diff options
| author | Luke Leighton <lkcl@samba.org> | 1997-11-09 17:30:10 +0000 |
|---|---|---|
| committer | Luke Leighton <lkcl@samba.org> | 1997-11-09 17:30:10 +0000 |
| commit | e357d9106895b165bfa3f8331b9f186004c9a6cd (patch) | |
| tree | 52e18b1e8f0770f89d157c6766745ed201df11a6 /source3/smbd/password.c | |
| parent | a81dd62af0321e0c78f81ea79605dade3e563f7a (diff) | |
| download | samba-e357d9106895b165bfa3f8331b9f186004c9a6cd.tar.gz samba-e357d9106895b165bfa3f8331b9f186004c9a6cd.tar.bz2 samba-e357d9106895b165bfa3f8331b9f186004c9a6cd.zip | |
attempting to mark up 32 bit error codes, needed for NT domains.
separated out smb server-mode password validation into a separate file.
added called and calling netbios names to client gen state: referenced
section in rfc1002.txt.
created workstation trust account checking code in ntclient.c
there might be a bug in reply_session_setup_andX. i indented and added { }
around single-line if statements: the lm password checking code now doesn't
look right (around the GUEST_SESSSETUP bits). *no code semantics have been
changed by the indentation process*.
(This used to be commit f27966957fa7f16d337a4a58719239d036deab4c)
Diffstat (limited to 'source3/smbd/password.c')
| -rw-r--r-- | source3/smbd/password.c | 140 |
1 files changed, 1 insertions, 139 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 185fc68f5a..7dd2133406 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -21,7 +21,7 @@ #include "includes.h" -#if (defined(NETGROUP) && defined (AUTOMOUNT)) +#ifdef NETGROUP #include "rpcsvc/ypclnt.h" #endif @@ -1475,141 +1475,3 @@ BOOL check_hosts_equiv(char *user) return(False); } - -static struct cli_state cli; - -/**************************************************************************** -return the client state structure -****************************************************************************/ -struct cli_state *server_client(void) -{ - return &cli; -} - -/**************************************************************************** -support for server level security -****************************************************************************/ -struct cli_state *server_cryptkey(void) -{ - fstring desthost; - struct in_addr dest_ip; - extern fstring local_machine; - char *p; - - if (!cli_initialise(&cli)) - return NULL; - - for (p=strtok(lp_passwordserver(),LIST_SEP); p ; p = strtok(NULL,LIST_SEP)) { - fstrcpy(desthost,p); - standard_sub_basic(desthost); - strupper(desthost); - - dest_ip = *interpret_addr2(desthost); - if (zero_ip(dest_ip)) { - DEBUG(1,("Can't resolve address for %s\n",p)); - continue; - } - - if (ismyip(dest_ip)) { - DEBUG(1,("Password server loop - disabling password server %s\n",p)); - continue; - } - - if (cli_connect(&cli, desthost, &dest_ip)) { - DEBUG(3,("connected to password server %s\n",p)); - break; - } - } - - if (!p) { - DEBUG(1,("password server not available\n")); - cli_shutdown(&cli); - return NULL; - } - - if (!cli_session_request(&cli, desthost, 0x20, local_machine)) { - DEBUG(1,("%s rejected the session\n",desthost)); - cli_shutdown(&cli); - return NULL; - } - - DEBUG(3,("got session\n")); - - if (!cli_negprot(&cli)) { - DEBUG(1,("%s rejected the negprot\n",desthost)); - cli_shutdown(&cli); - return NULL; - } - - if (cli.protocol < PROTOCOL_LANMAN2 || - !(cli.sec_mode & 1)) { - DEBUG(1,("%s isn't in user level security mode\n",desthost)); - cli_shutdown(&cli); - return NULL; - } - - DEBUG(3,("password server OK\n")); - - return &cli; -} - -/**************************************************************************** -validate a password with the password server -****************************************************************************/ -BOOL server_validate(char *user, char *domain, - char *pass, int passlen, - char *ntpass, int ntpasslen) -{ - extern fstring local_machine; - - if (!cli.initialised) { - DEBUG(1,("password server %s is not connected\n", cli.desthost)); - return(False); - } - - if (!cli_session_setup(&cli, user, pass, passlen, ntpass, ntpasslen, domain)) { - DEBUG(1,("password server %s rejected the password\n", cli.desthost)); - return False; - } - - /* if logged in as guest then reject */ - if ((SVAL(cli.inbuf,smb_vwv2) & 1) != 0) { - DEBUG(1,("password server %s gave us guest only\n", cli.desthost)); - return(False); - } - - - if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) { - DEBUG(1,("password server %s refused IPC$ connect\n", cli.desthost)); - return False; - } - - - if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) { - DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost)); - cli_tdis(&cli); - return False; - } - - if (cli.privilages == 0) { - DEBUG(1,("password server %s gave guest privilages\n", cli.desthost)); - cli_tdis(&cli); - return False; - } - - if (!strequal(cli.eff_name, user)) { - DEBUG(1,("password server %s gave different username %s\n", - cli.desthost, - cli.eff_name)); - cli_tdis(&cli); - return False; - } - - DEBUG(3,("password server %s accepted the password\n", cli.desthost)); - - cli_tdis(&cli); - - return(True); -} - - |