Rolled back tree state to 11:59pm 8th November 1997 EST to

remove problems.
Jeremy
(This used to be commit 4a36ac236c2ad634f05efcd0179875d09988614a)

1 files changed, 139 insertions, 1 deletions

diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 7dd2133406..185fc68f5a 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -21,7 +21,7 @@
 
 #include "includes.h"
 
-#ifdef NETGROUP
+#if (defined(NETGROUP) && defined (AUTOMOUNT))
 #include "rpcsvc/ypclnt.h"
 #endif
 
@@ -1475,3 +1475,141 @@ BOOL check_hosts_equiv(char *user)
   return(False);
 }
 
+
+static struct cli_state cli;
+
+/****************************************************************************
+return the client state structure
+****************************************************************************/
+struct cli_state *server_client(void)
+{
+	return &cli;
+}
+
+/****************************************************************************
+support for server level security 
+****************************************************************************/
+struct cli_state *server_cryptkey(void)
+{
+	fstring desthost;
+	struct in_addr dest_ip;
+	extern fstring local_machine;
+	char *p;
+
+	if (!cli_initialise(&cli))
+		return NULL;
+	    
+	for (p=strtok(lp_passwordserver(),LIST_SEP); p ; p = strtok(NULL,LIST_SEP)) {
+		fstrcpy(desthost,p);
+		standard_sub_basic(desthost);
+		strupper(desthost);
+
+		dest_ip = *interpret_addr2(desthost);
+		if (zero_ip(dest_ip)) {
+			DEBUG(1,("Can't resolve address for %s\n",p));
+			continue;
+		}
+
+		if (ismyip(dest_ip)) {
+			DEBUG(1,("Password server loop - disabling password server %s\n",p));
+			continue;
+		}
+
+		if (cli_connect(&cli, desthost, &dest_ip)) {
+			DEBUG(3,("connected to password server %s\n",p));
+			break;
+		}
+	}
+
+	if (!p) {
+		DEBUG(1,("password server not available\n"));
+		cli_shutdown(&cli);
+		return NULL;
+	}
+
+	if (!cli_session_request(&cli, desthost, 0x20, local_machine)) {
+		DEBUG(1,("%s rejected the session\n",desthost));
+		cli_shutdown(&cli);
+		return NULL;
+	}
+
+	DEBUG(3,("got session\n"));
+
+	if (!cli_negprot(&cli)) {
+		DEBUG(1,("%s rejected the negprot\n",desthost));
+		cli_shutdown(&cli);
+		return NULL;
+	}
+
+	if (cli.protocol < PROTOCOL_LANMAN2 ||
+	    !(cli.sec_mode & 1)) {
+		DEBUG(1,("%s isn't in user level security mode\n",desthost));
+		cli_shutdown(&cli);
+		return NULL;
+	}
+
+	DEBUG(3,("password server OK\n"));
+
+	return &cli;
+}
+
+/****************************************************************************
+validate a password with the password server
+****************************************************************************/
+BOOL server_validate(char *user, char *domain, 
+		     char *pass, int passlen,
+		     char *ntpass, int ntpasslen)
+{
+	extern fstring local_machine;
+
+	if (!cli.initialised) {
+		DEBUG(1,("password server %s is not connected\n", cli.desthost));
+		return(False);
+	}  
+
+	if (!cli_session_setup(&cli, user, pass, passlen, ntpass, ntpasslen, domain)) {
+		DEBUG(1,("password server %s rejected the password\n", cli.desthost));
+		return False;
+	}
+
+	/* if logged in as guest then reject */
+	if ((SVAL(cli.inbuf,smb_vwv2) & 1) != 0) {
+		DEBUG(1,("password server %s gave us guest only\n", cli.desthost));
+		return(False);
+	}
+
+
+	if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
+		DEBUG(1,("password server %s refused IPC$ connect\n", cli.desthost));
+		return False;
+	}
+
+
+	if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) {
+		DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost));
+		cli_tdis(&cli);
+		return False;
+	}
+
+	if (cli.privilages == 0) {
+		DEBUG(1,("password server %s gave guest privilages\n", cli.desthost));
+		cli_tdis(&cli);
+		return False;
+	}
+
+	if (!strequal(cli.eff_name, user)) {
+		DEBUG(1,("password server %s gave different username %s\n", 
+			 cli.desthost,
+			 cli.eff_name));
+		cli_tdis(&cli);
+		return False;
+	}
+
+	DEBUG(3,("password server %s accepted the password\n", cli.desthost));
+
+	cli_tdis(&cli);
+
+	return(True);
+}
+
+