From 548b417d404a2653ebb5918b0c169ccdfafe856f Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Sat, 7 Nov 1998 05:32:37 +0000
Subject: codepages/codepage_def.936: Updated comment. param/loadparm.c:
 Removed "networkstation user login", "domain controller", and "domain sid"
 parameters. passdb/passdb.c: Removed "networkstation user login" code and
 changed bug test code                  to only check once for a bad password
 server. This will stop the                  complaints of many "bad login"
 audit records in NT PDC logs. utils/smbpasswd.c: Removed check for "domain
 controller". Jeremy. (This used to be commit
 d6e6e936b5dd90dd8fc38d9404efbe5c546c15e5)

---
 source3/smbd/password.c | 162 ++++++++++++++++++++++--------------------------
 1 file changed, 73 insertions(+), 89 deletions(-)

(limited to 'source3/smbd')

diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 95560df66b..d49ea7c562 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -1036,114 +1036,98 @@ BOOL server_validate(char *user, char *domain,
 		     char *pass, int passlen,
 		     char *ntpass, int ntpasslen)
 {
-	struct cli_state *cli;
-	extern fstring local_machine;
-        static unsigned char badpass[24];
-	cli = server_client();
+  struct cli_state *cli;
+  extern fstring local_machine;
+  static unsigned char badpass[24];
+  static BOOL tested_password_server = False;
+  static BOOL bad_password_server = False;
 
-	if (!cli->initialised) {
-		DEBUG(1,("password server %s is not connected\n", cli->desthost));
-		return(False);
-	}  
+  cli = server_client();
 
-        if(badpass[0] == 0) {
-          memset(badpass, 0x1f, sizeof(badpass));
-        }
+  if (!cli->initialised) {
+    DEBUG(1,("password server %s is not connected\n", cli->desthost));
+    return(False);
+  }  
 
-        if((passlen == sizeof(badpass)) && !memcmp(badpass, pass, passlen)) {
-          /* Very unlikely, our random bad password is the same as the users
-             password. */
-          memset(badpass, badpass[0]+1, sizeof(badpass));
-        }
+  if(badpass[0] == 0)
+    memset(badpass, 0x1f, sizeof(badpass));
 
-        /*
-         * Attempt a session setup with a totally incorrect password.
-         * If this succeeds with the guest bit *NOT* set then the password
-         * server is broken and is not correctly setting the guest bit. We
-         * need to detect this as some versions of NT4.x are broken. JRA.
-         */
+  if((passlen == sizeof(badpass)) && !memcmp(badpass, pass, passlen)) {
+    /* 
+     * Very unlikely, our random bad password is the same as the users
+     * password. */
+    memset(badpass, badpass[0]+1, sizeof(badpass));
+  }
 
-        if (cli_session_setup(cli, user, (char *)badpass, sizeof(badpass), 
-                              (char *)badpass, sizeof(badpass), domain)) {
-	  if ((SVAL(cli->inbuf,smb_vwv2) & 1) == 0) {
-            DEBUG(0,("server_validate: password server %s allows users as non-guest \
-with a bad password.\n", cli->desthost));
-            DEBUG(0,("server_validate: This is broken (and insecure) behaviour. Please do not \
-use this machine as the password server.\n"));
-            cli_ulogoff(cli);
-            return False;
-          }
-          cli_ulogoff(cli);
-        }
+  /*
+   * Attempt a session setup with a totally incorrect password.
+   * If this succeeds with the guest bit *NOT* set then the password
+   * server is broken and is not correctly setting the guest bit. We
+   * need to detect this as some versions of NT4.x are broken. JRA.
+   */
 
-        /*
-         * Now we know the password server will correctly set the guest bit, or is
-         * not guest enabled, we can try with the real password.
-         */
+  if(!tested_password_server) {
+    if (cli_session_setup(cli, user, (char *)badpass, sizeof(badpass), 
+                              (char *)badpass, sizeof(badpass), domain)) {
 
