int
passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth)
{
char sav, *epass;
char *pw_epasswd = auth->data;
size_t pw_len;
int error;
pw_len = strlen(pw_epasswd);
#ifdef HAVE_GETAUTHUID
/* Ultrix shadow passwords may use crypt16() */
error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd));
if (!error)
return AUTH_SUCCESS;
#endif /* HAVE_GETAUTHUID */
/*
* Truncate to 8 chars if standard DES since not all crypt()'s do this.
* If this turns out not to be safe we will have to use OS #ifdef's (sigh).
*/
sav = pass[8];
if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len))
pass[8] = '\0';
/*
* Normal UN*X password check.
* HP-UX may add aging info (separated by a ',') at the end so
* only compare the first DESLEN characters in that case.
*/
epass = (char *) crypt(pass, pw_epasswd);
pass[8] = sav;
if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
error = strncmp(pw_epasswd, epass, DESLEN);
else
error = strcmp(pw_epasswd, epass);
return error ? AUTH_FAILURE : AUTH_SUCCESS;
}
/****************************************************************************
core of password checking routine
****************************************************************************/
BOOL password_check(char *password)
{
#ifdef USE_PAM
/* This falls through if the password check fails
- if NO_CRYPT is defined this causes an error msg
saying Warning - no crypt available
- if NO_CRYPT is NOT defined this is a potential security hole
as it may authenticate via the crypt call when PAM
settings say it should fail.
if (pam_auth(this_user,password)) return(True);
Hence we make a direct return to avoid a second chance!!!
*/
return (pam_auth(this_user,password));
#endif
#ifdef AFS_AUTH
if (afs_auth(this_user,password)) return(True);
#endif
#ifdef DFS_AUTH
if (dfs_auth(this_user,password)) return(True);
#endif
#ifdef KRB5_AUTH
if (krb5_auth(this_user,password)) return(True);
#endif
#ifdef KRB4_AUTH
if (krb4_auth(this_user,password)) return(True);
#endif
#ifdef PWDAUTH
if (pwdauth(this_user,password) == 0)
return(True);
#endif
#ifdef OSF1_ENH_SEC
{
BOOL ret = (strcmp(osf1_bigcrypt(password,this_salt),this_crypted) == 0);
if(!ret) {
DEBUG(2,("password_check: OSF1_ENH_SEC failed. Trying normal crypt.\n"));
ret = (strcmp((char *)crypt(password,this_salt),this_crypted) == 0);
}
return ret;
}
#endif
#ifdef ULTRIX_AUTH
return (strcmp((char *)crypt16(password, this_salt ),this_crypted) == 0);
#endif
#ifdef LINUX_BIGCRYPT
return(linux_bigcrypt(password,this_salt,this_crypted));
#endif
#ifdef HPUX_10_TRUSTED
return(strcmp(bigcrypt(password,this_salt),this_crypted) == 0);
#endif
#ifdef NO_CRYPT
DEBUG(1,("Warning - no crypt available\n"));
return(False);
#else
return(strcmp((char *)crypt(password,this_salt),this_crypted) == 0);
#endif
}
QByteArray BasketUtils::crypt(QByteArray buf, QString pwd) //Пароль уже передается в виже HEX хэша
{
// Превращаем пароль-хэш в ключ/вектор
// Разбиваем хэш на 2 части
if ( pwd.length() != 32 ) {// т.е. если пароль не является HEX кодом хеш пароля
return NULL;
}
QByteArray key = QByteArray().append(pwd.left(16));//QByteArray::fromHex(pwd.toUtf8());//
QByteArray iv = QByteArray().append(pwd.right(16));//QByteArray::fromHex(pwd.toUtf8());//
QByteArray cipherBuffer;
//==========================================================================================
// Служебный блок данных
// Вычисляем размер последнего блока данных
int tempBlockSize = buf.size() % 16;
