From 95e8a910c5d9ba0ef57669fb1256eaa932e0bb09 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 16 Oct 1998 21:36:19 +0000 Subject: [PATCH] made pass_check_smb() available for dce/rpc use. --- source/include/proto.h | 5 ++- source/rpc_client/cli_pipe.c | 2 +- source/rpc_server/srv_util.c | 2 +- source/smbd/ipc.c | 2 +- source/smbd/password.c | 59 +++++++++++++++++++++--------------- source/smbd/reply.c | 4 +-- 6 files changed, 43 insertions(+), 31 deletions(-) diff --git a/source/include/proto.h b/source/include/proto.h index 2a61a05f6d4..63f4d624dc6 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -1259,7 +1259,7 @@ BOOL change_trust_account_password( char *domain, char *remote_machine_list); BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num, prs_struct *data, prs_struct *rdata); -BOOL cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs); +void cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs); BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name); void cli_nt_session_close(struct cli_state *cli); @@ -2196,6 +2196,9 @@ void add_session_user(char *user); BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned char *c8); BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar lm_pass[24], uchar nt_pass[24]); +BOOL pass_check_smb(char *user, char *domain, + char *challenge, char *lm_pwd, char *nt_pwd, + struct passwd *pwd); BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd); BOOL user_ok(char *user,int snum); BOOL authorise_login(int snum,char *user,char *password, int pwlen, diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c index 9a54e15dae5..0fe248068e4 100644 --- a/source/rpc_client/cli_pipe.c +++ b/source/rpc_client/cli_pipe.c @@ -957,7 +957,7 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name, set ntlmssp negotiation flags ****************************************************************************/ -BOOL cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs) +void cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs) { cli->ntlmssp_cli_flgs = ntlmssp_flgs; } diff --git a/source/rpc_server/srv_util.c b/source/rpc_server/srv_util.c index dc0918f1bf5..76f113374d4 100644 --- a/source/rpc_server/srv_util.c +++ b/source/rpc_server/srv_util.c @@ -244,7 +244,7 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p) memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf)); #ifdef DEBUG_PASSWORD - DEBUG(100,"lm, nt owfs:\n")); + DEBUG(100,("lm, nt owfs:\n")); dump_data(100, lm_owf, sizeof(lm_owf)); dump_data(100, nt_owf, sizeof(nt_owf)); #endif diff --git a/source/smbd/ipc.c b/source/smbd/ipc.c index bfd618f3251..df04cd82a09 100644 --- a/source/smbd/ipc.c +++ b/source/smbd/ipc.c @@ -1653,7 +1653,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param * Older versions of Windows seem to do this. */ - if (password_ok(user,pass1,strlen(pass1),NULL) && + if (password_ok(user, pass1,strlen(pass1),NULL) && chgpasswd(user,pass1,pass2,False)) { SSVAL(*rparam,0,NERR_Success); diff --git a/source/smbd/password.c b/source/smbd/password.c index ac8210abf8d..4df359f46c3 100644 --- a/source/smbd/password.c +++ b/source/smbd/password.c @@ -449,39 +449,38 @@ check if a username/password is OK assuming the password is a 24 byte SMB hash return True if the password is correct, False otherwise ****************************************************************************/ -static BOOL pass_check_smb(char *user,char *password, struct passwd *pwd) +BOOL pass_check_smb(char *user, char *domain, + char *challenge, char *lm_pwd, char *nt_pwd, + struct passwd *pwd) { struct passwd *pass; - uchar challenge[8]; struct smb_passwd *smb_pass; - BOOL challenge_done; - if (!password) { + if (!lm_pwd || !nt_pwd) + { return(False); } - challenge_done = last_challenge(challenge); - - if (!challenge_done) { - DEBUG(0,("Error: challenge not done for user=%s\n", user)); - return False; - } - - if (pwd && !user) { + if (pwd != NULL && user == NULL) + { pass = (struct passwd *) pwd; user = pass->pw_name; - } else { + } + else + { pass = Get_Pwnam(user,True); } - if (!pass) { + if (pass != NULL) + { DEBUG(3,("Couldn't find user %s\n",user)); return(False); } smb_pass = getsmbpwnam(user); - if (!smb_pass) { + if (smb_pass != NULL) + { DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user)); return(False); } @@ -493,19 +492,20 @@ static BOOL pass_check_smb(char *user,char *password, struct passwd *pwd) } /* Ensure the uid's match */ - if (smb_pass->smb_userid != pass->pw_uid) { + if (smb_pass->smb_userid != pass->pw_uid) + { DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n")); return(False); } - if(password[0] == '\0' && smb_pass->acct_ctrl & ACB_PWNOTREQ && lp_null_passwords()) { + if (lm_pwd[0] == '\0' && IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ) && lp_null_passwords()) + { DEBUG(3,("account for user %s has no password and null passwords are allowed.\n", smb_pass->smb_name)); return(True); } - if (smb_password_ok(smb_pass, - (unsigned char *)password, - (uchar *)password)) { + if (smb_password_ok(smb_pass, (uchar *)lm_pwd, (uchar *)nt_pwd)) + { return(True); } @@ -518,12 +518,21 @@ check if a username/password pair is OK either via the system password database or the encrypted SMB password database return True if the password is correct, False otherwise ****************************************************************************/ -BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) +BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd) { - if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords())) { - /* if it is 24 bytes long then assume it is an encrypted - password */ - return pass_check_smb(user, password, pwd); + if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords())) + { + /* if 24 bytes long assume it is an encrypted password */ + uchar challenge[8]; + + if (!last_challenge(challenge)) + { + DEBUG(0,("Error: challenge not done for user=%s\n", user)); + return False; + } + + return pass_check_smb(user, global_myworkgroup, + challenge, password, password, pwd); } return pass_check(user, password, pwlen, pwd, diff --git a/source/smbd/reply.c b/source/smbd/reply.c index 7cbd0520d94..5afc4593e6a 100644 --- a/source/smbd/reply.c +++ b/source/smbd/reply.c @@ -651,12 +651,12 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int 128 length unicode */ if(smb_ntpasslen) { - if(!password_ok(user,smb_ntpasswd,smb_ntpasslen,NULL)) + if(!password_ok(user, smb_ntpasswd,smb_ntpasslen,NULL)) DEBUG(0,("NT Password did not match ! Defaulting to Lanman\n")); else valid_nt_password = True; } - if (!valid_nt_password && !password_ok(user,smb_apasswd,smb_apasslen,NULL)) + if (!valid_nt_password && !password_ok(user, smb_apasswd,smb_apasslen,NULL)) { if (lp_security() >= SEC_USER) { #if (GUEST_SESSSETUP == 0) -- 2.34.1