From 5546e28e69b1a43dbb48e024e233d8ebf7fa667a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 7 Feb 1998 12:15:20 +0000 Subject: A small raft of changes, I will sync up with 1.9.18 also. chgpasswd.c: Fixed typo in debug message. includes.h: Fix include for aix. kanji.c: Added cap_to_sj as inverse of sj_to_cap. loadparm.c: local.h: password.c: Added code for "networkstation user login" parameter. - patch from Rob Nielsen . printing.c: Added further aix printing fixes. reply.c: Changed access time fetch to a function. trans2.c: Changed access time fetch to a function. time.c: Changed access time fetch to a function. server.c: Made NT redirector workaround final. util.c: Added debug for write_socket failing. Jeremy. (This used to be commit a031404623c22d62f8de035be2239f609af08112) --- source3/smbd/password.c | 61 +++++++++++++++++++++++++++++++------------------ 1 file changed, 39 insertions(+), 22 deletions(-) (limited to 'source3/smbd/password.c') diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 0f8705d4be..607d01d2cf 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -514,9 +514,14 @@ static BOOL dfs_auth(char *this_user,char *password) * Assumes local passwd file is kept in sync w/ DCE RGY! */ - if (!strcmp((char *)crypt(password,this_salt),this_crypted) || - dcelogin_atmost_once) - return(False); + /* Fix for original (broken) code from Brett Wooldridge */ + if (dce_login_atmost_once) + return (False); + /* This can be ifdefed as the DCE check below is stricter... */ +#ifndef NO_CRYPT + if ( strcmp((char *)crypt(password,this_salt),this_crypted) ) + return (False); +#endif if (sec_login_setup_identity( (unsigned char *)this_user, @@ -1597,28 +1602,40 @@ BOOL server_validate(char *user, char *domain, return False; } + /* + * This patch from Rob Nielsen makes doing + * the NetWksaUserLogon a dynamic, rather than compile-time + * parameter, defaulting to on. This is somewhat dangerous + * as it allows people to turn off this neccessary check, + * but so many people have had problems with this that I + * think it is a neccessary change. JRA. + */ + + if (lp_net_wksta_user_logon()) { + DEBUG(3,("trying NetWkstaUserLogon with password server %s\n", cli.desthost)); + if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) { + DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost)); + cli_tdis(&cli); + return False; + } -#if USE_NETWKSTAUSERLOGON - if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) { - DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost)); - cli_tdis(&cli); - return False; - } - - if (cli.privilages == 0) { - DEBUG(1,("password server %s gave guest privilages\n", cli.desthost)); - cli_tdis(&cli); - return False; - } + if (cli.privilages == 0) { + DEBUG(1,("password server %s gave guest privilages\n", cli.desthost)); + cli_tdis(&cli); + return False; + } - if (!strequal(cli.eff_name, user)) { - DEBUG(1,("password server %s gave different username %s\n", - cli.desthost, - cli.eff_name)); - cli_tdis(&cli); - return False; + if (!strequal(cli.eff_name, user)) { + DEBUG(1,("password server %s gave different username %s\n", + cli.desthost, + cli.eff_name)); + cli_tdis(&cli); + return False; + } } -#endif + else { + DEBUG(3,("skipping NetWkstaUserLogon with password server %s\n", cli.desthost)); + } DEBUG(3,("password server %s accepted the password\n", cli.desthost)); -- cgit