#define DBGC_CLASS DBGC_AUTH
/****************************************************************************
-core of smb password checking routine.
+ Core of smb password checking routine.
****************************************************************************/
+
static BOOL smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response,
const uchar *part_passwd,
const DATA_BLOB *sec_blob,
}
SMBOWFencrypt(part_passwd, sec_blob->data, p24);
- if (user_sess_key != NULL)
- {
+ if (user_sess_key != NULL) {
SMBsesskeygen_ntv1(part_passwd, NULL, user_sess_key);
}
return (memcmp(p24, nt_response->data, 24) == 0);
}
-
/****************************************************************************
-core of smb password checking routine. (NTLMv2, LMv2)
-
-Note: The same code works with both NTLMv2 and LMv2.
+ Core of smb password checking routine. (NTLMv2, LMv2)
+ Note: The same code works with both NTLMv2 and LMv2.
****************************************************************************/
+
static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
const uchar *part_passwd,
const DATA_BLOB *sec_blob,
uchar client_response[16];
DATA_BLOB client_key_data;
- if (part_passwd == NULL)
- {
+ if (part_passwd == NULL) {
DEBUG(10,("No password set - DISALLOWING access\n"));
/* No password set - always False */
return False;
}
SMBOWFencrypt_ntv2(kr, sec_blob, &client_key_data, value_from_encryption);
- if (user_sess_key != NULL)
- {
+ if (user_sess_key != NULL) {
SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key);
}
return (memcmp(value_from_encryption, client_response, 16) == 0);
}
-
/****************************************************************************
Do a specific test for an smb password being correct, given a smb_password and
the lanman and NT responses.
****************************************************************************/
+
static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
TALLOC_CTX *mem_ctx,
SAM_ACCOUNT *sampass,
uint32 auth_flags;
acct_ctrl = pdb_get_acct_ctrl(sampass);
- if (acct_ctrl & ACB_PWNOTREQ)
- {
- if (lp_null_passwords())
- {
+ if (acct_ctrl & ACB_PWNOTREQ) {
+ if (lp_null_passwords()) {
DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", pdb_get_username(sampass)));
return(NT_STATUS_OK);
- }
- else
- {
+ } else {
DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", pdb_get_username(sampass)));
return(NT_STATUS_LOGON_FAILURE);
}
nt_pw, &auth_context->challenge,
user_info->smb_name.str,
user_info->client_domain.str,
- user_sess_key))
- {
+ user_sess_key)) {
return NT_STATUS_OK;
}
nt_pw, &auth_context->challenge,
user_info->smb_name.str,
"",
- user_sess_key))
-
- {
+ user_sess_key)) {
return NT_STATUS_OK;
} else {
DEBUG(3,("sam_password_ok: NTLMv2 password check failed\n"));
DEBUG(4,("sam_password_ok: Checking NT MD4 password\n"));
if (smb_pwd_check_ntlmv1(&user_info->nt_resp,
nt_pw, &auth_context->challenge,
- user_sess_key))
- {
+ user_sess_key)) {
return NT_STATUS_OK;
} else {
DEBUG(3,("sam_password_ok: NT MD4 password check failed for user %s\n",pdb_get_username(sampass)));
DEBUG(4,("sam_password_ok: Checking LM password\n"));
if (smb_pwd_check_ntlmv1(&user_info->lm_resp,
lm_pw, &auth_context->challenge,
- user_sess_key))
- {
+ user_sess_key)) {
return NT_STATUS_OK;
}
}
nt_pw, &auth_context->challenge,
user_info->smb_name.str,
user_info->client_domain.str,
- user_sess_key))
- {
+ user_sess_key)) {
return NT_STATUS_OK;
}
nt_pw, &auth_context->challenge,
user_info->smb_name.str,
"",
- user_sess_key))
- {
+ user_sess_key)) {
return NT_STATUS_OK;
}
- I think this is related to Win9X pass-though authentication
*/
DEBUG(4,("sam_password_ok: Checking NT MD4 password in LM field\n"));
- if (lp_ntlm_auth())
- {
+ if (lp_ntlm_auth()) {
if (smb_pwd_check_ntlmv1(&user_info->lm_resp,
nt_pw, &auth_context->challenge,
- user_sess_key))
- {
+ user_sess_key)) {
return NT_STATUS_OK;
}
DEBUG(3,("sam_password_ok: LM password, NT MD4 password in LM field and LMv2 failed for user %s\n",pdb_get_username(sampass)));
Do a specific test for a SAM_ACCOUNT being vaild for this connection
(ie not disabled, expired and the like).
