Encrypted and plain passwords with one server

J.Heinen J.Heinen at fz-juelich.de
Wed Sep 13 13:11:27 GMT 2000


I have made a change to the "passwd_ok" routine in
This allows us to use both encrypted and plain passwords with one
It worked fine for several months. Does anyone know whether this patch
results in a security hole? If not, can it applied to the Samba

Best Wishes

      Von/From: Josef Heinen             Forschungszentrum Juelich GmbH
 Telefon/Phone: +49 (2461) 61-3912   Institut fuer Festkoerperforschung
          Mail: J.Heinen at fz-juelich.de                  D-52425 Juelich
           WWW: http://iffwww.iff.kfa-juelich.de/~jheinen

----- cut here -----

check if a username/password pair is OK either via the system password
database or the encrypted SMB password database
return True if the password is correct, False otherwise
BOOL password_ok(char *user, char *password, int pwlen, struct passwd
        if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) &&
                /* if 24 bytes long assume it is an encrypted password
                uchar challenge[8];

                if (!last_challenge(challenge))
                        DEBUG(0,("Error: challenge not done for
user=%s\n", user));
                        return False;

                if (pass_check_smb(user, global_myworkgroup,
                                   challenge, (uchar *)password, (uchar
*)password, pwd))
                        return True;

        return pass_check(user, password, pwlen, pwd, 
                          lp_update_encrypted() ? 
                          update_smbpassword_file : NULL);

More information about the samba mailing list