From 8584c6bd6621eefb49aff69581caf28e38b4ceda Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 22 Apr 1998 00:56:38 +0000
Subject: genrand.c: Improved generation of random values, more secure.
 loadparm.c: Started add of 'security=domain' code. password.c: Fix for
 security=server NT bugs. reply.c: Started add of 'security=domain' code.
 server.c: Started add of 'security=domain' code. smb.h: Started add of
 'security=domain' code. Jeremy. (This used to be commit
 e6bda112ebe0d41f54c4249b5c2e1f24011347e1)

---
 source3/smbd/password.c | 39 ++++++++++++++++++++++++++++++++++++---
 1 file changed, 36 insertions(+), 3 deletions(-)

(limited to 'source3/smbd/password.c')

diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index b69b58f54e..c347f2de0d 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -1755,12 +1755,48 @@ BOOL server_validate(char *user, char *domain,
 		     char *ntpass, int ntpasslen)
 {
 	extern fstring local_machine;
+        static unsigned char badpass[24];
 
 	if (!cli.initialised) {
 		DEBUG(1,("password server %s is not connected\n", cli.desthost));
 		return(False);
 	}  
 
+        if(badpass[0] == 0) {
+          memset(badpass, 0x1f, sizeof(badpass));
+        }
+
+        if((passlen == sizeof(badpass)) && !memcmp(badpass, pass, passlen)) {
+          /* Very unlikely, our random bad password is the same as the users
+             password. */
+          memset(badpass, badpass[0]+1, sizeof(badpass));
+        }
+
+        /*
+         * Attempt a session setup with a totally incorrect password.
+         * If this succeeds with the guest bit *NOT* set then the password
+         * server is broken and is not correctly setting the guest bit. We
+         * need to detect this as some versions of NT4.x are broken. JRA.
+         */
+
+        if (cli_session_setup(&cli, user, badpass, sizeof(badpass), badpass, sizeof(badpass), 
+                                                         domain)) {
+	  if ((SVAL(cli.inbuf,smb_vwv2) & 1) == 0) {
+            DEBUG(0,("server_validate: password server %s allows users as non-guest \
+with a bad password.\n", cli.desthost));
+            DEBUG(0,("server_validate: This is broken (and insecure) behaviour. Please do not \
+use this machine as the password server.\n"));
+            cli_ulogoff(&cli);
+            return False;
+          }
+          cli_ulogoff(&cli);
+        }
+
+        /*
+         * Now we know the password server will correctly set the guest bit, or is
+         * not guest enabled, we can try with the real password.
+         */
+
 	if (!cli_session_setup(&cli, user, pass, passlen, ntpass, ntpasslen, domain)) {
 		DEBUG(1,("password server %s rejected the password\n", cli.desthost));
 		return False;
@@ -1773,7 +1809,6 @@ BOOL server_validate(char *user, char *domain,
 		return(False);
 	}
 
-
 	if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
 		DEBUG(1,("password server %s refused IPC$ connect\n", cli.desthost));
                 cli_ulogoff(&cli);
@@ -1825,5 +1860,3 @@ BOOL server_validate(char *user, char *domain,
 
 	return(True);
 }
-
-
-- 
cgit