From 77e4dd247863d02c30240a318f6cd8f82916e30d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 2 Apr 1998 01:07:53 +0000 Subject: Changed code to check NT password *first* - if it exists. The NT password is a higher quality password, and should always be looked at before the LM password, if available (sorry, Luke, just a minor change, the other changes you made were fine :-). Jeremy. (This used to be commit c1367bf5336485ceafd7125f608dc923ecebd32d) --- source3/rpc_server/srv_netlog.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 1b66b8061f..a08ea2395b 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -526,7 +526,20 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, id2->lm_chal_resp.str_str_len, id2->nt_chal_resp.str_str_len)); - /* check the lm password, first. */ + /* JRA. Check the NT password first if it exists - this is a higher quality + password, if it exists and it doesn't match - fail. */ + + if (id2->nt_chal_resp.str_str_len == 24 && + smb_pass->smb_nt_passwd != NULL) + { + if(smb_password_check(id2->nt_chal_resp.buffer, + smb_pass->smb_nt_passwd, + id2->lm_chal)) + return 0x0; + else + return 0xC0000000 | NT_STATUS_WRONG_PASSWORD; + } + /* lkclXXXX this is not a good place to put disabling of LM hashes in. if that is to be done, first move this entire function into a library routine that calls the two smb_password_check() functions. @@ -543,16 +556,6 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, return 0x0; } - /* now check the nt password, if it exists */ - - if (id2->nt_chal_resp.str_str_len == 24 && - smb_pass->smb_nt_passwd != NULL && - smb_password_check(id2->nt_chal_resp.buffer, - smb_pass->smb_nt_passwd, - id2->lm_chal)) - { - return 0x0; - } /* oops! neither password check succeeded */ -- cgit