root/source3/auth/auth_compat.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. check_plaintext_password
  2. pass_check_smb
  3. password_ok

   1 /* 
   2    Unix SMB/CIFS implementation.
   3    Password and authentication handling
   4    Copyright (C) Andrew Bartlett         2001-2002
   5 
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10 
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15 
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19 
  20 #include "includes.h"
  21 
  22 extern struct auth_context *negprot_global_auth_context;
  23 extern bool global_encrypted_passwords_negotiated;
  24 
  25 #undef DBGC_CLASS
  26 #define DBGC_CLASS DBGC_AUTH
  27 
  28 /****************************************************************************
  29  COMPATIBILITY INTERFACES:
  30  ***************************************************************************/
  31 
  32 /****************************************************************************
  33 check if a username/password is OK assuming the password is a 24 byte
  34 SMB hash
  35 return True if the password is correct, False otherwise
  36 ****************************************************************************/
  37 
  38 NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_password, auth_serversupplied_info **server_info)
     /* [<][>][^][v][top][bottom][index][help] */
  39 {
  40         struct auth_context *plaintext_auth_context = NULL;
  41         auth_usersupplied_info *user_info = NULL;
  42         uint8_t chal[8];
  43         NTSTATUS nt_status;
  44         if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&plaintext_auth_context))) {
  45                 return nt_status;
  46         }
  47 
  48         plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context,
  49                                                    chal);
  50 
  51         if (!make_user_info_for_reply(&user_info, 
  52                                       smb_name, lp_workgroup(), chal,
  53                                       plaintext_password)) {
  54                 return NT_STATUS_NO_MEMORY;
  55         }
  56 
  57         nt_status = plaintext_auth_context->check_ntlm_password(plaintext_auth_context, 
  58                                                                 user_info, server_info); 
  59 
  60         (plaintext_auth_context->free)(&plaintext_auth_context);
  61         free_user_info(&user_info);
  62         return nt_status;
  63 }
  64 
  65 static NTSTATUS pass_check_smb(const char *smb_name,
     /* [<][>][^][v][top][bottom][index][help] */
  66                                const char *domain, 
  67                                DATA_BLOB lm_pwd,
  68                                DATA_BLOB nt_pwd,
  69                                DATA_BLOB plaintext_password,
  70                                bool encrypted)
  71 
  72 {
  73         NTSTATUS nt_status;
  74         auth_serversupplied_info *server_info = NULL;
  75         if (encrypted) {                
  76                 auth_usersupplied_info *user_info = NULL;
  77                 make_user_info_for_reply_enc(&user_info, smb_name, 
  78                                              domain,
  79                                              lm_pwd, 
  80                                              nt_pwd);
  81                 nt_status = negprot_global_auth_context->check_ntlm_password(negprot_global_auth_context, 
  82                                                                              user_info, &server_info);
  83                 free_user_info(&user_info);
  84         } else {
  85                 nt_status = check_plaintext_password(smb_name, plaintext_password, &server_info);
  86         }               
  87         TALLOC_FREE(server_info);
  88         return nt_status;
  89 }
  90 
  91 /****************************************************************************
  92 check if a username/password pair is ok via the auth subsystem.
  93 return True if the password is correct, False otherwise
  94 ****************************************************************************/
  95 
  96 bool password_ok(const char *smb_name, DATA_BLOB password_blob)
     /* [<][>][^][v][top][bottom][index][help] */
  97 {
  98 
  99         DATA_BLOB null_password = data_blob_null;
 100         bool encrypted = (global_encrypted_passwords_negotiated && (password_blob.length == 24 || password_blob.length > 46));
 101 
 102         if (encrypted) {
 103                 /* 
 104                  * The password could be either NTLM or plain LM.  Try NTLM first, 
 105                  * but fall-through as required.
 106                  * Vista sends NTLMv2 here - we need to try the client given workgroup.
 107                  */
 108                 if (get_session_workgroup()) {
 109                         if (NT_STATUS_IS_OK(pass_check_smb(smb_name, get_session_workgroup(), null_password, password_blob, null_password, encrypted))) {
 110                                 return True;
 111                         }
 112                         if (NT_STATUS_IS_OK(pass_check_smb(smb_name, get_session_workgroup(), password_blob, null_password, null_password, encrypted))) {
 113                                 return True;
 114                         }
 115                 }
 116 
 117                 if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) {
 118                         return True;
 119                 }
 120 
 121                 if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), password_blob, null_password, null_password, encrypted))) {
 122                         return True;
 123                 }
 124         } else {
 125                 if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, null_password, password_blob, encrypted))) {
 126                         return True;
 127                 }
 128         }
 129 
 130         return False;
 131 }

/* [<][>][^][v][top][bottom][index][help] */