****************************************************************************/
+
static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
SAM_ACCOUNT *sampass,
const auth_usersupplied_info *user_info)
/* Quit if the account was disabled. */
if (acct_ctrl & ACB_DISABLED) {
- DEBUG(1,("Account for user '%s' was disabled.\n", pdb_get_username(sampass)));
+ DEBUG(1,("sam_account_ok: Account for user '%s' was disabled.\n", pdb_get_username(sampass)));
return NT_STATUS_ACCOUNT_DISABLED;
}
+ /* Quit if the account was locked out. */
+ if (acct_ctrl & ACB_AUTOLOCK) {
+ DEBUG(1,("sam_account_ok: Account for user %s was locked out.\n", pdb_get_username(sampass)));
+ return NT_STATUS_ACCOUNT_LOCKED_OUT;
+ }
+
/* Test account expire time */
kickoff_time = pdb_get_kickoff_time(sampass);
if (kickoff_time != 0 && time(NULL) > kickoff_time) {
- DEBUG(1,("Account for user '%s' has expired.\n", pdb_get_username(sampass)));
- DEBUG(3,("Account expired at '%ld' unix time.\n", (long)kickoff_time));
+ DEBUG(1,("sam_account_ok: Account for user '%s' has expired.\n", pdb_get_username(sampass)));
+ DEBUG(3,("sam_account_ok: Account expired at '%ld' unix time.\n", (long)kickoff_time));
return NT_STATUS_ACCOUNT_EXPIRED;
}
/* check for immediate expiry "must change at next logon" */
if (must_change_time == 0 && last_set_time != 0) {
- DEBUG(1,("Account for user '%s' password must change!.\n", pdb_get_username(sampass)));
+ DEBUG(1,("sam_account_ok: Account for user '%s' password must change!.\n", pdb_get_username(sampass)));
return NT_STATUS_PASSWORD_MUST_CHANGE;
}
/* check for expired password */
if (must_change_time < time(NULL) && must_change_time != 0) {
- DEBUG(1,("Account for user '%s' password expired!.\n", pdb_get_username(sampass)));
- DEBUG(1,("Password expired at '%s' (%ld) unix time.\n", http_timestring(must_change_time), (long)must_change_time));
+ DEBUG(1,("sam_account_ok: Account for user '%s' password expired!.\n", pdb_get_username(sampass)));
+ DEBUG(1,("sam_account_ok: Password expired at '%s' (%ld) unix time.\n", http_timestring(must_change_time), (long)must_change_time));
return NT_STATUS_PASSWORD_EXPIRED;
}
}
/* Test workstation. Workstation list is comma separated. */
workstation_list = talloc_strdup(mem_ctx, pdb_get_workstations(sampass));
-
- if (!workstation_list) return NT_STATUS_NO_MEMORY;
+ if (!workstation_list)
+ return NT_STATUS_NO_MEMORY;
if (*workstation_list) {
BOOL invalid_ws = True;
fstring tok;
while (next_token(&s, tok, ",", sizeof(tok))) {
- DEBUG(10,("checking for workstation match %s and %s (len=%d)\n",
+ DEBUG(10,("sam_account_ok: checking for workstation match %s and %s (len=%d)\n",
tok, user_info->wksta_name.str, user_info->wksta_name.len));
if(strequal(tok, user_info->wksta_name.str)) {
invalid_ws = False;
return NT_STATUS_OK;
}
-
/****************************************************************************
check if a username/password is OK assuming the password is a 24 byte
SMB hash supplied in the user_info structure
ret = pdb_getsampwnam(sampass, user_info->internal_username.str);
unbecome_root();
- if (ret == False)
- {
- DEBUG(3,("Couldn't find user '%s' in passdb file.\n", user_info->internal_username.str));
+ if (ret == False) {
