From e16e7146b378e8e89bf25adc66d806bac7feaeb6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 26 May 2009 12:48:58 +0200 Subject: s3:smbd: move negprot related globals to struct smbd_server_connection metze --- source3/auth/auth_compat.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) (limited to 'source3/auth/auth_compat.c') diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c index 925c0d4f81..d8087e6588 100644 --- a/source3/auth/auth_compat.c +++ b/source3/auth/auth_compat.c @@ -62,7 +62,8 @@ NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_pass return nt_status; } -static NTSTATUS pass_check_smb(const char *smb_name, +static NTSTATUS pass_check_smb(struct auth_context *actx, + const char *smb_name, const char *domain, DATA_BLOB lm_pwd, DATA_BLOB nt_pwd, @@ -72,14 +73,16 @@ static NTSTATUS pass_check_smb(const char *smb_name, { NTSTATUS nt_status; auth_serversupplied_info *server_info = NULL; - if (encrypted) { + if (encrypted) { auth_usersupplied_info *user_info = NULL; + if (actx == NULL) { + return NT_STATUS_INTERNAL_ERROR; + } make_user_info_for_reply_enc(&user_info, smb_name, domain, lm_pwd, nt_pwd); - nt_status = negprot_global_auth_context->check_ntlm_password(negprot_global_auth_context, - user_info, &server_info); + nt_status = actx->check_ntlm_password(actx, user_info, &server_info); free_user_info(&user_info); } else { nt_status = check_plaintext_password(smb_name, plaintext_password, &server_info); @@ -93,11 +96,12 @@ check if a username/password pair is ok via the auth subsystem. return True if the password is correct, False otherwise ****************************************************************************/ -bool password_ok(const char *smb_name, DATA_BLOB password_blob) +bool password_ok(struct auth_context *actx, bool global_encrypted, + const char *smb_name, DATA_BLOB password_blob) { DATA_BLOB null_password = data_blob_null; - bool encrypted = (global_encrypted_passwords_negotiated && (password_blob.length == 24 || password_blob.length > 46)); + bool encrypted = (global_encrypted && (password_blob.length == 24 || password_blob.length > 46)); if (encrypted) { /* @@ -106,23 +110,23 @@ bool password_ok(const char *smb_name, DATA_BLOB password_blob) * Vista sends NTLMv2 here - we need to try the client given workgroup. */ if (get_session_workgroup()) { - if (NT_STATUS_IS_OK(pass_check_smb(smb_name, get_session_workgroup(), null_password, password_blob, null_password, encrypted))) { + if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, get_session_workgroup(), null_password, password_blob, null_password, encrypted))) { return True; } - if (NT_STATUS_IS_OK(pass_check_smb(smb_name, get_session_workgroup(), password_blob, null_password, null_password, encrypted))) { + if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, get_session_workgroup(), password_blob, null_password, null_password, encrypted))) { return True; } } - if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) { + if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) { return True; } - if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), password_blob, null_password, null_password, encrypted))) { + if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), password_blob, null_password, null_password, encrypted))) { return True; } } else { - if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, null_password, password_blob, encrypted))) { + if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), null_password, null_password, password_blob, encrypted))) { return True; } } -- cgit