genrand.c: Improved generation of random values, more secure.

loadparm.c: Started add of 'security=domain' code.
password.c: Fix for security=server NT bugs.
reply.c: Started add of 'security=domain' code.
server.c: Started add of 'security=domain' code.
smb.h: Started add of 'security=domain' code.
Jeremy.
(This used to be commit e6bda112ebe0d41f54c4249b5c2e1f24011347e1)

1 files changed, 11 insertions, 1 deletions

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 2c4800b1c2..2f3b3660fc 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -515,7 +515,11 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
     passlen1 = MIN(passlen1, MAX_PASS_LEN);
     passlen2 = MIN(passlen2, MAX_PASS_LEN);
 
-    if(doencrypt || (lp_security() == SEC_SERVER)) {
+#ifdef DOMAIN_CLIENT
+    if(doencrypt || ((lp_security() == SEC_SERVER) || (lp_security() == SEC_DOMAIN))) {
+#else /* DOMAIN_CLIENT */
+    if(doencrypt || lp_security() == SEC_SERVER) {
+#endif /* DOMAIN_CLIENT */
       /* Save the lanman2 password and the NT md4 password. */
       smb_apasslen = passlen1;
       memcpy(smb_apasswd,p,smb_apasslen);
@@ -603,6 +607,12 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
 		  server_validate(user, domain, 
 				  smb_apasswd, smb_apasslen, 
 				  smb_ntpasswd, smb_ntpasslen)) &&
+#ifdef DOMAIN_CLIENT
+                !(lp_security() == SEC_DOMAIN &&
+                  domain_client_validate(user, domain,
+                                  smb_apasswd, smb_apasslen,
+                                  smb_ntpasswd, smb_ntpasslen)) &&
+#endif /* DOMAIN_CLIENT */
       !check_hosts_equiv(user))
     {