BUG: Null passwords = no ignored

Andrew Bartlett abartlet at pcug.org.au
Sun Sep 17 11:07:02 GMT 2000 

Attached is a patch to some of the password checking functionality of
samba.  In the process I started to realize the complexity samba has to
wade through just to check a user name and password!  Congratulations to
those who got it this far - nothing is quite what is seems.  Even null
passwords don't come in as null.  
 
(I have tested it with Win98, with encrypted passwords on and off, but
it needs more testing).

I have removed an unnecessary (I hope) account disabled test in
smb_password_ok as well as a lot of null password fall-throughs.  (It
looks like the original author never thought that null passwords would
be disabled, because 3 separate functions check for null passwords
giving unconditional access if one is set, only one actually checked the
smb.conf parameter and that check appeared to fail until I modified it.

BTW, Is there any way to find out if the client is sending an encrypted
null password? 

I hope this helps get this working correctly, do tell me if I have made
a big boo-boo, I am relatively new to this game.

Andrew Bartlett

Gerald Carter wrote:
> 
> Andrew Bartlett wrote:
> >
> > Most recent samba versions (i have noted 2.0.6 and
> > 2.0.7 in particular) seem to ignore the null passwords
> > = no option in smb.conf.
> 
> Andrew & Seth,
> 
> I'll look into this.  Maybe first part of the week though.
> 
> Cheers,
> jerry
> ----------------------------------------------------------------------
>    /\  Gerald (Jerry) Carter                     Professional Services
>  \/    http://www.valinux.com  VA Linux Systems    gcarter at valinux.com
>        http://www.samba.org       SAMBA Team           jerry at samba.org
>        http://www.eng.auburn.edu/~cartegw
> 
>        "...a hundred billion castaways looking for a home."
>                                 - Sting "Message in a Bottle" ( 1979 )

-- 
Andrew Bartlett
abartlet at pcug.org.au
-------------- next part --------------
--- samba-2.0.7-orig/source/smbd/password.c	Wed Apr 26 09:07:11 2000
+++ samba-2.0.7/source/smbd/password.c	Sun Sep 17 19:29:23 2000
@@ -352,11 +352,11 @@
   unsigned char p21[21];
   unsigned char p24[24];
 
-  if (part_passwd == NULL)
-    DEBUG(10,("No password set - allowing access\n"));
-  /* No password set - always true ! */
-  if (part_passwd == NULL)
-    return 1;
+  if (part_passwd == NULL) {
+      DEBUG(10,("No password set - disallowing access\n"));
+      /* No password set - always false */
+  return False;
+}
 
   memset(p21,'\0',21);
   memcpy(p21,part_passwd,16);
@@ -399,12 +399,6 @@
 	DEBUG(4,("Checking SMB password for user %s\n", 
 		 smb_pass->smb_name));
 
-	if(smb_pass->acct_ctrl & ACB_DISABLED) {
-		DEBUG(1,("account for user %s was disabled.\n", 
-			 smb_pass->smb_name));
-		return(False);
-	}
-
 	if (chal == NULL)
 	{
 		DEBUG(5,("use last SMBnegprot challenge\n"));
@@ -434,18 +428,11 @@
 		DEBUG(4,("NT MD4 password check failed\n"));
 	}
 
-	/* Try against the lanman password. smb_pass->smb_passwd == NULL means
-	   no password, allow access. */
+	/* Try against the lanman password.
+	 */
 
 	DEBUG(4,("Checking LM MD4 password\n"));
 
-	if((smb_pass->smb_passwd == NULL) && 
-	   (smb_pass->acct_ctrl & ACB_PWNOTREQ)) {
-		DEBUG(4,("no password required for user %s\n",
-			 smb_pass->smb_name));
-		return True;
-	}
-
 	if((smb_pass->smb_passwd != NULL) && 
 	   smb_password_check((char *)lm_pass, 
 			      (uchar *)smb_pass->smb_passwd, challenge)) {
@@ -514,7 +501,7 @@
 		return(False);
 	}
 
-	if (lm_pwd[0] == '\0' && IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ) && lp_null_passwords())
+	if ((smb_pass->acct_ctrl & ACB_PWNOTREQ) && lp_null_passwords())
 	{
 		DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", smb_pass->smb_name));
 		return(True);
@@ -536,6 +523,17 @@
 ****************************************************************************/
 BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd)
 {
+  /*  This cuts null passwords off at the pass, getting around the mess in the 
+      password checking fuctions and stops the 'PAM:  Authentication failure' 
+      messages.  
+  */
+
+  if ((pwlen == 0) && !lp_null_passwords()) 
+    {
+      DEBUG(4,("Null passwords not allowed.\n"));
+      return False;
+    }
+
 	if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords()))
 	{
 		/* if 24 bytes long assume it is an encrypted password */

More information about the samba-technical mailing list