A small raft of changes, I will sync up with 1.9.18 also.

chgpasswd.c: Fixed typo in debug message.
includes.h: Fix include for aix.
kanji.c: Added cap_to_sj as inverse of sj_to_cap.
loadparm.c:
local.h:
password.c: Added code for "networkstation user login" parameter.
- patch from Rob Nielsen <ran@adc.com>.
printing.c: Added further aix printing fixes.
reply.c: Changed access time fetch to a function.
trans2.c: Changed access time fetch to a function.
time.c: Changed access time fetch to a function.
server.c: Made NT redirector workaround final.
util.c: Added debug for write_socket failing.
Jeremy.
(This used to be commit a031404623c22d62f8de035be2239f609af08112)

1 files changed, 39 insertions, 22 deletions

diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 0f8705d4be..607d01d2cf 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -514,9 +514,14 @@ static BOOL dfs_auth(char *this_user,char *password)
    * Assumes local passwd file is kept in sync w/ DCE RGY!
    */
 
-  if (!strcmp((char *)crypt(password,this_salt),this_crypted) ||
-      dcelogin_atmost_once)
-    return(False);
+  /* Fix for original (broken) code from Brett Wooldridge <brettw@austin.ibm.com> */
+  if (dce_login_atmost_once)
+    return (False);
+  /* This can be ifdefed as the DCE check below is stricter... */
+#ifndef NO_CRYPT
+  if ( strcmp((char *)crypt(password,this_salt),this_crypted) )
+    return (False);
+#endif
 
   if (sec_login_setup_identity(
 			       (unsigned char *)this_user,
@@ -1597,28 +1602,40 @@ BOOL server_validate(char *user, char *domain,
 		return False;
 	}
 
+        /*
+         * This patch from Rob Nielsen <ran@adc.com> makes doing
+         * the NetWksaUserLogon a dynamic, rather than compile-time
+         * parameter, defaulting to on. This is somewhat dangerous
+         * as it allows people to turn off this neccessary check,
+         * but so many people have had problems with this that I
+         * think it is a neccessary change. JRA.
+         */
+
+	if (lp_net_wksta_user_logon()) {
+		DEBUG(3,("trying NetWkstaUserLogon with password server %s\n", cli.desthost));
+		if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) {
+			DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost));
+			cli_tdis(&cli);
+			return False;
+		}
 
-#if USE_NETWKSTAUSERLOGON
-	if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) {
-		DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost));
-		cli_tdis(&cli);
-		return False;
-	}
-
-	if (cli.privilages == 0) {
-		DEBUG(1,("password server %s gave guest privilages\n", cli.desthost));
-		cli_tdis(&cli);
-		return False;
-	}
+		if (cli.privilages == 0) {
+			DEBUG(1,("password server %s gave guest privilages\n", cli.desthost));
+			cli_tdis(&cli);
+			return False;
+		}
 
-	if (!strequal(cli.eff_name, user)) {
-		DEBUG(1,("password server %s gave different username %s\n", 
-			 cli.desthost,
-			 cli.eff_name));
-		cli_tdis(&cli);
-		return False;
+		if (!strequal(cli.eff_name, user)) {
+			DEBUG(1,("password server %s gave different username %s\n", 
+			 	cli.desthost,
+			 	cli.eff_name));
+			cli_tdis(&cli);
+			return False;
+		}
 	}
-#endif
+        else {
+		DEBUG(3,("skipping NetWkstaUserLogon with password server %s\n", cli.desthost));
+        }
 
 	DEBUG(3,("password server %s accepted the password\n", cli.desthost));