int passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth) { char sav, *epass; char *pw_epasswd = auth->data; size_t pw_len; int error; pw_len = strlen(pw_epasswd); #ifdef HAVE_GETAUTHUID /* Ultrix shadow passwords may use crypt16() */ error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd)); if (!error) return AUTH_SUCCESS; #endif /* HAVE_GETAUTHUID */ /* * Truncate to 8 chars if standard DES since not all crypt()'s do this. * If this turns out not to be safe we will have to use OS #ifdef's (sigh). */ sav = pass[8]; if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) pass[8] = '\0'; /* * Normal UN*X password check. * HP-UX may add aging info (separated by a ',') at the end so * only compare the first DESLEN characters in that case. */ epass = (char *) crypt(pass, pw_epasswd); pass[8] = sav; if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) error = strncmp(pw_epasswd, epass, DESLEN); else error = strcmp(pw_epasswd, epass); return error ? AUTH_FAILURE : AUTH_SUCCESS; }
/**************************************************************************** core of password checking routine ****************************************************************************/ BOOL password_check(char *password) { #ifdef USE_PAM /* This falls through if the password check fails - if NO_CRYPT is defined this causes an error msg saying Warning - no crypt available - if NO_CRYPT is NOT defined this is a potential security hole as it may authenticate via the crypt call when PAM settings say it should fail. if (pam_auth(this_user,password)) return(True); Hence we make a direct return to avoid a second chance!!! */ return (pam_auth(this_user,password)); #endif #ifdef AFS_AUTH if (afs_auth(this_user,password)) return(True); #endif #ifdef DFS_AUTH if (dfs_auth(this_user,password)) return(True); #endif #ifdef KRB5_AUTH if (krb5_auth(this_user,password)) return(True); #endif #ifdef KRB4_AUTH if (krb4_auth(this_user,password)) return(True); #endif #ifdef PWDAUTH if (pwdauth(this_user,password) == 0) return(True); #endif #ifdef OSF1_ENH_SEC { BOOL ret = (strcmp(osf1_bigcrypt(password,this_salt),this_crypted) == 0); if(!ret) { DEBUG(2,("password_check: OSF1_ENH_SEC failed. Trying normal crypt.\n")); ret = (strcmp((char *)crypt(password,this_salt),this_crypted) == 0); } return ret; } #endif #ifdef ULTRIX_AUTH return (strcmp((char *)crypt16(password, this_salt ),this_crypted) == 0); #endif #ifdef LINUX_BIGCRYPT return(linux_bigcrypt(password,this_salt,this_crypted)); #endif #ifdef HPUX_10_TRUSTED return(strcmp(bigcrypt(password,this_salt),this_crypted) == 0); #endif #ifdef NO_CRYPT DEBUG(1,("Warning - no crypt available\n")); return(False); #else return(strcmp((char *)crypt(password,this_salt),this_crypted) == 0); #endif }
QByteArray BasketUtils::crypt(QByteArray buf, QString pwd) //Пароль уже передается в виже HEX хэша { // Превращаем пароль-хэш в ключ/вектор // Разбиваем хэш на 2 части if ( pwd.length() != 32 ) {// т.е. если пароль не является HEX кодом хеш пароля return NULL; } QByteArray key = QByteArray().append(pwd.left(16));//QByteArray::fromHex(pwd.toUtf8());// QByteArray iv = QByteArray().append(pwd.right(16));//QByteArray::fromHex(pwd.toUtf8());// QByteArray cipherBuffer; //========================================================================================== // Служебный блок данных // Вычисляем размер последнего блока данных int tempBlockSize = buf.size() % 16; int lastBlockSize = tempBlockSize == 0 ? 16 : tempBlockSize; QByteArray serviceBlock = QByteArray( QVariant(lastBlockSize).toByteArray() ); while ( serviceBlock.size() < 16 ) serviceBlock.append('\0'); char *cipher = crypt16( serviceBlock.data(), serviceBlock.size(), key.data(), iv.data() ); if (cipher != NULL) { QByteArray ciph16 = QByteArray( cipher, 16 ); cipherBuffer.append(ciph16); //free (cipher); delete [] cipher; } else { return NULL; } // Конец служебного блока данных //========================================================================================== // Создаем цикл перебора буфера данных по 16 байт for ( int i = 0; i < buf.size(); i+=16 ) { QByteArray buf16;// = QByteArray:: if (i + 16 <= buf.size()) buf16 = buf.mid(i, 16); else { buf16 = buf.mid(i); } if ( buf16.size() == 16 ) ;//buf16.append('\0'); else { while ( buf16.size() < 15 ) buf16.append('\0'); buf16.append( buf.size() - i ); } char *cipher = crypt16( buf16.data(), buf16.size(), key.data(), iv.data() ); if (cipher != NULL) { QByteArray ciph16 = QByteArray( cipher, 16 ); cipherBuffer.append(ciph16); delete [] cipher; } } return cipherBuffer; }
/**************************************************************************** core of password checking routine ****************************************************************************/ static NTSTATUS password_check(const char *password) { #ifdef WITH_PAM return smb_pam_passcheck(this_user, password); #else BOOL ret; #ifdef WITH_AFS if (afs_auth(this_user, password)) return NT_STATUS_OK; #endif /* WITH_AFS */ #ifdef WITH_DFS if (dfs_auth(this_user, password)) return NT_STATUS_OK; #endif /* WITH_DFS */ #ifdef OSF1_ENH_SEC ret = (strcmp(osf1_bigcrypt(password, this_salt), this_crypted) == 0); if (!ret) { DEBUG(2, ("OSF1_ENH_SEC failed. Trying normal crypt.\n")); ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0); } if (ret) { return NT_STATUS_OK; } else { return NT_STATUS_WRONG_PASSWORD; } #endif /* OSF1_ENH_SEC */ #ifdef ULTRIX_AUTH ret = (strcmp((char *)crypt16(password, this_salt), this_crypted) == 0); if (ret) { return NT_STATUS_OK; } else { return NT_STATUS_WRONG_PASSWORD; } #endif /* ULTRIX_AUTH */ #ifdef LINUX_BIGCRYPT ret = (linux_bigcrypt(password, this_salt, this_crypted)); if (ret) { return NT_STATUS_OK; } else { return NT_STATUS_WRONG_PASSWORD; } #endif /* LINUX_BIGCRYPT */ #if defined(HAVE_BIGCRYPT) && defined(HAVE_CRYPT) && defined(USE_BOTH_CRYPT_CALLS) /* * Some systems have bigcrypt in the C library but might not * actually use it for the password hashes (HPUX 10.20) is * a noteable example. So we try bigcrypt first, followed * by crypt. */ if (strcmp(bigcrypt(password, this_salt), this_crypted) == 0) return NT_STATUS_OK; else ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0); if (ret) { return NT_STATUS_OK; } else { return NT_STATUS_WRONG_PASSWORD; } #else /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */ #ifdef HAVE_BIGCRYPT ret = (strcmp(bigcrypt(password, this_salt), this_crypted) == 0); if (ret) { return NT_STATUS_OK; } else { return NT_STATUS_WRONG_PASSWORD; } #endif /* HAVE_BIGCRYPT */ #ifndef HAVE_CRYPT DEBUG(1, ("Warning - no crypt available\n")); return NT_STATUS_LOGON_FAILURE; #else /* HAVE_CRYPT */ ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0); if (ret) { return NT_STATUS_OK; } else { return NT_STATUS_WRONG_PASSWORD; } #endif /* HAVE_CRYPT */ #endif /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */ #endif /* WITH_PAM */ }