[PATCH] Null password cleanup

Andrew Bartlett abartlet at pcug.org.au
Sat Oct 14 12:53:58 GMT 2000


I have noticed that null passwords were finally fixed in 2.2alpha0. 
However the password code will still allow null passwords if sombody
stuffs up in the future.  This patch should fix it.  (untested, but
looks right)
-- 
Andrew Bartlett
abartlet at pcug.org.au
-------------- next part --------------
--- password.orig	Sat Oct 14 23:46:40 2000
+++ password.c	Sat Oct 14 23:48:46 2000
@@ -353,10 +353,10 @@
   unsigned char p24[24];
 
   if (part_passwd == NULL)
-    DEBUG(10,("No password set - allowing access\n"));
-  /* No password set - always true ! */
+    DEBUG(10,("No password set - denying access\n"));
+  /* No password set - always false ! */
   if (part_passwd == NULL)
-    return 1;
+    return 0;
 
   memset(p21,'\0',21);
   memcpy(p21,part_passwd,16);
@@ -434,17 +434,9 @@
 		DEBUG(4,("NT MD4 password check failed\n"));
 	}
 
-	/* Try against the lanman password. smb_pass->smb_passwd == NULL means
-	   no password, allow access. */
+	/* Try against the lanman password. */
 
 	DEBUG(4,("Checking LM MD4 password\n"));
-
-	if((smb_pass->smb_passwd == NULL) && 
-	   (smb_pass->acct_ctrl & ACB_PWNOTREQ)) {
-		DEBUG(4,("no password required for user %s\n",
-			 smb_pass->smb_name));
-		return True;
-	}
 
 	if((smb_pass->smb_passwd != NULL) && 
 	   smb_password_check((char *)lm_pass, 


More information about the samba-technical mailing list