static bool test_strhaslower(struct torture_context *tctx)
{
torture_assert(tctx, strhaslower("a"), "one low char");
torture_assert(tctx, strhaslower("aB"), "one low, one up char");
torture_assert(tctx, !strhaslower("B"), "one up char");
torture_assert(tctx, !strhaslower(""), "empty string");
torture_assert(tctx, !strhaslower("3"), "one digit");
return true;
}
static bool strisnormal(const char *s, int case_default)
{
if (case_default == CASE_UPPER)
return(!strhaslower(s));
return(!strhasupper(s));
}
/*******************************************************************
check if a string is in "normal" case
********************************************************************/
BOOL strisnormal(char *s)
{
extern int case_default;
if (case_default == CASE_UPPER)
return(!strhaslower(s));
return(!strhasupper(s));
}
/****************************************************************************
check if a username/password is OK
****************************************************************************/
BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
{
pstring pass2;
int level = lp_passwordlevel();
struct passwd *pass;
char challenge[8];
BOOL update_encrypted = lp_update_encrypted();
struct smb_passwd *smb_pass;
BOOL challenge_done = False;
if (password) password[pwlen] = 0;
if (pwlen == 24)
challenge_done = last_challenge(challenge);
#if DEBUG_PASSWORD
if (challenge_done)
{
int i;
DEBUG(100,("checking user=[%s] pass=[",user));
for( i = 0; i < 24; i++)
DEBUG(100,("%0x ", (unsigned char)password[i]));
DEBUG(100,("]\n"));
} else {
DEBUG(100,("checking user=[%s] pass=[%s]\n",user,password));
}
#endif
if (!password)
return(False);
if (((!*password) || (!pwlen)) && !lp_null_passwords())
return(False);
if (pwd && !user)
{
pass = (struct passwd *) pwd;
user = pass->pw_name;
}
else
pass = Get_Pwnam(user,True);
DEBUG(4,("SMB Password - pwlen = %d, challenge_done = %d\n", pwlen, challenge_done));
if ((pwlen == 24) && challenge_done)
{
DEBUG(4,("Checking SMB password for user %s (l=24)\n",user));
if (!pass)
{
DEBUG(3,("Couldn't find user %s\n",user));
return(False);
}
/* non-null username indicates search by username not smb userid */
smb_pass = get_smbpwd_entry(user, 0);
if (!smb_pass)
{
DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user));
return(False);
}
if(smb_pass->acct_ctrl & ACB_DISABLED)
{
DEBUG(3,("password_ok: account for user %s was disabled.\n", user));
return(False);
}
/* Ensure the uid's match */
if (smb_pass->smb_userid != pass->pw_uid)
{
DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n"));
return(False);
}
if (Protocol >= PROTOCOL_NT1)
{
/* We have the NT MD4 hash challenge available - see if we can
use it (ie. does it exist in the smbpasswd file).
