mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
merge of 'lanman auth' and 'min protocol' from 2.2
(This used to be commit 1d84da779a
)
This commit is contained in:
parent
53a331cfb2
commit
0bfc10011b
@ -1636,6 +1636,7 @@ BOOL lp_nt_acl_support(void);
|
||||
BOOL lp_stat_cache(void);
|
||||
BOOL lp_allow_trusted_domains(void);
|
||||
BOOL lp_restrict_anonymous(void);
|
||||
BOOL lp_lanman_auth(void);
|
||||
BOOL lp_host_msdfs(void);
|
||||
BOOL lp_kernel_oplocks(void);
|
||||
int lp_os_level(void);
|
||||
@ -1651,6 +1652,7 @@ int lp_usernamelevel(void);
|
||||
int lp_readsize(void);
|
||||
int lp_deadtime(void);
|
||||
int lp_maxprotocol(void);
|
||||
int lp_minprotocol(void);
|
||||
int lp_security(void);
|
||||
int lp_maxdisksize(void);
|
||||
int lp_lpqcachetime(void);
|
||||
|
@ -186,6 +186,7 @@ typedef struct
|
||||
int unamelevel;
|
||||
int deadtime;
|
||||
int maxprotocol;
|
||||
int minprotocol;
|
||||
int security;
|
||||
int maxdisksize;
|
||||
int lpqcachetime;
|
||||
@ -261,6 +262,7 @@ typedef struct
|
||||
BOOL bKernelOplocks;
|
||||
BOOL bAllowTrustedDomains;
|
||||
BOOL bRestrictAnonymous;
|
||||
BOOL bLanmanAuth;
|
||||
BOOL bDebugHiresTimestamp;
|
||||
BOOL bDebugPid;
|
||||
BOOL bDebugUid;
|
||||
@ -687,6 +689,7 @@ static struct parm_struct parm_table[] = {
|
||||
{"username level", P_INTEGER, P_GLOBAL, &Globals.unamelevel, NULL, NULL, 0},
|
||||
{"unix password sync", P_BOOL, P_GLOBAL, &Globals.bUnixPasswdSync, NULL, NULL, 0},
|
||||
{"restrict anonymous", P_BOOL, P_GLOBAL, &Globals.bRestrictAnonymous, NULL, NULL, 0},
|
||||
{"lanman auth", P_BOOL, P_GLOBAL, &Globals.bLanmanAuth, NULL, NULL, 0},
|
||||
{"use rhosts", P_BOOL, P_GLOBAL, &Globals.bUseRhosts, NULL, NULL, 0},
|
||||
|
||||
{"username", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
|
||||
@ -770,6 +773,8 @@ static struct parm_struct parm_table[] = {
|
||||
{"Protocol Options", P_SEP, P_SEPARATOR},
|
||||
|
||||
{"protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, 0},
|
||||
{"max protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, 0},
|
||||
{"min protocol", P_ENUM, P_GLOBAL, &Globals.minprotocol, NULL, enum_protocol, 0},
|
||||
{"read bmpx", P_BOOL, P_GLOBAL, &Globals.bReadbmpx, NULL, NULL, 0},
|
||||
{"read raw", P_BOOL, P_GLOBAL, &Globals.bReadRaw, NULL, NULL, 0},
|
||||
{"write raw", P_BOOL, P_GLOBAL, &Globals.bWriteRaw, NULL, NULL, 0},
|
||||
@ -1206,6 +1211,7 @@ static void init_globals(void)
|
||||
Globals.max_log_size = 5000;
|
||||
Globals.max_open_files = MAX_OPEN_FILES;
|
||||
Globals.maxprotocol = PROTOCOL_NT1;
|
||||
Globals.minprotocol = PROTOCOL_CORE;
|
||||
Globals.security = SEC_USER;
|
||||
Globals.bEncryptPasswords = False;
|
||||
Globals.bUpdateEncrypt = False;
|
||||
@ -1250,6 +1256,7 @@ static void init_globals(void)
|
||||
Globals.bNTAclSupport = True; /* Use NT ACLs by default. */
|
||||
Globals.bStatCache = True; /* use stat cache by default */
|
||||
Globals.bRestrictAnonymous = False;
|
||||
Globals.bLanmanAuth = True; /* Do use the LanMan hash if it is available */
|
||||
Globals.map_to_guest = 0; /* By Default, "Never" */
|
||||
Globals.min_passwd_length = MINPASSWDLENGTH; /* By Default, 5. */
|
||||
Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
|
||||
@ -1506,6 +1513,7 @@ FN_GLOBAL_BOOL(lp_nt_acl_support, &Globals.bNTAclSupport)
|
||||
FN_GLOBAL_BOOL(lp_stat_cache, &Globals.bStatCache)
|
||||
FN_GLOBAL_BOOL(lp_allow_trusted_domains, &Globals.bAllowTrustedDomains)
|
||||
