Exemplo n.º 1
0
/* Fetches the user's credentials from the challenge.
 * Returns NULL if domain or user is not defined
 * No identity control is performed.
 * WARNING! The result is static storage, shared with ntlm_check_auth
 */
char *
fetch_credentials(ntlm_authenticate * auth, int auth_length)
{
    char *p = credentials;
    lstring tmp;
    tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->domain);
    if (tmp.str == NULL)
	return NULL;
    memcpy(p, tmp.str, tmp.l);
    p += tmp.l;
    *p++ = '\\';
    tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->user);
    if (tmp.str == NULL)
	return NULL;
    *(p + tmp.l) = '\0';
    return credentials;
}
Exemplo n.º 2
0
void
do_authenticate(ntlm_authenticate * auth, int auth_length)
{
    lstring tmp;
    int tocopy;
    NSS_STATUS winbindd_result;
    struct winbindd_request request;
    struct winbindd_response response;
    char *domain, *user;

    memset(&request, 0, sizeof(struct winbindd_request));

    memset(&response, 0, sizeof(struct winbindd_response));

    /* domain */
    tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->domain);
    if (tmp.str == NULL || tmp.l == 0) {	/* no domain supplied */
	request.data.auth_crap.domain[0] = 0;
    } else {
	tocopy = min(tmp.l + 1, sizeof(fstring));
	xstrncpy(request.data.auth_crap.domain, tmp.str, tocopy);
    }

    domain = request.data.auth_crap.domain;	/* just a shortcut */

    /* username */
    tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->user);
    if (tmp.str == NULL || tmp.l == 0) {
	authfail(domain, "-", "No username in request");
	return;
    }

    tocopy = min(sizeof(fstring), tmp.l + 1);
    xstrncpy(request.data.auth_crap.user, tmp.str, tocopy);
    user = request.data.auth_crap.user;

    /* now the LM hash */
    lmhash = ntlm_fetch_string((char *) auth, auth_length, &auth->lmresponse);
    switch (lmhash.l) {
    case 0:
	warn("No lm hash provided by user %s\\%s\n", domain, user);
	request.data.auth_crap.lm_resp_len = 0;
	break;
    case 24:
	memcpy(request.data.auth_crap.lm_resp, lmhash.str, 24);
	request.data.auth_crap.lm_resp_len = 24;
	break;
    default:
	authfail(domain, user, "Broken LM hash response");
	return;
    }

    nthash = ntlm_fetch_string((char *) auth, auth_length, &auth->ntresponse);
    switch (nthash.l) {
    case 0:
	debug("no nthash\n");
	request.data.auth_crap.nt_resp_len = 0;
	break;
    case 24:
	memcpy(request.data.auth_crap.nt_resp, nthash.str, 24);
	request.data.auth_crap.nt_resp_len = 24;
	break;
    default:
	debug("nthash len = %d\n", nthash.l);
	authfail(domain, user, "Broken NT hash response");
	return;
    }

    debug("Checking user '%s\\%s' lmhash len =%d, have_nthash=%d, "
	"nthash len=%d\n", domain, user, lmhash.l, have_nthash, nthash.l);

    memcpy(request.data.auth_crap.chal, challenge, CHALLENGE_LEN);

    winbindd_result = winbindd_request(WINBINDD_PAM_AUTH_CRAP,
	&request, &response);
    debug("winbindd result: %d\n", winbindd_result);

    if (winbindd_result == NSS_STATUS_SUCCESS) {
	lc(domain);
	lc(user);
	authok(domain, user);
    } else {
	char error_buf[200];
	snprintf(error_buf, sizeof(error_buf), "Authentication Failure (%s)",
	    response.data.auth.error_string);
	authfail(domain, user, error_buf);
    }
    return;			/* useless */
}
Exemplo n.º 3
0
/* returns NULL on failure, or a pointer to
 * the user's credentials (domain\\username)
 * upon success. WARNING. It's pointing to static storage.
 * In case of problem sets as side-effect ntlm_errno to one of the
 * codes defined in ntlm.h
 */
char *
ntlm_check_auth(ntlm_authenticate * auth, int auth_length)
{
    int rv;
    char pass[MAX_PASSWD_LEN+1];
    char *domain = credentials;
    char *user;
    lstring tmp;

    if (handle == NULL) {	/*if null we aren't connected, but it shouldn't happen */
	debug("Weird, we've been disconnected\n");
	ntlm_errno = NTLM_NOT_CONNECTED;
	return NULL;
    }

