mirror of
https://github.com/samba-team/samba.git
synced 2024-12-27 03:21:53 +03:00
Changed code to check NT password *first* - if it exists.
The NT password is a higher quality password, and should
always be looked at before the LM password, if available
(sorry, Luke, just a minor change, the other changes you
made were fine :-).
Jeremy.
(This used to be commit c1367bf533
)
This commit is contained in:
parent
612cbb6a60
commit
77e4dd2478
@ -526,7 +526,20 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2,
|
||||
id2->lm_chal_resp.str_str_len,
|
||||
id2->nt_chal_resp.str_str_len));
|
||||
|
||||
/* check the lm password, first. */
|
||||
/* JRA. Check the NT password first if it exists - this is a higher quality
|
||||
password, if it exists and it doesn't match - fail. */
|
||||
|
||||
if (id2->nt_chal_resp.str_str_len == 24 &&
|
||||
smb_pass->smb_nt_passwd != NULL)
|
||||
{
|
||||
if(smb_password_check(id2->nt_chal_resp.buffer,
|
||||
smb_pass->smb_nt_passwd,
|
||||
id2->lm_chal))
|
||||
return 0x0;
|
||||
else
|
||||
return 0xC0000000 | NT_STATUS_WRONG_PASSWORD;
|
||||
}
|
||||
|
||||
/* lkclXXXX this is not a good place to put disabling of LM hashes in.
|
||||
if that is to be done, first move this entire function into a
|
||||
library routine that calls the two smb_password_check() functions.
|
||||
@ -543,16 +556,6 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2,
|
||||
return 0x0;
|
||||
}
|
||||
|
||||
/* now check the nt password, if it exists */
|
||||
|
||||
if (id2->nt_chal_resp.str_str_len == 24 &&
|
||||
smb_pass->smb_nt_passwd != NULL &&
|
||||
smb_password_check(id2->nt_chal_resp.buffer,
|
||||
smb_pass->smb_nt_passwd,
|
||||
id2->lm_chal))
|
||||
{
|
||||
return 0x0;
|
||||
}
|
||||
|
||||
/* oops! neither password check succeeded */
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user