tdis(&cli); + return False; + } - if (!strequal(cli.eff_name, user)) { - DEBUG(1,("password server %s gave different username %s\n", - cli.desthost, - cli.eff_name)); - cli_tdis(&cli); - return False; + if (!strequal(cli.eff_name, user)) { + DEBUG(1,("password server %s gave different username %s\n", + cli.desthost, + cli.eff_name)); + cli_tdis(&cli); + return False; + } } -#endif + else { + DEBUG(3,("skipping NetWkstaUserLogon with password server %s\n", cli.desthost)); + } DEBUG(3,("password server %s accepted the password\n", cli.desthost)); |