From 73891ca8e4f6cca6aa8bb0ae043f660a64baa056 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Tue, 29 Jun 1999 18:47:06 +0000
Subject: improving authentication code (tidyup). (This used to be commit
 ab1a6aa42db5217f025941fb5107436556bc23b7)

---
 source3/rpc_server/srv_netlog.c | 45 +++++++++++++----------------------------
 1 file changed, 14 insertions(+), 31 deletions(-)

(limited to 'source3/rpc_server/srv_netlog.c')

diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index 7ee45ada16..9c260d5759 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -630,43 +630,26 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2,
 				struct sam_passwd *smb_pass,
 				user_struct *vuser)
 {
-	DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n",
-		id2->hdr_lm_chal_resp.str_str_len, 
-		id2->hdr_nt_chal_resp.str_str_len));
+	fstring user;
+	fstring domain;
 
-	/* JRA. Check the NT password first if it exists - this is a higher quality 
-           password, if it exists and it doesn't match - fail. */
+	int nt_pw_len = id2->hdr_nt_chal_resp.str_str_len >= 24;
+	int lm_pw_len = id2->hdr_lm_chal_resp.str_str_len >= 24;
 
-	if (id2->hdr_nt_chal_resp.str_str_len == 24 && 
-		smb_pass->smb_nt_passwd != NULL)
-	{
-		if(smb_password_check((char *)id2->nt_chal_resp.buffer,
-		                   smb_pass->smb_nt_passwd,
-                           id2->lm_chal)) 
-                  return 0x0;
-                else
-	          return 0xC0000000 | NT_STATUS_WRONG_PASSWORD;
-	}
+	unistr2_to_ascii(user  , &id2->uni_user_name, sizeof(user)-1);
+	unistr2_to_ascii(domain, &id2->uni_domain_name, sizeof(domain)-1);
+
+	DEBUG(5,("net_login_network: lm_len:%d nt_len:%d user:%s domain:%s\n",
+		lm_pw_len, nt_pw_len, user, domain));
 
-	/* lkclXXXX this is not a good place to put disabling of LM hashes in.
-	   if that is to be done, first move this entire function into a
-	   library routine that calls the two smb_password_check() functions.
-	   if disabling LM hashes (which nt can do for security reasons) then
-	   an attempt should be made to disable them everywhere (which nt does
-	   not do, for various security-hole reasons).
-	 */
-
-	if (id2->hdr_lm_chal_resp.str_str_len == 24 &&
-		smb_password_check((char *)id2->lm_chal_resp.buffer,
-		                   smb_pass->smb_passwd,
-		                   id2->lm_chal))
+	if (smb_password_ok(pwdb_sam_to_smb(smb_pass), id2->lm_chal, 
+	                    user, domain,
+	                    (uchar *)id2->lm_chal_resp.buffer, lm_pw_len, 
+	                    (uchar *)id2->nt_chal_resp.buffer, nt_pw_len)) 
 	{
-		return 0x0;
+                  return 0x0;
 	}
 
-
-	/* oops! neither password check succeeded */
-
 	return 0xC0000000 | NT_STATUS_WRONG_PASSWORD;
 }
 
-- 
cgit