[PATCH] Re: Bug in smbd/password.c ?

Andrew Bartlett abartlet at pcug.org.au
Wed Oct 4 08:32:02 GMT 2000


Yep, its a bug and I have already written and forwarded a patch to
address the issue. 
It appears to have dissaperied into the ethear.
(I hit it even harder - null root password, OUCH...).

In any case I have attached the patch, see if it fixes the issue for
you.  (It also cleans up some other issues around passwords).

Andrew Bartlett
abartlet at pcug.org.au

Teemu Suutari wrote:
> 
> I'm not subscribed to list, so please cc answers to me...
> 
> I'm setting samba 2.0.7 as PDC for computerlab, when I encountered
> problems.
> 
> Documentation specifically mentions that if account has no password
> (set by smbpasswd -a -n) and null passwords are disabled user can't
> logon. In my empirical tests this isn't the case. I looked source
> and added this (ugly) condition to source around line 517...
> 
>         if(smb_pass->acct_ctrl & ACB_PWNOTREQ) if (!lp_null_passwords()) {
>                 DEBUG(1,("Account for user '%s' has no password.\n",user));
>                 return(False);
>         }
> 
> and now users get thrown out ;)
> 
> I don't see what next condition
> if (lm_pwd[0] == '\0' && IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ) && lp_null_passwords()
> does, at least it didn't seem to catch passwords that has set to
> no password...
> 
> If I'm being stupid and/or not noticing something, please hit me ;)
> 
> --

-- 
Andrew Bartlett
abartlet at pcug.org.au
-------------- next part --------------
--- samba-2.0.7-orig/source/smbd/password.c	Wed Apr 26 09:07:11 2000
+++ samba-2.0.7/source/smbd/password.c	Sun Sep 17 19:29:23 2000
@@ -352,11 +352,11 @@
   unsigned char p21[21];
   unsigned char p24[24];
 
-  if (part_passwd == NULL)
-    DEBUG(10,("No password set - allowing access\n"));
-  /* No password set - always true ! */
-  if (part_passwd == NULL)
-    return 1;
+  if (part_passwd == NULL) {
+      DEBUG(10,("No password set - disallowing access\n"));
+      /* No password set - always false */
+  return False;
+}
 
   memset(p21,'\0',21);
   memcpy(p21,part_passwd,16);
@@ -399,12 +399,6 @@
 	DEBUG(4,("Checking SMB password for user %s\n", 
 		 smb_pass->smb_name));
 
-	if(smb_pass->acct_ctrl & ACB_DISABLED) {
-		DEBUG(1,("account for user %s was disabled.\n", 
-			 smb_pass->smb_name));
-		return(False);
-	}
-
 	if (chal == NULL)
 	{
 		DEBUG(5,("use last SMBnegprot challenge\n"));
@@ -434,18 +428,11 @@
 		DEBUG(4,("NT MD4 password check failed\n"));
 	}
 
-	/* Try against the lanman password. smb_pass->smb_passwd == NULL means
-	   no password, allow access. */
+	/* Try against the lanman password.
+	 */
 
 	DEBUG(4,("Checking LM MD4 password\n"));
 
-	if((smb_pass->smb_passwd == NULL) && 
-	   (smb_pass->acct_ctrl & ACB_PWNOTREQ)) {
-		DEBUG(4,("no password required for user %s\n",
-			 smb_pass->smb_name));
-		return True;
-	}
-
 	if((smb_pass->smb_passwd != NULL) && 
 	   smb_password_check((char *)lm_pass, 
 			      (uchar *)smb_pass->smb_passwd, challenge)) {
@@ -514,7 +501,7 @@
 		return(False);
 	}
 
-	if (lm_pwd[0] == '\0' && IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ) && lp_null_passwords())
+	if ((smb_pass->acct_ctrl & ACB_PWNOTREQ) && lp_null_passwords())
 	{
 		DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", smb_pass->smb_name));
 		return(True);
@@ -536,6 +523,17 @@
 ****************************************************************************/
 BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd)
 {
+  /*  This cuts null passwords off at the pass, getting around the mess in the 
+      password checking fuctions and stops the 'PAM:  Authentication failure' 
+      messages.  
+  */
+
+  if ((pwlen == 0) && !lp_null_passwords()) 
+    {
+      DEBUG(4,("Null passwords not allowed.\n"));
+      return False;
+    }
+
 	if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords()))
 	{
 		/* if 24 bytes long assume it is an encrypted password */


More information about the samba-technical mailing list