diff options
| author | Gerald Carter <jerry@samba.org> | 2001-03-09 18:59:16 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2001-03-09 18:59:16 +0000 |
| commit | 0bfc10011bd5cacecda8b59c36e80f676e5c7fa3 (patch) | |
| tree | c697a708da79caa3291c7844eb2148bccdf869ac /source3/smbd/reply.c | |
| parent | 53a331cfb271bd64bb26d0d433439e249adbbe71 (diff) | |
| download | samba-0bfc10011bd5cacecda8b59c36e80f676e5c7fa3.tar.gz samba-0bfc10011bd5cacecda8b59c36e80f676e5c7fa3.tar.bz2 samba-0bfc10011bd5cacecda8b59c36e80f676e5c7fa3.zip | |
merge of 'lanman auth' and 'min protocol' from 2.2
(This used to be commit 1d84da779a0fe3219d77686a493d2b2fa1f8072a)
Diffstat (limited to 'source3/smbd/reply.c')
| -rw-r--r-- | source3/smbd/reply.c | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 402f9db754..4e87782a48 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -700,6 +700,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int int smb_ntpasslen = 0; pstring smb_ntpasswd; BOOL valid_nt_password = False; + BOOL valid_lm_password = False; pstring user; pstring orig_user; BOOL guest=False; @@ -935,15 +936,11 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int * security=domain. */ - if (!guest && - !check_server_security(orig_user, domain, user, - smb_apasswd, smb_apasslen, - smb_ntpasswd, smb_ntpasslen) && - !check_domain_security(orig_user, domain, user, - smb_apasswd, smb_apasslen, - smb_ntpasswd, smb_ntpasslen) && - !check_hosts_equiv(user) - ) + if (!guest && !check_server_security(orig_user, domain, user, + smb_apasswd, smb_apasslen, smb_ntpasswd, smb_ntpasslen) && + !check_domain_security(orig_user, domain, user, smb_apasswd, + smb_apasslen, smb_ntpasswd, smb_ntpasslen) && + !check_hosts_equiv(user)) { /* @@ -959,12 +956,26 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int if(smb_ntpasslen) { if(!password_ok(user, smb_ntpasswd,smb_ntpasslen,NULL)) - DEBUG(2,("NT Password did not match for user '%s' ! Defaulting to Lanman\n", user)); + DEBUG(2,("NT Password did not match for user '%s'!\n", user)); else valid_nt_password = True; } + + + /* check the LanMan password only if necessary and if allowed + by lp_lanman_auth() */ + if (!valid_nt_password && lp_lanman_auth()) + { + DEBUG(2,("Defaulting to Lanman password for %s\n", user)); + valid_lm_password = password_ok(user, smb_apasswd,smb_apasslen,NULL); + } + - if (!valid_nt_password && !password_ok(user, smb_apasswd,smb_apasslen,NULL)) + /* The true branch will be executed if + (1) the NT password failed (or was not tried), and + (2) LanMan authentication failed (or was disabled) + */ + if (!valid_nt_password && !valid_lm_password) { if (lp_security() >= SEC_USER) { |