1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00

Changed code to check NT password *first* - if it exists.

The NT password is a higher quality password, and should
always be looked at before the LM password, if available
(sorry, Luke, just a minor change, the other changes you
made were fine :-).
Jeremy.
(This used to be commit c1367bf533)
This commit is contained in:
Jeremy Allison 1998-04-02 01:07:53 +00:00
parent 612cbb6a60
commit 77e4dd2478

View File

@ -526,7 +526,20 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2,
id2->lm_chal_resp.str_str_len,
id2->nt_chal_resp.str_str_len));
/* check the lm password, first. */
/* JRA. Check the NT password first if it exists - this is a higher quality
password, if it exists and it doesn't match - fail. */
if (id2->nt_chal_resp.str_str_len == 24 &&
smb_pass->smb_nt_passwd != NULL)
{
if(smb_password_check(id2->nt_chal_resp.buffer,
smb_pass->smb_nt_passwd,
id2->lm_chal))
return 0x0;
else
return 0xC0000000 | NT_STATUS_WRONG_PASSWORD;
}
/* lkclXXXX this is not a good place to put disabling of LM hashes in.
if that is to be done, first move this entire function into a
library routine that calls the two smb_password_check() functions.
@ -543,16 +556,6 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2,
return 0x0;
}
/* now check the nt password, if it exists */
if (id2->nt_chal_resp.str_str_len == 24 &&
smb_pass->smb_nt_passwd != NULL &&
smb_password_check(id2->nt_chal_resp.buffer,
smb_pass->smb_nt_passwd,
id2->lm_chal))
{
return 0x0;
}
/* oops! neither password check succeeded */