FN_GLOBAL_BOOL(lp_restrict_anonymous, &Globals.bRestrictAnonymous)
|
||||
FN_GLOBAL_BOOL(lp_lanman_auth, &Globals.bLanmanAuth)
|
||||
FN_GLOBAL_BOOL(lp_host_msdfs, &Globals.bHostMSDfs)
|
||||
FN_GLOBAL_BOOL(lp_kernel_oplocks, &Globals.bKernelOplocks)
|
||||
FN_GLOBAL_INTEGER(lp_os_level, &Globals.os_level)
|
||||
@ -1521,6 +1529,7 @@ FN_GLOBAL_INTEGER(lp_usernamelevel, &Globals.unamelevel)
|
||||
FN_GLOBAL_INTEGER(lp_readsize, &Globals.ReadSize)
|
||||
FN_GLOBAL_INTEGER(lp_deadtime, &Globals.deadtime)
|
||||
FN_GLOBAL_INTEGER(lp_maxprotocol, &Globals.maxprotocol)
|
||||
FN_GLOBAL_INTEGER(lp_minprotocol, &Globals.minprotocol)
|
||||
FN_GLOBAL_INTEGER(lp_security, &Globals.security)
|
||||
FN_GLOBAL_INTEGER(lp_maxdisksize, &Globals.maxdisksize)
|
||||
FN_GLOBAL_INTEGER(lp_lpqcachetime, &Globals.lpqcachetime)
|
||||
|
@ -411,7 +411,8 @@ int reply_negprot(connection_struct *conn,
|
||||
{
|
||||
p = smb_buf(inbuf)+1;
|
||||
Index = 0;
|
||||
if (lp_maxprotocol() >= supported_protocols[protocol].protocol_level)
|
||||
if ((supported_protocols[protocol].protocol_level <= lp_maxprotocol()) &&
|
||||
(supported_protocols[protocol].protocol_level >= lp_minprotocol()))
|
||||
while (p < (smb_buf(inbuf) + bcc))
|
||||
{
|
||||
if (strequal(p,supported_protocols[protocol].proto_name))
|
||||
|
@ -700,6 +700,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
|
||||
int smb_ntpasslen = 0;
|
||||
pstring smb_ntpasswd;
|
||||
BOOL valid_nt_password = False;
|
||||
BOOL valid_lm_password = False;
|
||||
pstring user;
|
||||
pstring orig_user;
|
||||
BOOL guest=False;
|
||||
@ -935,15 +936,11 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
|
||||
* security=domain.
|
||||
*/
|
||||
|
||||
if (!guest &&
|
||||
!check_server_security(orig_user, domain, user,
|
||||
smb_apasswd, smb_apasslen,
|
||||
smb_ntpasswd, smb_ntpasslen) &&
|
||||
!check_domain_security(orig_user, domain, user,
|
||||
smb_apasswd, smb_apasslen,
|
||||
smb_ntpasswd, smb_ntpasslen) &&
|
||||
!check_hosts_equiv(user)
|
||||
)
|
||||
if (!guest && !check_server_security(orig_user, domain, user,
|
||||
smb_apasswd, smb_apasslen, smb_ntpasswd, smb_ntpasslen) &&
|
||||
!check_domain_security(orig_user, domain, user, smb_apasswd,
|
||||
smb_apasslen, smb_ntpasswd, smb_ntpasslen) &&
|
||||
!check_hosts_equiv(user))
|
||||
{
|
||||
|
||||
/*
|
||||
@ -959,12 +956,26 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
|
||||
if(smb_ntpasslen)
|
||||
{
|
||||
if(!password_ok(user, smb_ntpasswd,smb_ntpasslen,NULL))
|
||||
DEBUG(2,("NT Password did not match for user '%s' ! Defaulting to Lanman\n", user));
|
||||
DEBUG(2,("NT Password did not match for user '%s'!\n", user));
|
||||
else
|
||||
valid_nt_password = True;
|
||||
}
|
||||
|
||||
|
||||
/* check the LanMan password only if necessary and if allowed
|
||||
by lp_lanman_auth() */
|
||||
if (!valid_nt_password && lp_lanman_auth())
|
||||
{
|
||||
DEBUG(2,("Defaulting to Lanman password for %s\n", user));
|
||||
valid_lm_password = password_ok(user, smb_apasswd,smb_apasslen,NULL);
|
||||
}
|
||||
|
||||
|
||||
if (!valid_nt_password && !password_ok(user, smb_apasswd,smb_apasslen,NULL))
|
||||
/* The true branch will be executed if
|
||||
(1) the NT password failed (or was not tried), and
|
||||
(2) LanMan authentication failed (or was disabled)
|
||||
*/
|
||||
if (!valid_nt_password && !valid_lm_password)
|
||||
{
|
||||
if (lp_security() >= SEC_USER)
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user