[PATCH] Re: Bug in smbd/password.c ?
Andrew Bartlett
abartlet at pcug.org.au
Wed Oct 4 08:32:02 GMT 2000
Yep, its a bug and I have already written and forwarded a patch to
address the issue.
It appears to have dissaperied into the ethear.
(I hit it even harder - null root password, OUCH...).
In any case I have attached the patch, see if it fixes the issue for
you. (It also cleans up some other issues around passwords).
Andrew Bartlett
abartlet at pcug.org.au
Teemu Suutari wrote:
>
> I'm not subscribed to list, so please cc answers to me...
>
> I'm setting samba 2.0.7 as PDC for computerlab, when I encountered
> problems.
>
> Documentation specifically mentions that if account has no password
> (set by smbpasswd -a -n) and null passwords are disabled user can't
> logon. In my empirical tests this isn't the case. I looked source
> and added this (ugly) condition to source around line 517...
>
> if(smb_pass->acct_ctrl & ACB_PWNOTREQ) if (!lp_null_passwords()) {
> DEBUG(1,("Account for user '%s' has no password.\n",user));
> return(False);
> }
>
> and now users get thrown out ;)
>
> I don't see what next condition
> if (lm_pwd[0] == '\0' && IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ) && lp_null_passwords()
> does, at least it didn't seem to catch passwords that has set to
> no password...
>
> If I'm being stupid and/or not noticing something, please hit me ;)
>
> --
--
Andrew Bartlett
abartlet at pcug.org.au
-------------- next part --------------
--- samba-2.0.7-orig/source/smbd/password.c Wed Apr 26 09:07:11 2000
+++ samba-2.0.7/source/smbd/password.c Sun Sep 17 19:29:23 2000
@@ -352,11 +352,11 @@
unsigned char p21[21];
unsigned char p24[24];
- if (part_passwd == NULL)
- DEBUG(10,("No password set - allowing access\n"));
- /* No password set - always true ! */
- if (part_passwd == NULL)
- return 1;
+ if (part_passwd == NULL) {
+ DEBUG(10,("No password set - disallowing access\n"));
+ /* No password set - always false */
+ return False;
+}
memset(p21,'\0',21);
memcpy(p21,part_passwd,16);
@@ -399,12 +399,6 @@
DEBUG(4,("Checking SMB password for user %s\n",
smb_pass->smb_name));
- if(smb_pass->acct_ctrl & ACB_DISABLED) {
- DEBUG(1,("account for user %s was disabled.\n",
- smb_pass->smb_name));
- return(False);
- }
-
if (chal == NULL)
{
DEBUG(5,("use last SMBnegprot challenge\n"));
@@ -434,18 +428,11 @@
DEBUG(4,("NT MD4 password check failed\n"));
}
- /* Try against the lanman password. smb_pass->smb_passwd == NULL means
- no password, allow access. */
+ /* Try against the lanman password.
+ */
DEBUG(4,("Checking LM MD4 password\n"));
- if((smb_pass->smb_passwd == NULL) &&
- (smb_pass->acct_ctrl & ACB_PWNOTREQ)) {
- DEBUG(4,("no password required for user %s\n",
- smb_pass->smb_name));
- return True;
- }
-
if((smb_pass->smb_passwd != NULL) &&
smb_password_check((char *)lm_pass,
(uchar *)smb_pass->smb_passwd, challenge)) {
@@ -514,7 +501,7 @@
return(False);
}
- if (lm_pwd[0] == '\0' && IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ) && lp_null_passwords())
+ if ((smb_pass->acct_ctrl & ACB_PWNOTREQ) && lp_null_passwords())
{
DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", smb_pass->smb_name));
return(True);
@@ -536,6 +523,17 @@
****************************************************************************/
BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd)
{
+ /* This cuts null passwords off at the pass, getting around the mess in the
+ password checking fuctions and stops the 'PAM: Authentication failure'
+ messages.
+ */
+
+ if ((pwlen == 0) && !lp_null_passwords())
+ {
+ DEBUG(4,("Null passwords not allowed.\n"));
+ return False;
+ }
+
if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords()))
{
/* if 24 bytes long assume it is an encrypted password */
More information about the samba-technical
mailing list