/*      debug("fetching domain\n"); */
    tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->domain);
    if (tmp.str == NULL || tmp.l == 0) {
	debug("No domain supplied. Returning no-auth\n");
	ntlm_errno = NTLM_LOGON_ERROR;
	return NULL;
    }
    if (tmp.l > MAX_DOMAIN_LEN) {
	debug("Domain string exceeds %d bytes, rejecting\n", MAX_DOMAIN_LEN);
	ntlm_errno = NTLM_LOGON_ERROR;
	return NULL;
    }
    memcpy(domain, tmp.str, tmp.l);
    user = domain + tmp.l;
    *user++ = '\0';

/*      debug("fetching user name\n"); */
    tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->user);
    if (tmp.str == NULL || tmp.l == 0) {
	debug("No username supplied. Returning no-auth\n");
	ntlm_errno = NTLM_LOGON_ERROR;
	return NULL;
    }
    if (tmp.l > MAX_USERNAME_LEN) {
	debug("Username string exceeds %d bytes, rejecting\n", MAX_USERNAME_LEN);
	ntlm_errno = NTLM_LOGON_ERROR;
	return NULL;
    }
    memcpy(user, tmp.str, tmp.l);
    *(user + tmp.l) = '\0';

		
    /* Authenticating against the NT response doesn't seem to work... */
    tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->lmresponse);
    if (tmp.str == NULL || tmp.l == 0) {
	fprintf(stderr, "No auth at all. Returning no-auth\n");
	ntlm_errno = NTLM_LOGON_ERROR;
	return NULL;
    }
    if (tmp.l > MAX_PASSWD_LEN) {
	debug("Password string exceeds %d bytes, rejecting\n", MAX_PASSWD_LEN);
	ntlm_errno = NTLM_LOGON_ERROR;
	return NULL;
    }

    memcpy(pass, tmp.str, tmp.l);
    pass[min(MAX_PASSWD_LEN,tmp.l)] = '\0';

#if 1
		debug ("Empty LM pass detection: user: '******', ours:'%s', his: '%s'"
					 "(length: %d)\n",
					 user,lmencoded_empty_pass,tmp.str,tmp.l);
		if (memcmp(tmp.str,lmencoded_empty_pass,ENCODED_PASS_LEN)==0) {
			fprintf(stderr,"Empty LM password supplied for user %s\\%s. "
							"No-auth\n",domain,user);
			ntlm_errno=NTLM_LOGON_ERROR;
			return NULL;
		}
		
		tmp = ntlm_fetch_string ((char *) auth, auth_length, &auth->ntresponse);
		if (tmp.str != NULL && tmp.l != 0) {
			debug ("Empty NT pass detection: user: '******', ours:'%s', his: '%s'"
						 "(length: %d)\n",
						 user,ntencoded_empty_pass,tmp.str,tmp.l);
			if (memcmp(tmp.str,lmencoded_empty_pass,ENCODED_PASS_LEN)==0) {
				fprintf(stderr,"Empty NT password supplied for user %s\\%s. "
								"No-auth\n",domain,user);
				ntlm_errno=NTLM_LOGON_ERROR;
				return NULL;
			}
		}
#endif

		/* TODO: check against empty password!!!!! */
		


    debug("checking domain: '%s', user: '******', pass='******'\n", domain, user, pass);

    rv = SMB_Logon_Server(handle, user, pass, domain, 1);
    debug("Login attempt had result %d\n", rv);

    if (rv != NTV_NO_ERROR) {	/* failed */
	ntlm_errno = rv;
	return NULL;
    }
    *(user - 1) = '\\';		/* hack. Performing, but ugly. */

    debug("credentials: %s\n", credentials);
    return credentials;
}