summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h5
-rw-r--r--source3/rpc_client/cli_pipe.c2
-rw-r--r--source3/rpc_server/srv_util.c2
-rw-r--r--source3/smbd/ipc.c2
-rw-r--r--source3/smbd/password.c59
-rw-r--r--source3/smbd/reply.c4
6 files changed, 43 insertions, 31 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 2a61a05f6d..63f4d624dc 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1259,7 +1259,7 @@ BOOL change_trust_account_password( char *domain, char *remote_machine_list);
BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
prs_struct *data, prs_struct *rdata);
-BOOL cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs);
+void cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs);
BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name);
void cli_nt_session_close(struct cli_state *cli);
@@ -2196,6 +2196,9 @@ void add_session_user(char *user);
BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned char *c8);
BOOL smb_password_ok(struct smb_passwd *smb_pass,
uchar lm_pass[24], uchar nt_pass[24]);
+BOOL pass_check_smb(char *user, char *domain,
+ char *challenge, char *lm_pwd, char *nt_pwd,
+ struct passwd *pwd);
BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd);
BOOL user_ok(char *user,int snum);
BOOL authorise_login(int snum,char *user,char *password, int pwlen,
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 9a54e15dae..0fe248068e 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -957,7 +957,7 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
set ntlmssp negotiation flags
****************************************************************************/
-BOOL cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs)
+void cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs)
{
cli->ntlmssp_cli_flgs = ntlmssp_flgs;
}
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index dc0918f1bf..76f113374d 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -244,7 +244,7 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf));
#ifdef DEBUG_PASSWORD
- DEBUG(100,"lm, nt owfs:\n"));
+ DEBUG(100,("lm, nt owfs:\n"));
dump_data(100, lm_owf, sizeof(lm_owf));
dump_data(100, nt_owf, sizeof(nt_owf));
#endif
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index bfd618f325..df04cd82a0 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -1653,7 +1653,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param
* Older versions of Windows seem to do this.
*/
- if (password_ok(user,pass1,strlen(pass1),NULL) &&
+ if (password_ok(user, pass1,strlen(pass1),NULL) &&
chgpasswd(user,pass1,pass2,False))
{
SSVAL(*rparam,0,NERR_Success);
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index ac8210abf8..4df359f46c 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -449,39 +449,38 @@ check if a username/password is OK assuming the password is a 24 byte
SMB hash
return True if the password is correct, False otherwise
****************************************************************************/
-static BOOL pass_check_smb(char *user,char *password, struct passwd *pwd)
+BOOL pass_check_smb(char *user, char *domain,
+ char *challenge, char *lm_pwd, char *nt_pwd,
+ struct passwd *pwd)
{
struct passwd *pass;
- uchar challenge[8];
struct smb_passwd *smb_pass;
- BOOL challenge_done;
- if (!password) {
+ if (!lm_pwd || !nt_pwd)
+ {
return(False);
}
- challenge_done = last_challenge(challenge);
-
- if (!challenge_done) {
- DEBUG(0,("Error: challenge not done for user=%s\n", user));
- return False;
- }
-
- if (pwd && !user) {
+ if (pwd != NULL && user == NULL)
+ {
pass = (struct passwd *) pwd;
user = pass->pw_name;
- } else {
+ }
+ else
+ {
pass = Get_Pwnam(user,True);
}
- if (!pass) {
+ if (pass != NULL)
+ {
DEBUG(3,("Couldn't find user %s\n",user));
return(False);
}
smb_pass = getsmbpwnam(user);
- if (!smb_pass) {
+ if (smb_pass != NULL)
+ {
DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user));
return(False);
}
@@ -493,19 +492,20 @@ static BOOL pass_check_smb(char *user,char *password, struct passwd *pwd)
}
/* Ensure the uid's match */
- if (smb_pass->smb_userid != pass->pw_uid) {
+ if (smb_pass->smb_userid != pass->pw_uid)
+ {
DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n"));
return(False);
}
- if(password[0] == '\0' && smb_pass->acct_ctrl & ACB_PWNOTREQ && lp_null_passwords()) {
+ if (lm_pwd[0] == '\0' && IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ) && lp_null_passwords())
+ {
DEBUG(3,("account for user %s has no password and null passwords are allowed.\n", smb_pass->smb_name));
return(True);
}
- if (smb_password_ok(smb_pass,
- (unsigned char *)password,
- (uchar *)password)) {
+ if (smb_password_ok(smb_pass, (uchar *)lm_pwd, (uchar *)nt_pwd))
+ {
return(True);
}
@@ -518,12 +518,21 @@ check if a username/password pair is OK either via the system password
database or the encrypted SMB password database
return True if the password is correct, False otherwise
****************************************************************************/
-BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
+BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd)
{
- if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords())) {
- /* if it is 24 bytes long then assume it is an encrypted
- password */
- return pass_check_smb(user, password, pwd);
+ if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords()))
+ {
+ /* if 24 bytes long assume it is an encrypted password */
+ uchar challenge[8];
+
+ if (!last_challenge(challenge))
+ {
+ DEBUG(0,("Error: challenge not done for user=%s\n", user));
+ return False;
+ }
+
+ return pass_check_smb(user, global_myworkgroup,
+ challenge, password, password, pwd);
}
return pass_check(user, password, pwlen, pwd,
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 7cbd0520d9..5afc4593e6 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -651,12 +651,12 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
128 length unicode */
if(smb_ntpasslen)
{
- if(!password_ok(user,smb_ntpasswd,smb_ntpasslen,NULL))
+ if(!password_ok(user, smb_ntpasswd,smb_ntpasslen,NULL))
DEBUG(0,("NT Password did not match ! Defaulting to Lanman\n"));
else
valid_nt_password = True;
}
- if (!valid_nt_password && !password_ok(user,smb_apasswd,smb_apasslen,NULL))
+ if (!valid_nt_password && !password_ok(user, smb_apasswd,smb_apasslen,NULL))
{
if (lp_security() >= SEC_USER) {
#if (GUEST_SESSSETUP == 0)