+ DEBUG(3,("check_sam_security: Couldn't find user '%s' in passdb file.\n", user_info->internal_username.str));
pdb_free_sam(&sampass);
return NT_STATUS_NO_SUCH_USER;
}
struct locking_data *data;
int num_share_modes;
share_mode_entry *shares = NULL;
-
+ TDB_DATA key = locking_key(dev, inode);
*pp_shares = NULL;
- dbuf = tdb_fetch(tdb, locking_key(dev, inode));
+ dbuf = tdb_fetch(tdb, key);
if (!dbuf.dptr)
return 0;
/* The record has shrunk a bit */
dbuf.dsize -= del_count * sizeof(share_mode_entry);
- if (tdb_store(tdb, locking_key(dev, inode), dbuf, TDB_REPLACE) == -1) {
+ if (tdb_store(tdb, key, dbuf, TDB_REPLACE) == -1) {
SAFE_FREE(shares);
SAFE_FREE(dbuf.dptr);
return 0;
int i, del_count=0;
share_mode_entry *shares;
ssize_t count = 0;
+ TDB_DATA key = locking_key(dev, inode);
if (ppse)
*ppse = NULL;
/* read in the existing share modes */
- dbuf = tdb_fetch(tdb, locking_key(dev, inode));
+ dbuf = tdb_fetch(tdb, key);
if (!dbuf.dptr)
return -1;
/* store it back in the database */
if (data->u.num_share_mode_entries == 0) {
- if (tdb_delete(tdb, locking_key(dev, inode)) == -1)
+ if (tdb_delete(tdb, key) == -1)
count = -1;
} else {
- if (tdb_store(tdb, locking_key(dev, inode), dbuf, TDB_REPLACE) == -1)
+ if (tdb_store(tdb, key, dbuf, TDB_REPLACE) == -1)
count = -1;
}
}
struct locking_data *data;
char *p=NULL;
int size;
+ TDB_DATA key = locking_key_fsp(fsp);
BOOL ret = True;
/* read in the existing share modes if any */
- dbuf = tdb_fetch(tdb, locking_key_fsp(fsp));
+ dbuf = tdb_fetch(tdb, key);
if (!dbuf.dptr) {
size_t offset;
/* we'll need to create a new record */
fill_share_mode(p + sizeof(*data), fsp, port, op_type);
dbuf.dptr = p;
dbuf.dsize = size;
- if (tdb_store(tdb, locking_key_fsp(fsp), dbuf, TDB_REPLACE) == -1)
+ if (tdb_store(tdb, key, dbuf, TDB_REPLACE) == -1)
ret = False;
print_share_mode_table((struct locking_data *)p);
SAFE_FREE(dbuf.dptr);
dbuf.dptr = p;
dbuf.dsize = size;
- if (tdb_store(tdb, locking_key_fsp(fsp), dbuf, TDB_REPLACE) == -1)
+ if (tdb_store(tdb, key, dbuf, TDB_REPLACE) == -1)
ret = False;
print_share_mode_table((struct locking_data *)p);
SAFE_FREE(p);
share_mode_entry *shares;
BOOL need_store=False;
BOOL ret = True;
+ TDB_DATA key = locking_key(dev, inode);
/* read in the existing share modes */
- dbuf = tdb_fetch(tdb, locking_key(dev, inode));
+ dbuf = tdb_fetch(tdb, key);
if (!dbuf.dptr)
return False;
/* if the mod fn was called then store it back */
if (need_store) {
if (data->u.num_share_mode_entries == 0) {
- if (tdb_delete(tdb, locking_key(dev, inode)) == -1)
+ if (tdb_delete(tdb, key) == -1)
ret = False;
} else {
- if (tdb_store(tdb, locking_key(dev, inode), dbuf, TDB_REPLACE) == -1)
+ if (tdb_store(tdb, key, dbuf, TDB_REPLACE) == -1)
ret = False;
}
}
struct locking_data *data;
int i;
share_mode_entry *shares;
+ TDB_DATA key = locking_key(dev, inode);
/* read in the existing share modes */
- dbuf = tdb_fetch(tdb, locking_key(dev, inode));
+ dbuf = tdb_fetch(tdb, key);
if (!dbuf.dptr)
return False;
/* store it back */
if (data->u.num_share_mode_entries) {
- if (tdb_store(tdb, locking_key(dev,inode), dbuf, TDB_REPLACE)==-1) {
+ if (tdb_store(tdb, key, dbuf, TDB_REPLACE)==-1) {
SAFE_FREE(dbuf.dptr);
return False;
}
git.samba.org / bbaumbach / samba-autobuild / .git / commitdiff