*/
if (smb_pass->smb_nt_passwd != NULL)
{
DEBUG(4,("Checking NT MD4 password\n"));
if (smb_password_check(password,
smb_pass->smb_nt_passwd,
(unsigned char *)challenge))
{
update_protected_database(user,True);
return(True);
}
DEBUG(4,("NT MD4 password check failed\n"));
}
}
/* Try against the lanman password */
if((smb_pass->smb_passwd == NULL) && (smb_pass->acct_ctrl & ACB_PWNOTREQ ))
{
/* No password. */
DEBUG(1,("password_ok: User %s has NO PASSWORD !\n", user));
update_protected_database(user,True);
return(True);
}
if ((smb_pass->smb_passwd != NULL) &&
smb_password_check(password, smb_pass->smb_passwd,
(unsigned char *)challenge))
{
update_protected_database(user,True);
return(True);
}
DEBUG(3,("Error smb_password_check failed\n"));
}
DEBUG(4,("Checking password for user %s (l=%d)\n",user,pwlen));
if (!pass)
{
DEBUG(3,("Couldn't find user %s\n",user));
return(False);
}
#ifdef SHADOW_PWD
{
struct spwd *spass;
/* many shadow systems require you to be root to get the password,
in most cases this should already be the case when this
function is called, except perhaps for IPC password changing
requests */
spass = getspnam(pass->pw_name);
if (spass && spass->sp_pwdp)
pass->pw_passwd = spass->sp_pwdp;
}
#elif defined(IA_UINFO)
{
/* Need to get password with SVR4.2's ia_ functions instead of
get{sp,pw}ent functions. Required by UnixWare 2.x, tested on
version 2.1. ([email protected]) */
uinfo_t uinfo;
if (ia_openinfo(pass->pw_name, &uinfo) != -1)
ia_get_logpwd(uinfo, &(pass->pw_passwd));
}
#endif
#ifdef SecureWare
{
struct pr_passwd *pr_pw = getprpwnam(pass->pw_name);
if (pr_pw && pr_pw->ufld.fd_encrypt)
pass->pw_passwd = pr_pw->ufld.fd_encrypt;
}
#endif
#ifdef HPUX_10_TRUSTED
{
struct pr_passwd *pr_pw = getprpwnam(pass->pw_name);
if (pr_pw && pr_pw->ufld.fd_encrypt)
pass->pw_passwd = pr_pw->ufld.fd_encrypt;
}
#endif
#ifdef OSF1_ENH_SEC
{
struct pr_passwd *mypasswd;
DEBUG(5,("Checking password for user %s in OSF1_ENH_SEC\n",user));
mypasswd = getprpwnam (user);
if ( mypasswd )
{
pstrcpy(pass->pw_name,mypasswd->ufld.fd_name);
pstrcpy(pass->pw_passwd,mypasswd->ufld.fd_encrypt);
}
else
{
DEBUG(5,("No entry for user %s in protected database !\n",user));
return(False);
}
}
#endif
#ifdef ULTRIX_AUTH
{
AUTHORIZATION *ap = getauthuid( pass->pw_uid );
if (ap)
{
pstrcpy( pass->pw_passwd, ap->a_password );
endauthent();
}
}
#endif
/* extract relevant info */
fstrcpy(this_user,pass->pw_name);
fstrcpy(this_salt,pass->pw_passwd);
#ifdef HPUX
/* The crypt on HPUX won't work with more than 2 salt characters. */
this_salt[2] = 0;
#endif /* HPUX */
fstrcpy(this_crypted,pass->pw_passwd);
if (!*this_crypted) {
if (!lp_null_passwords()) {
DEBUG(2,("Disallowing access to %s due to null password\n",this_user));
return(False);
}
#ifndef PWDAUTH
if (!*password) {
DEBUG(3,("Allowing access to %s with null password\n",this_user));
return(True);
}
#endif
}
/* try it as it came to us */
if (password_check(password))
{
update_protected_database(user,True);
if (pass && update_encrypted)
update_smbpassword_file(pass,password);
return(True);
}
/* if the password was given to us with mixed case then we don't
need to proceed as we know it hasn't been case modified by the
client */
if (strhasupper(password) && strhaslower(password))
return(False);
/* make a copy of it */
StrnCpy(pass2,password,sizeof(pstring)-1);
/* try all lowercase */
strlower(password);
if (password_check(password))
{
update_protected_database(user,True);
if (pass && update_encrypted)
update_smbpassword_file(pass,password);
return(True);
}
/* give up? */
if (level < 1)
{
update_protected_database(user,False);
/* restore it */
pstrcpy(password,pass2);
return(False);
}
/* last chance - all combinations of up to level chars upper! */
strlower(password);
if (string_combinations(password,password_check,level))
{
update_protected_database(user,True);
if (pass && update_encrypted)
update_smbpassword_file(pass,password);
return(True);
}
update_protected_database(user,False);
/* restore it */
pstrcpy(password,pass2);
return(False);
}
/*****************************************************************************
* do the actual mangling to 8.3 format
* the buffer must be able to hold 13 characters (including the null)
*****************************************************************************
*/
void mangle_name_83(char *s)
{
int crc16, i;
char *p, *q;
char extension[4];
char base[9];
int baselen = 0;
int extlen = 0;
extension[0] = 0;
base[0] = 0;
/*
* First, convert some common Unix extensions to extensions of 3
* characters. If none fits, don't change anything now.
