Hi,
I have made a change to the "passwd_ok" routine in
source/smbd/password.c.
This allows us to use both encrypted and plain passwords with one
server.
It worked fine for several months. Does anyone know whether this patch
results in a security hole? If not, can it applied to the Samba
distributiuon?
Best Wishes
jh
--
Von/From: Josef Heinen Forschungszentrum Juelich GmbH
Telefon/Phone: +49 (2461) 61-3912 Institut fuer Festkoerperforschung
Mail: J.Heinen@fz-juelich.de D-52425 Juelich
WWW: http://iffwww.iff.kfa-juelich.de/~jheinen
----- cut here -----
/****************************************************************************
check if a username/password pair is OK either via the system password
database or the encrypted SMB password database
return True if the password is correct, False otherwise
****************************************************************************/
BOOL password_ok(char *user, char *password, int pwlen, struct passwd
*pwd)
{
if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0)
&&
lp_null_passwords()))
{
/* if 24 bytes long assume it is an encrypted password
*/
uchar challenge[8];
if (!last_challenge(challenge))
{
DEBUG(0,("Error: challenge not done for
user=%s\n", user));
return False;
}
if (pass_check_smb(user, global_myworkgroup,
challenge, (uchar *)password, (uchar
*)password, pwd))
return True;
}
return pass_check(user, password, pwlen, pwd,
lp_update_encrypted() ?
update_smbpassword_file : NULL);
}