summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>1998-04-02 01:07:53 +0000
committerJeremy Allison <jra@samba.org>1998-04-02 01:07:53 +0000
commit77e4dd247863d02c30240a318f6cd8f82916e30d (patch)
treeb6a3b6089c63c5df987701b8d4cbabc804d77ab3 /source3
parent612cbb6a6039c2cafb3de5e644f23a2a26d6c645 (diff)
downloadsamba-77e4dd247863d02c30240a318f6cd8f82916e30d.tar.gz
samba-77e4dd247863d02c30240a318f6cd8f82916e30d.tar.bz2
samba-77e4dd247863d02c30240a318f6cd8f82916e30d.zip
Changed code to check NT password *first* - if it exists.
The NT password is a higher quality password, and should always be looked at before the LM password, if available (sorry, Luke, just a minor change, the other changes you made were fine :-). Jeremy. (This used to be commit c1367bf5336485ceafd7125f608dc923ecebd32d)
Diffstat (limited to 'source3')
-rw-r--r--source3/rpc_server/srv_netlog.c25
1 files changed, 14 insertions, 11 deletions
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index 1b66b8061f..a08ea2395b 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -526,7 +526,20 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2,
id2->lm_chal_resp.str_str_len,
id2->nt_chal_resp.str_str_len));
- /* check the lm password, first. */
+ /* JRA. Check the NT password first if it exists - this is a higher quality
+ password, if it exists and it doesn't match - fail. */
+
+ if (id2->nt_chal_resp.str_str_len == 24 &&
+ smb_pass->smb_nt_passwd != NULL)
+ {
+ if(smb_password_check(id2->nt_chal_resp.buffer,
+ smb_pass->smb_nt_passwd,
+ id2->lm_chal))
+ return 0x0;
+ else
+ return 0xC0000000 | NT_STATUS_WRONG_PASSWORD;
+ }
+
/* lkclXXXX this is not a good place to put disabling of LM hashes in.
if that is to be done, first move this entire function into a
library routine that calls the two smb_password_check() functions.
@@ -543,16 +556,6 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2,
return 0x0;
}
- /* now check the nt password, if it exists */
-
- if (id2->nt_chal_resp.str_str_len == 24 &&
- smb_pass->smb_nt_passwd != NULL &&
- smb_password_check(id2->nt_chal_resp.buffer,
- smb_pass->smb_nt_passwd,
- id2->lm_chal))
- {
- return 0x0;
- }
/* oops! neither password check succeeded */