*/
if (strcmp(q = s + strlen(s) - strlen(".tar.gz"), ".tar.gz") == 0) {
*q = '\0';
q = (char *)"tgz";
} else if (strcmp(q = s + strlen(s) - strlen(".tar.z"), ".tar.z") == 0) {
*q = '\0';
q = (char *)"tgz";
} else if (strcmp(q = s + strlen(s) - strlen(".tar.Z"), ".tar.Z") == 0) {
*q = '\0';
q = (char *)"taz";
} else if (strcmp(q = s + strlen(s) - strlen(".html"), ".html") == 0) {
*q = '\0';
q = (char *)"htm";
} else if (strcmp(q = s + strlen(s) - strlen(".shtml"), ".shtml") == 0) {
*q = '\0';
q = (char *)"stm";
} else if (strcmp(q = s + strlen(s) - strlen(".conf"), ".conf") == 0) {
*q = '\0';
q = (char *)"cnf";
} else if (strcmp(q = s + strlen(s) - strlen(".mpeg"), ".mpeg") == 0) {
*q = '\0';
q = (char *)"mpg";
} else if (strcmp(q = s + strlen(s) - strlen(".smil"), ".smil") == 0) {
*q = '\0';
q = (char *)"smi";
} else if (strcmp(q = s + strlen(s) - strlen(".perl"), ".perl") == 0) {
*q = '\0';
q = (char *)"pl";
} else if (strcmp(q = s + strlen(s) - strlen(".jpeg"), ".jpeg") == 0) {
*q = '\0';
q = (char *)"jpg";
} else if (strcmp(q = s + strlen(s) - strlen(".tiff"), ".tiff") == 0) {
*q = '\0';
q = (char *)"tif";
} else {
q = NULL;
}
if (q) {
/*
* Extension is modified, apply changes
*/
p = s + strlen(s);
*p++ = '.';
for (i = 0; i < strlen(q); i++)
*p++ = q[i];
*p++ = '\0';
}
/*
* Now start name mangling
*/
p = strrchr(s,'.');
if (p && (strlen(p+1) < (size_t)4)) {
int all_normal = (!strhaslower(p+1)); /* XXXXXXXXX */
if (all_normal && p[1] != 0) {
*p = 0;
crc16 = crc16xmodem(s, strlen(s));
*p = '.';
} else {
crc16 = crc16xmodem(s, strlen(s));
}
} else {
crc16 = crc16xmodem(s, strlen(s));
}
tu(s);
if (p) {
if (p == s)
safe_strcpy(extension, "___", 3);
else {
*p++ = 0;
while (*p && extlen < 3) {
if (*p != '.' )
extension[extlen++] = p[0];
p++;
}
extension[extlen] = 0;
}
}
p = s;
/*
* Changed to baselen 4, original this is 5.
* 24-11-2002 MB.
*/
while (*p && baselen < 4) {
if (*p != '.' )
base[baselen++] = p[0];
p++;
}
base[baselen] = 0;
if (crc16 > (MANGLE_BASE * MANGLE_BASE * MANGLE_BASE))
Syslog('!', "WARNING: mangle_name_83() crc16 overflow");
crc16 = crc16 % (MANGLE_BASE * MANGLE_BASE * MANGLE_BASE);
snprintf(s, 9, "%s%c%c%c%c", base, magic_char,
mangle(crc16 / (MANGLE_BASE * MANGLE_BASE)), mangle(crc16 / MANGLE_BASE), mangle(crc16));
if ( *extension ) {
(void)strcat(s, ".");
(void)strcat(s, extension);
}
}
