From c19598f2a6a3329e973e14e389e0577ebb914f3b Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 8 Nov 2002 23:08:59 +0000
Subject: Merge from HEAD:

 - change auth_sam to use the initialisation flags to determine if
	 the password attributes are set

 - add const to secrets.c, cliconnect.c

 - passdb:  fix spelling in pdb_ldap, add group mapping back to smbpasswd

 - SAMR: add debugs to show what fails for group enum.

Andrew Bartlett
(This used to be commit 4e74d00b3634abf52aa24bfaa6dbe88202aa57a1)
---
 source3/auth/auth_sam.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

(limited to 'source3/auth')

diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index bc98f46dc2..7252193c9a 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -162,12 +162,9 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
 		}		
 	}
 
-	nt_pw = pdb_get_nt_passwd(sampass);
-	lm_pw = pdb_get_lanman_passwd(sampass);
-	
 	auth_flags = user_info->auth_flags;
 
-	if (nt_pw == NULL) {
+	if (IS_SAM_DEFAULT(sampass, PDB_NTPASSWD)) {
 		DEBUG(3,("sam_password_ok: NO NT password stored for user %s.\n", 
 			 pdb_get_username(sampass)));
 		/* No return, we want to check the LM hash below in this case */
@@ -175,6 +172,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
 	}
 	
 	if (auth_flags & AUTH_FLAG_NTLMv2_RESP) {
+		nt_pw = pdb_get_nt_passwd(sampass);
 		/* We have the NT MD4 hash challenge available - see if we can
 		   use it (ie. does it exist in the smbpasswd file).
 		*/
@@ -191,7 +189,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
 			return NT_STATUS_WRONG_PASSWORD;
 		}
 	} else if (auth_flags & AUTH_FLAG_NTLM_RESP) {
-		if (lp_ntlm_auth()) {				
+		if (lp_ntlm_auth()) {		
+			nt_pw = pdb_get_nt_passwd(sampass);
 			/* We have the NT MD4 hash challenge available - see if we can
 			   use it (ie. does it exist in the smbpasswd file).
 			*/
@@ -211,13 +210,14 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
 		}
 	}
 	
-	if (lm_pw == NULL) {
+	if (IS_SAM_DEFAULT(sampass, PDB_LMPASSWD)) {
 		DEBUG(3,("sam_password_ok: NO LanMan password set for user %s (and no NT password supplied)\n",pdb_get_username(sampass)));
 		auth_flags &= (~AUTH_FLAG_LM_RESP);		
 	}
 	
 	if (auth_flags & AUTH_FLAG_LM_RESP) {
-		
+		lm_pw = pdb_get_lanman_passwd(sampass);
+			
 		if (user_info->lm_resp.length != 24) {
 			DEBUG(2,("sam_password_ok: invalid LanMan password length (%d) for user %s\n", 
 				 user_info->nt_resp.length, pdb_get_username(sampass)));		
@@ -235,7 +235,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
 		{
 			return NT_STATUS_OK;
 		} else {
-			if (lp_ntlm_auth()) {				
+			if (lp_ntlm_auth() && (!IS_SAM_DEFAULT(sampass, PDB_NTPASSWD))) {				
+				nt_pw = pdb_get_nt_passwd(sampass);
 				/* Apparently NT accepts NT responses in the LM field
 				   - I think this is related to Win9X pass-though authentication
 				*/
-- 
cgit