sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

made pass_check_smb() available for dce/rpc use.

Browse Source 
(This used to be commit 95e8a910c5d9ba0ef57669fb1256eaa932e0bb09)
This commit is contained in:
Luke Leighton 1998-10-16 21:36:19 +00:00
parent 3637ad5f2b
commit 97f0c9d550
6 changed files with 43 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
source3/include/proto.h
View File

@ -1259,7 +1259,7 @@ BOOL change_trust_account_password( char *domain, char *remote_machine_list);
BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
prs_struct *data, prs_struct *rdata);
BOOL cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs);
void cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs);
BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name);
void cli_nt_session_close(struct cli_state *cli);
@ -2196,6 +2196,9 @@ void add_session_user(char *user);
BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned char *c8);
BOOL smb_password_ok(struct smb_passwd *smb_pass,
uchar lm_pass[24], uchar nt_pass[24]);
BOOL pass_check_smb(char *user, char *domain,
char *challenge, char *lm_pwd, char *nt_pwd,
struct passwd *pwd);
BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd);
BOOL user_ok(char *user,int snum);
BOOL authorise_login(int snum,char *user,char *password, int pwlen,

2
source3/rpc_client/cli_pipe.c
View File

@ -957,7 +957,7 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
set ntlmssp negotiation flags
****************************************************************************/
BOOL cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs)
void cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs)
{
cli->ntlmssp_cli_flgs = ntlmssp_flgs;
}

2
source3/rpc_server/srv_util.c
View File

@ -244,7 +244,7 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf));
#ifdef DEBUG_PASSWORD
DEBUG(100,"lm, nt owfs:\n"));
DEBUG(100,("lm, nt owfs:\n"));
dump_data(100, lm_owf, sizeof(lm_owf));
dump_data(100, nt_owf, sizeof(nt_owf));
#endif

2
source3/smbd/ipc.c
View File

@ -1653,7 +1653,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param
* Older versions of Windows seem to do this.
*/
if (password_ok(user,pass1,strlen(pass1),NULL) &&
if (password_ok(user, pass1,strlen(pass1),NULL) &&
chgpasswd(user,pass1,pass2,False))
{
SSVAL(*rparam,0,NERR_Success);

59
source3/smbd/password.c
View File

@ -449,39 +449,38 @@ check if a username/password is OK assuming the password is a 24 byte
SMB hash
return True if the password is correct, False otherwise
****************************************************************************/
static BOOL pass_check_smb(char *user,char *password, struct passwd *pwd)
BOOL pass_check_smb(char *user, char *domain,
char *challenge, char *lm_pwd, char *nt_pwd,
struct passwd *pwd)
{
struct passwd *pass;
uchar challenge[8];
struct smb_passwd *smb_pass;
BOOL challenge_done;
if (!password) {
if (!lm_pwd || !nt_pwd)
{
return(False);
}
challenge_done = last_challenge(challenge);
if (!challenge_done) {
DEBUG(0,("Error: challenge not done for user=%s\n", user));
return False;
}
if (pwd && !user) {
if (pwd != NULL && user == NULL)
{
pass = (struct passwd *) pwd;
user = pass->pw_name;
} else {
}
else
{
pass = Get_Pwnam(user,True);
}
if (!pass) {
if (pass != NULL)
{
DEBUG(3,("Couldn't find user %s\n",user));
return(False);
}
smb_pass = getsmbpwnam(user);
if (!smb_pass) {
if (smb_pass != NULL)
{
DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user));
return(False);
}
@ -493,19 +492,20 @@ static BOOL pass_check_smb(char *user,char *password, struct passwd *pwd)
}
/* Ensure the uid's match */
if (smb_pass->smb_userid != pass->pw_uid) {
if (smb_pass->smb_userid != pass->pw_uid)
{
DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n"));
return(False);
}
if(password[0] == '\0' && smb_pass->acct_ctrl & ACB_PWNOTREQ && lp_null_passwords()) {
if (lm_pwd[0] == '\0' && IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ) && lp_null_passwords())
{
DEBUG(3,("account for user %s has no password and null passwords are allowed.\n", smb_pass->smb_name));
return(True);
}
if (smb_password_ok(smb_pass,
(unsigned char *)password,
(uchar *)password)) {
if (smb_password_ok(smb_pass, (uchar *)lm_pwd, (uchar *)nt_pwd))
{
return(True);
}
@ -518,12 +518,21 @@ check if a username/password pair is OK either via the system password
database or the encrypted SMB password database
return True if the password is correct, False otherwise
****************************************************************************/
BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd)
{
if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords())) {
/* if it is 24 bytes long then assume it is an encrypted
password */
return pass_check_smb(user, password, pwd);
if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords()))
{
/* if 24 bytes long assume it is an encrypted password */
uchar challenge[8];
if (!last_challenge(challenge))
{
DEBUG(0,("Error: challenge not done for user=%s\n", user));
return False;
}
return pass_check_smb(user, global_myworkgroup,
challenge, password, password, pwd);
}
return pass_check(user, password, pwlen, pwd,

4
source3/smbd/reply.c
View File

@ -651,12 +651,12 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
128 length unicode */
if(smb_ntpasslen)
{
if(!password_ok(user,smb_ntpasswd,smb_ntpasslen,NULL))
if(!password_ok(user, smb_ntpasswd,smb_ntpasslen,NULL))
DEBUG(0,("NT Password did not match ! Defaulting to Lanman\n"));
else
valid_nt_password = True;
}
if (!valid_nt_password && !password_ok(user,smb_apasswd,smb_apasslen,NULL))
if (!valid_nt_password && !password_ok(user, smb_apasswd,smb_apasslen,NULL))
{
if (lp_security() >= SEC_USER) {
#if (GUEST_SESSSETUP == 0)