charcnv.c: Added codepage 866 support onto the file system. Patch

from Max Khon <max@iclub.nsu.ru>.
chgpasswd.c: Allow old RAP change password to work with encrypted
passwords. Samba can now allow Windows 95/NT clients to securely
change the Lanman password ! (But not the NT hash - that gets lost).
ipc.c:
smbdes.c:
smbpass.c: Support for the above.
server.c: #ifdef'ed out fix for NT redirector bug.
util.c: Fix NIS bug with server name.
Jeremy.
(This used to be commit cd9fad92d0316e5a0007ba3c5668906dc2f011f1)

3 files changed, 116 insertions, 4 deletions

diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 17401410ce..1502cd1219 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -398,3 +398,86 @@ BOOL chgpasswd(char *name,char *oldpass,char *newpass)
   return(False);
 }
 #endif
+
+/***********************************************************
+ Code to check the lanman hashed password.
+************************************************************/
+
+BOOL check_lanman_password(char *user, unsigned char *pass1, 
+                           unsigned char *pass2, struct smb_passwd **psmbpw)
+{
+  unsigned char unenc_new_pw[16];
+  unsigned char unenc_old_pw[16];
+  struct smb_passwd *smbpw;
+
+  *psmbpw = NULL;
+
+  become_root(0);
+  smbpw = get_smbpwd_entry(user, 0);
+  unbecome_root(0);
+
+  if(smbpw == NULL)
+  {
+    DEBUG(0,("check_lanman_password: get_smbpwd_entry returned NULL\n"));
+    return False;
+  }
+
+  if(smbpw->smb_passwd == NULL)
+  {
+    DEBUG(0,("check_lanman_password: no lanman password !\n"));
+    return False;
+  }
+
+  /* Get the new lanman hash. */
+  D_P16(smbpw->smb_passwd, pass2, unenc_new_pw);
+
+  /* Use this to get the old lanman hash. */
+  D_P16(unenc_new_pw, pass1, unenc_old_pw);
+
+  /* Check that the two old passwords match. */
+  if(memcmp(smbpw->smb_passwd, unenc_old_pw, 16))
+  {
+    DEBUG(0,("check_lanman_password: old password doens't match.\n"));
+    return False;
+  }
+
+  *psmbpw = smbpw;
+  return True;
+}
+
+/***********************************************************
+ Code to change the lanman hashed password.
+ It nulls out the NT hashed password as it will
+ no longer be valid.
+************************************************************/
+
+BOOL change_lanman_password(struct smb_passwd *smbpw, char *pass1, char *pass2)
+{
+  char unenc_new_pw[16];
+  BOOL ret;
+
+  if(smbpw == NULL)
+  { 
+    DEBUG(0,("change_lanman_password: get_smbpwd_entry returned NULL\n"));
+    return False;
+  }
+
+  if(smbpw->smb_passwd == NULL)
+  {
+    DEBUG(0,("change_lanman_password: no lanman password !\n"));
+    return False;
+  }
+
+  /* Get the new lanman hash. */
+  D_P16(smbpw->smb_passwd, pass2, unenc_new_pw);
+
+  smbpw->smb_passwd = unenc_new_pw;
+  smbpw->smb_nt_passwd = NULL; /* We lose the NT hash. Sorry. */
+
+  /* Now write it into the file. */
+  become_root(0);
+  ret = mod_smbpwd_entry(smbpw);
+  unbecome_root(0);
+    
+  return ret;
+}
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index ee2aec8c22..e3db823a9d 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -1141,7 +1141,7 @@ static BOOL api_RNetServerEnum(int cnum, uint16 vuid, char *param, char *data,
   uint32 servertype = IVAL(p,4);
   char *p2;
   int data_len, fixed_len, string_len;
-  int f_len, s_len;
+  int f_len = 0, s_len = 0;
   struct srv_info_struct *servers=NULL;
   int counted=0,total=0;
   int i,missed;
@@ -1421,7 +1421,7 @@ static BOOL api_RNetShareEnum(int cnum,uint16 vuid, char *param,char *data,
   int total=0,counted=0;
   int i;
   int data_len, fixed_len, string_len;
-  int f_len, s_len;
+  int f_len = 0, s_len = 0;
  
   if (!prefix_ok(str1,"WrLeh")) return False;
   if (!check_share_info(uLevel,str2)) return False;
@@ -1532,8 +1532,8 @@ static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data,
 
   p = skip_string(p,1);
 
-  StrnCpy(pass1,p,16);
-  StrnCpy(pass2,p+16,16);
+  memcpy(pass1,p,16);
+  memcpy(pass2,p+16,16);
 
   *rparam_len = 4;
   *rparam = REALLOC(*rparam,*rparam_len);
@@ -1545,12 +1545,34 @@ static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data,
 
   DEBUG(3,("Set password for <%s>\n",user));
 
+  /*
+   * Attempt the plaintext password change first.
+   * Older versions of Windows seem to do this.
+   */
+
   if (password_ok(user,pass1,strlen(pass1),NULL) &&
       chgpasswd(user,pass1,pass2))
   {
     SSVAL(*rparam,0,NERR_Success);
   }
 
+  /*
+   * If the plaintext change failed, attempt
+   * the encrypted. NT will generate this
+   * after trying the samr method.
+   */
+
+  if(SVAL(*rparam,0) != NERR_Success)
+  {
+    struct smb_passwd *smbpw = NULL;
+
+    if(check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &smbpw) && 
+       change_lanman_password(smbpw,(unsigned char *)pass1,(unsigned char *)pass2))
+    {
+      SSVAL(*rparam,0,NERR_Success);
+    }
+  }
+
   bzero(pass1,sizeof(fstring));
   bzero(pass2,sizeof(fstring));	 
 	 
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index bf635fc27a..751039070f 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1637,6 +1637,13 @@ BOOL check_file_sharing(int cnum,char *fname, BOOL rename_op)
           {
             DEBUG(0,("check_file_sharing: NT redirector workaround - rename attempted on \
 batch oplocked file %s, dev = %x, inode = %x\n", fname, dev, inode));
+#if 0
+            /* 
+             * This next line is a test that allows the deny-mode
+             * processing to be skipped. JRA.
+             */ 
+            continue;
+#endif
           }
           else
           {