-	if (!cli_session_setup(cli, user, pass, passlen, ntpass, ntpasslen, domain)) {
-		DEBUG(1,("password server %s rejected the password\n", cli->desthost));
-		return False;
-	}
+      /*
+       * We connected to the password server so we
+       * can say we've tested it.
+       */
+      tested_password_server = True;
 
-	/* if logged in as guest then reject */
-	if ((SVAL(cli->inbuf,smb_vwv2) & 1) != 0) {
-		DEBUG(1,("password server %s gave us guest only\n", cli->desthost));
-                cli_ulogoff(cli);
-		return(False);
-	}
+      if ((SVAL(cli->inbuf,smb_vwv2) & 1) == 0) {
+        DEBUG(0,("server_validate: password server %s allows users as non-guest \
+with a bad password.\n", cli->desthost));
+        DEBUG(0,("server_validate: This is broken (and insecure) behaviour. Please do not \
+use this machine as the password server.\n"));
+        cli_ulogoff(cli);
 
         /*
-         * This patch from Rob Nielsen <ran@adc.com> makes doing
-         * the NetWksaUserLogon a dynamic, rather than compile-time
-         * parameter, defaulting to on. This is somewhat dangerous
-         * as it allows people to turn off this neccessary check,
-         * but so many people have had problems with this that I
-         * think it is a neccessary change. JRA.
+         * Password server has the bug.
          */
+        bad_password_server = True;
+        return False;
+      }
+      cli_ulogoff(cli);
+    }
+  } else {
 
-	if (lp_net_wksta_user_logon()) {
-		DEBUG(3,("trying NetWkstaUserLogon with password server %s\n", cli->desthost));
+    /*
+     * We have already tested the password server.
+     * Fail immediately if it has the bug.
+     */
 
-                if (!cli_send_tconX(cli, "IPC$", "IPC", "", 1)) {
-                        DEBUG(0,("password server %s refused IPC$ connect\n", cli->desthost));
-                        cli_ulogoff(cli);
-                        return False;
-                }
+    if(bad_password_server) {
+      DEBUG(0,("server_validate: [1] password server %s allows users as non-guest \
+with a bad password.\n", cli->desthost));
+      DEBUG(0,("server_validate: [1] This is broken (and insecure) behaviour. Please do not \
+use this machine as the password server.\n"));
+      return False;
+    }
+  }
 
-		if (!cli_NetWkstaUserLogon(cli,user,local_machine)) {
-			DEBUG(0,("password server %s failed NetWkstaUserLogon\n", cli->desthost));
-			cli_tdis(cli);
-                        cli_ulogoff(cli);
-			return False;
-		}
+  /*
+   * Now we know the password server will correctly set the guest bit, or is
+   * not guest enabled, we can try with the real password.
+   */
 
-		if (cli->privilages == 0) {
-			DEBUG(0,("password server %s gave guest privilages\n", cli->desthost));
-			cli_tdis(cli);
-                        cli_ulogoff(cli);
-			return False;
-		}
+  if (!cli_session_setup(cli, user, pass, passlen, ntpass, ntpasslen, domain)) {
+    DEBUG(1,("password server %s rejected the password\n", cli->desthost));
+    return False;
+  }
 
-		if (!strequal(cli->eff_name, user)) {
-			DEBUG(0,("password server %s gave different username %s\n", 
-			 	cli->desthost,
-			 	cli->eff_name));
-			cli_tdis(cli);
-                        cli_ulogoff(cli);
-			return False;
-		}
-                cli_tdis(cli);
-	}
-        else {
-		DEBUG(3,("skipping NetWkstaUserLogon with password server %s\n", cli->desthost));
-        }
+  /* if logged in as guest then reject */
+  if ((SVAL(cli->inbuf,smb_vwv2) & 1) != 0) {
+    DEBUG(1,("password server %s gave us guest only\n", cli->desthost));
+    cli_ulogoff(cli);
+    return(False);
+  }
 
-	DEBUG(3,("password server %s accepted the password\n", cli->desthost));
 
-        cli_ulogoff(cli);
+  cli_ulogoff(cli);
 
-	return(True);
+  return(True);
 }
 
 /***********************************************************************
-- 
cgit