← Back to branch summary

~vcs-imports/samba/main

« back to all changes in this revision

Viewing changes to source/auth/auth_compat.c

  • Committer: jerry
  • Date: 2006-07-14 21:48:39 UTC
  • Revision ID: vcs-imports@canonical.com-20060714214839-586d8c489a8fcead
gutting trunk to move to svn:externals

Show diffs side-by-side

added added

removed removed

Lines of Context:
source/auth/auth_compat.c
1
 
/* 
2
 
   Unix SMB/CIFS implementation.
3
 
   Password and authentication handling
4
 
   Copyright (C) Andrew Bartlett         2001-2002
5
 
   
6
 
   This program is free software; you can redistribute it and/or modify
7
 
   it under the terms of the GNU General Public License as published by
8
 
   the Free Software Foundation; either version 2 of the License, or
9
 
   (at your option) any later version.
10
 
   
11
 
   This program is distributed in the hope that it will be useful,
12
 
   but WITHOUT ANY WARRANTY; without even the implied warranty of
13
 
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14
 
   GNU General Public License for more details.
15
 
   
16
 
   You should have received a copy of the GNU General Public License
17
 
   along with this program; if not, write to the Free Software
18
 
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19
 
*/
20
 
 
21
 
#include "includes.h"
22
 
 
23
 
extern struct auth_context *negprot_global_auth_context;
24
 
extern BOOL global_encrypted_passwords_negotiated;
25
 
 
26
 
#undef DBGC_CLASS
27
 
#define DBGC_CLASS DBGC_AUTH
28
 
 
29
 
/****************************************************************************
30
 
 COMPATIBILITY INTERFACES:
31
 
 ***************************************************************************/
32
 
 
33
 
/****************************************************************************
34
 
check if a username/password is OK assuming the password is a 24 byte
35
 
SMB hash
36
 
return True if the password is correct, False otherwise
37
 
****************************************************************************/
38
 
 
39
 
NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_password, auth_serversupplied_info **server_info)
40
 
{
41
 
        struct auth_context *plaintext_auth_context = NULL;
42
 
        auth_usersupplied_info *user_info = NULL;
43
 
        const uint8 *chal;
44
 
        NTSTATUS nt_status;
45
 
        if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&plaintext_auth_context))) {
46
 
                return nt_status;
47
 
        }
48
 
        
49
 
        chal = plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context);
50
 
        
51
 
        if (!make_user_info_for_reply(&user_info, 
52
 
                                      smb_name, lp_workgroup(), chal,
53
 
                                      plaintext_password)) {
54
 
                return NT_STATUS_NO_MEMORY;
55
 
        }
56
 
        
57
 
        nt_status = plaintext_auth_context->check_ntlm_password(plaintext_auth_context, 
58
 
                                                                user_info, server_info); 
59
 
        
60
 
        (plaintext_auth_context->free)(&plaintext_auth_context);
61
 
        free_user_info(&user_info);
62
 
        return nt_status;
63
 
}
64
 
 
65
 
static NTSTATUS pass_check_smb(const char *smb_name,
66
 
                               const char *domain, 
67
 
                               DATA_BLOB lm_pwd,
68
 
                               DATA_BLOB nt_pwd,
69
 
                               DATA_BLOB plaintext_password,
70
 
                               BOOL encrypted)
71
 
 
72
 
{
73
 
        NTSTATUS nt_status;
74
 
        auth_serversupplied_info *server_info = NULL;
75
 
        if (encrypted) {                
76
 
                auth_usersupplied_info *user_info = NULL;
77
 
                make_user_info_for_reply_enc(&user_info, smb_name, 
78
 
                                             domain,
79
 
                                             lm_pwd, 
80
 
                                             nt_pwd);
81
 
                nt_status = negprot_global_auth_context->check_ntlm_password(negprot_global_auth_context, 
82
 
                                                                             user_info, &server_info);
83
 
                free_user_info(&user_info);
84
 
        } else {
85
 
                nt_status = check_plaintext_password(smb_name, plaintext_password, &server_info);
86
 
        }               
87
 
        TALLOC_FREE(server_info);
88
 
        return nt_status;
89
 
}
90
 
 
91
 
/****************************************************************************
92
 
check if a username/password pair is ok via the auth subsystem.
93
 
return True if the password is correct, False otherwise
94
 
****************************************************************************/
95
 
BOOL password_ok(char *smb_name, DATA_BLOB password_blob)
96
 
{
97
 
 
98
 
        DATA_BLOB null_password = data_blob(NULL, 0);
99
 
        BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24);
100
 
        
101
 
        if (encrypted) {
102
 
                /* 
103
 
                 * The password could be either NTLM or plain LM.  Try NTLM first, 
104
 
                 * but fall-through as required.
105
 
                 * NTLMv2 makes no sense here.
106
 
                 */
107
 
                if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) {
108
 
                        return True;
109
 
                }
110
 
                
111
 
                if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), password_blob, null_password, null_password, encrypted))) {
112
 
                        return True;
113
 
                }
114
 
        } else {
115
 
                if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, null_password, password_blob, encrypted))) {
116
 
                        return True;
117
 
                }
118
 
        }
119
 
 
120
 
        return False;
121
 
}
122
 
 
123