diff options
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/ipc.c | 2 | ||||
-rw-r--r-- | source3/smbd/password.c | 59 | ||||
-rw-r--r-- | source3/smbd/reply.c | 4 |
3 files changed, 37 insertions, 28 deletions
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index bfd618f325..df04cd82a0 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1653,7 +1653,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param * Older versions of Windows seem to do this. */ - if (password_ok(user,pass1,strlen(pass1),NULL) && + if (password_ok(user, pass1,strlen(pass1),NULL) && chgpasswd(user,pass1,pass2,False)) { SSVAL(*rparam,0,NERR_Success); diff --git a/source3/smbd/password.c b/source3/smbd/password.c index ac8210abf8..4df359f46c 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -449,39 +449,38 @@ check if a username/password is OK assuming the password is a 24 byte SMB hash return True if the password is correct, False otherwise ****************************************************************************/ -static BOOL pass_check_smb(char *user,char *password, struct passwd *pwd) +BOOL pass_check_smb(char *user, char *domain, + char *challenge, char *lm_pwd, char *nt_pwd, + struct passwd *pwd) { struct passwd *pass; - uchar challenge[8]; struct smb_passwd *smb_pass; - BOOL challenge_done; - if (!password) { + if (!lm_pwd || !nt_pwd) + { return(False); } - challenge_done = last_challenge(challenge); - - if (!challenge_done) { - DEBUG(0,("Error: challenge not done for user=%s\n", user)); - return False; - } - - if (pwd && !user) { + if (pwd != NULL && user == NULL) + { pass = (struct passwd *) pwd; user = pass->pw_name; - } else { + } + else + { pass = Get_Pwnam(user,True); } - if (!pass) { + if (pass != NULL) + { DEBUG(3,("Couldn't find user %s\n",user)); return(False); } smb_pass = getsmbpwnam(user); - if (!smb_pass) { + if (smb_pass != NULL) + { DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user)); return(False); } @@ -493,19 +492,20 @@ static BOOL pass_check_smb(char *user,char *password, struct passwd *pwd) } /* Ensure the uid's match */ - if (smb_pass->smb_userid != pass->pw_uid) { + if (smb_pass->smb_userid != pass->pw_uid) + { DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n")); return(False); } - if(password[0] == '\0' && smb_pass->acct_ctrl & ACB_PWNOTREQ && lp_null_passwords()) { + if (lm_pwd[0] == '\0' && IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ) && lp_null_passwords()) + { DEBUG(3,("account for user %s has no password and null passwords are allowed.\n", smb_pass->smb_name)); return(True); } - if (smb_password_ok(smb_pass, - (unsigned char *)password, - (uchar *)password)) { + if (smb_password_ok(smb_pass, (uchar *)lm_pwd, (uchar *)nt_pwd)) + { return(True); } @@ -518,12 +518,21 @@ check if a username/password pair is OK either via the system password database or the encrypted SMB password database return True if the password is correct, False otherwise ****************************************************************************/ -BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) +BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd) { - if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords())) { - /* if it is 24 bytes long then assume it is an encrypted - password */ - return pass_check_smb(user, password, pwd); + if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords())) + { + /* if 24 bytes long assume it is an encrypted password */ + uchar challenge[8]; + + if (!last_challenge(challenge)) + { + DEBUG(0,("Error: challenge not done for user=%s\n", user)); + return False; + } + + return pass_check_smb(user, global_myworkgroup, + challenge, password, password, pwd); } return pass_check(user, password, pwlen, pwd, diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 7cbd0520d9..5afc4593e6 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -651,12 +651,12 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int 128 length unicode */ if(smb_ntpasslen) { - if(!password_ok(user,smb_ntpasswd,smb_ntpasslen,NULL)) + if(!password_ok(user, smb_ntpasswd,smb_ntpasslen,NULL)) DEBUG(0,("NT Password did not match ! Defaulting to Lanman\n")); else valid_nt_password = True; } - if (!valid_nt_password && !password_ok(user,smb_apasswd,smb_apasslen,NULL)) + if (!valid_nt_password && !password_ok(user, smb_apasswd,smb_apasslen,NULL)) { if (lp_security() >= SEC_USER) { #if (GUEST_SESSSETUP == 0) |