summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/negprot.c3
-rw-r--r--source3/smbd/reply.c33
2 files changed, 24 insertions, 12 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 41e95b816d..74d8eb3983 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -411,7 +411,8 @@ int reply_negprot(connection_struct *conn,
{
p = smb_buf(inbuf)+1;
Index = 0;
- if (lp_maxprotocol() >= supported_protocols[protocol].protocol_level)
+ if ((supported_protocols[protocol].protocol_level <= lp_maxprotocol()) &&
+ (supported_protocols[protocol].protocol_level >= lp_minprotocol()))
while (p < (smb_buf(inbuf) + bcc))
{
if (strequal(p,supported_protocols[protocol].proto_name))
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 402f9db754..4e87782a48 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -700,6 +700,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
int smb_ntpasslen = 0;
pstring smb_ntpasswd;
BOOL valid_nt_password = False;
+ BOOL valid_lm_password = False;
pstring user;
pstring orig_user;
BOOL guest=False;
@@ -935,15 +936,11 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
* security=domain.
*/
- if (!guest &&
- !check_server_security(orig_user, domain, user,
- smb_apasswd, smb_apasslen,
- smb_ntpasswd, smb_ntpasslen) &&
- !check_domain_security(orig_user, domain, user,
- smb_apasswd, smb_apasslen,
- smb_ntpasswd, smb_ntpasslen) &&
- !check_hosts_equiv(user)
- )
+ if (!guest && !check_server_security(orig_user, domain, user,
+ smb_apasswd, smb_apasslen, smb_ntpasswd, smb_ntpasslen) &&
+ !check_domain_security(orig_user, domain, user, smb_apasswd,
+ smb_apasslen, smb_ntpasswd, smb_ntpasslen) &&
+ !check_hosts_equiv(user))
{
/*
@@ -959,12 +956,26 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
if(smb_ntpasslen)
{
if(!password_ok(user, smb_ntpasswd,smb_ntpasslen,NULL))
- DEBUG(2,("NT Password did not match for user '%s' ! Defaulting to Lanman\n", user));
+ DEBUG(2,("NT Password did not match for user '%s'!\n", user));
else
valid_nt_password = True;
}
+
+
+ /* check the LanMan password only if necessary and if allowed
+ by lp_lanman_auth() */
+ if (!valid_nt_password && lp_lanman_auth())
+ {
+ DEBUG(2,("Defaulting to Lanman password for %s\n", user));
+ valid_lm_password = password_ok(user, smb_apasswd,smb_apasslen,NULL);
+ }
+
- if (!valid_nt_password && !password_ok(user, smb_apasswd,smb_apasslen,NULL))
+ /* The true branch will be executed if
+ (1) the NT password failed (or was not tried), and
+ (2) LanMan authentication failed (or was disabled)
+ */
+ if (!valid_nt_password && !valid_lm_password)
{
if (lp_security() >= SEC_USER)
{