/****************************************************************************
core of password checking routine
****************************************************************************/
BOOL password_check(char *password)
{
#ifdef USE_PAM
/* This falls through if the password check fails
- if NO_CRYPT is defined this causes an error msg
saying Warning - no crypt available
- if NO_CRYPT is NOT defined this is a potential security hole
as it may authenticate via the crypt call when PAM
settings say it should fail.
if (pam_auth(this_user,password)) return(True);
Hence we make a direct return to avoid a second chance!!!
*/
return (pam_auth(this_user,password));
#endif
#ifdef AFS_AUTH
if (afs_auth(this_user,password)) return(True);
#endif
#ifdef DFS_AUTH
if (dfs_auth(this_user,password)) return(True);
#endif
#ifdef KRB5_AUTH
if (krb5_auth(this_user,password)) return(True);
#endif
#ifdef KRB4_AUTH
if (krb4_auth(this_user,password)) return(True);
#endif
#ifdef PWDAUTH
if (pwdauth(this_user,password) == 0)
return(True);
#endif
#ifdef OSF1_ENH_SEC
{
BOOL ret = (strcmp(osf1_bigcrypt(password,this_salt),this_crypted) == 0);
if(!ret) {
DEBUG(2,("password_check: OSF1_ENH_SEC failed. Trying normal crypt.\n"));
ret = (strcmp((char *)crypt(password,this_salt),this_crypted) == 0);
}
return ret;
}
#endif
#ifdef ULTRIX_AUTH
return (strcmp((char *)crypt16(password, this_salt ),this_crypted) == 0);
#endif
#ifdef LINUX_BIGCRYPT
return(linux_bigcrypt(password,this_salt,this_crypted));
#endif
#ifdef HPUX_10_TRUSTED
return(strcmp(bigcrypt(password,this_salt),this_crypted) == 0);
#endif
#ifdef NO_CRYPT
DEBUG(1,("Warning - no crypt available\n"));
return(False);
#else
return(strcmp((char *)crypt(password,this_salt),this_crypted) == 0);
#endif
}
/****************************************************************************
core of password checking routine
****************************************************************************/
static NTSTATUS password_check(const char *password)
{
#ifdef WITH_PAM
return smb_pam_passcheck(this_user, password);
#else
BOOL ret;
#ifdef WITH_AFS
if (afs_auth(this_user, password))
return NT_STATUS_OK;
#endif /* WITH_AFS */
#ifdef WITH_DFS
if (dfs_auth(this_user, password))
return NT_STATUS_OK;
#endif /* WITH_DFS */
#ifdef OSF1_ENH_SEC
ret = (strcmp(osf1_bigcrypt(password, this_salt),
this_crypted) == 0);
if (!ret) {
DEBUG(2,
("OSF1_ENH_SEC failed. Trying normal crypt.\n"));
ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0);
}
if (ret) {
return NT_STATUS_OK;
} else {
return NT_STATUS_WRONG_PASSWORD;
}
#endif /* OSF1_ENH_SEC */
#ifdef ULTRIX_AUTH
ret = (strcmp((char *)crypt16(password, this_salt), this_crypted) == 0);
if (ret) {
return NT_STATUS_OK;
} else {
return NT_STATUS_WRONG_PASSWORD;
}
#endif /* ULTRIX_AUTH */
#ifdef LINUX_BIGCRYPT
ret = (linux_bigcrypt(password, this_salt, this_crypted));
if (ret) {
return NT_STATUS_OK;
} else {
return NT_STATUS_WRONG_PASSWORD;
}
#endif /* LINUX_BIGCRYPT */
#if defined(HAVE_BIGCRYPT) && defined(HAVE_CRYPT) && defined(USE_BOTH_CRYPT_CALLS)
/*
* Some systems have bigcrypt in the C library but might not
* actually use it for the password hashes (HPUX 10.20) is
* a noteable example. So we try bigcrypt first, followed
* by crypt.
*/
if (strcmp(bigcrypt(password, this_salt), this_crypted) == 0)
return NT_STATUS_OK;
else
ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0);
if (ret) {
return NT_STATUS_OK;
} else {
return NT_STATUS_WRONG_PASSWORD;
}
#else /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */
#ifdef HAVE_BIGCRYPT
ret = (strcmp(bigcrypt(password, this_salt), this_crypted) == 0);
if (ret) {
return NT_STATUS_OK;
} else {
return NT_STATUS_WRONG_PASSWORD;
}
#endif /* HAVE_BIGCRYPT */
#ifndef HAVE_CRYPT
DEBUG(1, ("Warning - no crypt available\n"));
return NT_STATUS_LOGON_FAILURE;
#else /* HAVE_CRYPT */
ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0);
if (ret) {
return NT_STATUS_OK;
} else {
return NT_STATUS_WRONG_PASSWORD;
}
#endif /* HAVE_CRYPT */
#endif /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */
#endif /* WITH_PAM */
}