From 33a003de4056532be0c9a199d4857b9da1b18034 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 14 Sep 1997 16:37:18 +0000 Subject: This commit does 3 main things: 1) put the encryption code in by default, with no #ifdef. It is still disabled by default so you need to add "encrypt passwords = yes" in smb.conf but at least all binaries will have it. 2) cleanup the kanji code so it compiles with no warnings 3) get rid of lots of uses of ugly non-portable C code. The main offender being things like "register" but also remove uses of the "const" keyword as there are compilers out there that don't support it and even those that do often complain about its usage. Users don't like warnings :-( There is still some work to do. We need to replace the md4 code with our own implementation. The current code (from rfc1186) is PD but is not very portable. The new RFC (rfc1320) is more portable but adds copyright restrictions. I'll do a from-scratch MD4 soon. We also need to test that what I've implemented is portable. It should be, but I'm too tired right now to test it on anything other than intel linux. (This used to be commit db917c62c14315afe6f0745a8097c1bca25cbf07) --- source3/smbd/ipc.c | 2 +- source3/smbd/password.c | 31 +++++++++---------------------- source3/smbd/server.c | 12 ------------ 3 files changed, 10 insertions(+), 35 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 55e293d7ff..794bc7bb8e 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -440,7 +440,7 @@ static void PackDriverData(struct pack_desc* desc) } static int check_printq_info(struct pack_desc* desc, - int uLevel, char *id1, const char* id2) + int uLevel, char *id1, char *id2) { desc->subformat = NULL; switch( uLevel ) { diff --git a/source3/smbd/password.c b/source3/smbd/password.c index ed79d658a6..abecb46dcd 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -36,7 +36,6 @@ static char this_user[100]=""; static char this_salt[100]=""; static char this_crypted[100]=""; -#ifdef SMB_PASSWD /* Data to do lanman1/2 password challenge. */ static unsigned char saved_challenge[8]; static BOOL challenge_sent=False; @@ -78,7 +77,6 @@ BOOL last_challenge(char *challenge) memcpy(challenge,saved_challenge,8); return(True); } -#endif /* this holds info on user ids that are already validated for this VC */ static user_struct *validated_users = NULL; @@ -401,7 +399,7 @@ static char *PAM_password; * echo off means password. */ static int PAM_conv (int num_msg, - const struct pam_message **msg, + struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) { int count = 0, replies = 0; @@ -812,7 +810,6 @@ Hence we make a direct return to avoid a second chance!!! #endif } -#ifdef SMB_PASSWD /**************************************************************************** core of smb password checking routine. ****************************************************************************/ @@ -854,7 +851,6 @@ BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned cha #endif return (memcmp(p24, password, 24) == 0); } -#endif /**************************************************************************** check if a username/password is OK @@ -864,21 +860,16 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) pstring pass2; int level = lp_passwordlevel(); struct passwd *pass; -#ifdef SMB_PASSWD char challenge[8]; struct smb_passwd *smb_pass; BOOL challenge_done = False; -#endif if (password) password[pwlen] = 0; -#ifdef SMB_PASSWD if (pwlen == 24) challenge_done = last_challenge(challenge); -#endif #if DEBUG_PASSWORD -#ifdef SMB_PASSWD if (challenge_done) { int i; @@ -886,10 +877,9 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) for( i = 0; i < 24; i++) DEBUG(100,("%0x ", (unsigned char)password[i])); DEBUG(100,("]\n")); + } else { + DEBUG(100,("checking user=[%s] pass=[%s]\n",user,password)); } - else -#endif - DEBUG(100,("checking user=[%s] pass=[%s]\n",user,password)); #endif if (!password) @@ -906,8 +896,6 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) else pass = Get_Pwnam(user,True); -#ifdef SMB_PASSWD - DEBUG(4,("SMB Password - pwlen = %d, challenge_done = %d\n", pwlen, challenge_done)); if((pwlen == 24) && challenge_done) @@ -964,7 +952,6 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) DEBUG(3,("Error smb_password_check failed\n")); } -#endif DEBUG(4,("Checking password for user %s (l=%d)\n",user,pwlen)); @@ -1587,12 +1574,12 @@ BOOL server_cryptkey(char *buf) and the remote machine name. */ { - char buf[32]; /* create name as PIDname */ - sprintf(buf,"%d", getpid()); - strncpy(&buf[strlen(buf)], remote_machine, 31 - strlen(buf)); - buf[31] = '\0'; - DEBUG(1,("negprot w/password server as %s\n",buf)); - name_mangle(buf,p,' '); + char buf2[32]; /* create name as PIDname */ + sprintf(buf2,"%d", getpid()); + strncpy(&buf2[strlen(buf2)], remote_machine, 31 - strlen(buf2)); + buf2[31] = '\0'; + DEBUG(1,("negprot w/password server as %s\n",buf2)); + name_mangle(buf2,p,' '); len += name_len(p); } diff --git a/source3/smbd/server.c b/source3/smbd/server.c index d4407269f0..8560d5239d 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -2814,19 +2814,15 @@ int reply_lanman1(char *outbuf) set_message(outbuf,13,doencrypt?8:0,True); SSVAL(outbuf,smb_vwv1,secword); -#ifdef SMB_PASSWD /* Create a token value and add it to the outgoing packet. */ if (doencrypt) generate_next_challenge(smb_buf(outbuf)); -#endif Protocol = PROTOCOL_LANMAN1; if (lp_security() == SEC_SERVER && server_cryptkey(outbuf)) { DEBUG(3,("using password server validation\n")); -#ifdef SMB_PASSWD if (doencrypt) set_challenge(smb_buf(outbuf)); -#endif } CVAL(outbuf,smb_flg) = 0x81; /* Reply, SMBlockread, SMBwritelock supported */ @@ -2865,11 +2861,9 @@ int reply_lanman2(char *outbuf) set_message(outbuf,13,doencrypt?8:0,True); SSVAL(outbuf,smb_vwv1,secword); -#ifdef SMB_PASSWD /* Create a token value and add it to the outgoing packet. */ if (doencrypt) generate_next_challenge(smb_buf(outbuf)); -#endif SIVAL(outbuf,smb_vwv6,getpid()); @@ -2877,9 +2871,7 @@ int reply_lanman2(char *outbuf) if (lp_security() == SEC_SERVER && server_cryptkey(outbuf)) { DEBUG(3,("using password server validation\n")); -#ifdef SMB_PASSWD if (doencrypt) set_challenge(smb_buf(outbuf)); -#endif } CVAL(outbuf,smb_flg) = 0x81; /* Reply, SMBlockread, SMBwritelock supported */ @@ -2949,7 +2941,6 @@ int reply_nt1(char *outbuf) #endif CVAL(outbuf,smb_vwv1) = secword; -#ifdef SMB_PASSWD /* Create a token value and add it to the outgoing packet. */ if (doencrypt) { @@ -2958,15 +2949,12 @@ int reply_nt1(char *outbuf) /* Tell the nt machine how long the challenge is. */ SSVALS(outbuf,smb_vwv16+1,challenge_len); } -#endif Protocol = PROTOCOL_NT1; if (lp_security() == SEC_SERVER && server_cryptkey(outbuf)) { DEBUG(3,("using password server validation\n")); -#ifdef SMB_PASSWD if (doencrypt) set_challenge(smb_buf(outbuf)); -#endif } SSVAL(outbuf,smb_mid,mid); /* Restore possibly corrupted mid */ -- cgit