diff options
author | Gerald Carter <jerry@samba.org> | 2001-03-09 18:59:16 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2001-03-09 18:59:16 +0000 |
commit | 0bfc10011bd5cacecda8b59c36e80f676e5c7fa3 (patch) | |
tree | c697a708da79caa3291c7844eb2148bccdf869ac /source3/smbd | |
parent | 53a331cfb271bd64bb26d0d433439e249adbbe71 (diff) | |
download | samba-0bfc10011bd5cacecda8b59c36e80f676e5c7fa3.tar.gz samba-0bfc10011bd5cacecda8b59c36e80f676e5c7fa3.tar.xz samba-0bfc10011bd5cacecda8b59c36e80f676e5c7fa3.zip |
merge of 'lanman auth' and 'min protocol' from 2.2
(This used to be commit 1d84da779a0fe3219d77686a493d2b2fa1f8072a)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/negprot.c | 3 | ||||
-rw-r--r-- | source3/smbd/reply.c | 33 |
2 files changed, 24 insertions, 12 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 41e95b816df..74d8eb39833 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -411,7 +411,8 @@ int reply_negprot(connection_struct *conn, { p = smb_buf(inbuf)+1; Index = 0; - if (lp_maxprotocol() >= supported_protocols[protocol].protocol_level) + if ((supported_protocols[protocol].protocol_level <= lp_maxprotocol()) && + (supported_protocols[protocol].protocol_level >= lp_minprotocol())) while (p < (smb_buf(inbuf) + bcc)) { if (strequal(p,supported_protocols[protocol].proto_name)) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 402f9db7546..4e87782a483 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -700,6 +700,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int int smb_ntpasslen = 0; pstring smb_ntpasswd; BOOL valid_nt_password = False; + BOOL valid_lm_password = False; pstring user; pstring orig_user; BOOL guest=False; @@ -935,15 +936,11 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int * security=domain. */ - if (!guest && - !check_server_security(orig_user, domain, user, - smb_apasswd, smb_apasslen, - smb_ntpasswd, smb_ntpasslen) && - !check_domain_security(orig_user, domain, user, - smb_apasswd, smb_apasslen, - smb_ntpasswd, smb_ntpasslen) && - !check_hosts_equiv(user) - ) + if (!guest && !check_server_security(orig_user, domain, user, + smb_apasswd, smb_apasslen, smb_ntpasswd, smb_ntpasslen) && + !check_domain_security(orig_user, domain, user, smb_apasswd, + smb_apasslen, smb_ntpasswd, smb_ntpasslen) && + !check_hosts_equiv(user)) { /* @@ -959,12 +956,26 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int if(smb_ntpasslen) { if(!password_ok(user, smb_ntpasswd,smb_ntpasslen,NULL)) - DEBUG(2,("NT Password did not match for user '%s' ! Defaulting to Lanman\n", user)); + DEBUG(2,("NT Password did not match for user '%s'!\n", user)); else valid_nt_password = True; } + + + /* check the LanMan password only if necessary and if allowed + by lp_lanman_auth() */ + if (!valid_nt_password && lp_lanman_auth()) + { + DEBUG(2,("Defaulting to Lanman password for %s\n", user)); + valid_lm_password = password_ok(user, smb_apasswd,smb_apasslen,NULL); + } + - if (!valid_nt_password && !password_ok(user, smb_apasswd,smb_apasslen,NULL)) + /* The true branch will be executed if + (1) the NT password failed (or was not tried), and + (2) LanMan authentication failed (or was disabled) + */ + if (!valid_nt_password && !valid_lm_password) { if (lp_security() >= SEC_USER) { |