int lastBlockSize = tempBlockSize == 0 ? 16 : tempBlockSize;
QByteArray serviceBlock = QByteArray( QVariant(lastBlockSize).toByteArray() );
while ( serviceBlock.size() < 16 )
serviceBlock.append('\0');
char *cipher = crypt16( serviceBlock.data(), serviceBlock.size(), key.data(), iv.data() );
if (cipher != NULL) {
QByteArray ciph16 = QByteArray( cipher, 16 );
cipherBuffer.append(ciph16);
//free (cipher);
delete [] cipher;
}
else {
return NULL;
}
// Конец служебного блока данных
//==========================================================================================
// Создаем цикл перебора буфера данных по 16 байт
for ( int i = 0; i < buf.size(); i+=16 )
{
QByteArray buf16;// = QByteArray::
if (i + 16 <= buf.size())
buf16 = buf.mid(i, 16);
else {
buf16 = buf.mid(i);
}
if ( buf16.size() == 16 )
;//buf16.append('\0');
else {
while ( buf16.size() < 15 )
buf16.append('\0');
buf16.append( buf.size() - i );
}
char *cipher = crypt16( buf16.data(), buf16.size(), key.data(), iv.data() );
if (cipher != NULL) {
QByteArray ciph16 = QByteArray( cipher, 16 );
cipherBuffer.append(ciph16);
delete [] cipher;
}
}
return cipherBuffer;
}
/****************************************************************************
core of password checking routine
****************************************************************************/
static NTSTATUS password_check(const char *password)
{
#ifdef WITH_PAM
return smb_pam_passcheck(this_user, password);
#else
BOOL ret;
#ifdef WITH_AFS
if (afs_auth(this_user, password))
return NT_STATUS_OK;
#endif /* WITH_AFS */
#ifdef WITH_DFS
if (dfs_auth(this_user, password))
return NT_STATUS_OK;
#endif /* WITH_DFS */
#ifdef OSF1_ENH_SEC
ret = (strcmp(osf1_bigcrypt(password, this_salt),
this_crypted) == 0);
if (!ret) {
DEBUG(2,
("OSF1_ENH_SEC failed. Trying normal crypt.\n"));
ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0);
}
if (ret) {
return NT_STATUS_OK;
} else {
return NT_STATUS_WRONG_PASSWORD;
}
#endif /* OSF1_ENH_SEC */
#ifdef ULTRIX_AUTH
ret = (strcmp((char *)crypt16(password, this_salt), this_crypted) == 0);
if (ret) {
return NT_STATUS_OK;
} else {
return NT_STATUS_WRONG_PASSWORD;
}
#endif /* ULTRIX_AUTH */
#ifdef LINUX_BIGCRYPT
ret = (linux_bigcrypt(password, this_salt, this_crypted));
if (ret) {
return NT_STATUS_OK;
} else {
return NT_STATUS_WRONG_PASSWORD;
}
#endif /* LINUX_BIGCRYPT */
#if defined(HAVE_BIGCRYPT) && defined(HAVE_CRYPT) && defined(USE_BOTH_CRYPT_CALLS)
/*
* Some systems have bigcrypt in the C library but might not
* actually use it for the password hashes (HPUX 10.20) is
* a noteable example. So we try bigcrypt first, followed
* by crypt.
*/
if (strcmp(bigcrypt(password, this_salt), this_crypted) == 0)
return NT_STATUS_OK;
else
ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0);
if (ret) {
return NT_STATUS_OK;
} else {
return NT_STATUS_WRONG_PASSWORD;
}
#else /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */
#ifdef HAVE_BIGCRYPT
ret = (strcmp(bigcrypt(password, this_salt), this_crypted) == 0);
if (ret) {
return NT_STATUS_OK;
} else {
return NT_STATUS_WRONG_PASSWORD;
}
#endif /* HAVE_BIGCRYPT */
#ifndef HAVE_CRYPT
DEBUG(1, ("Warning - no crypt available\n"));
return NT_STATUS_LOGON_FAILURE;
#else /* HAVE_CRYPT */
ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0);
if (ret) {
return NT_STATUS_OK;
} else {
return NT_STATUS_WRONG_PASSWORD;
}
#endif /* HAVE_CRYPT */
#endif /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */
#endif /* WITH_PAM */
}
