示例#1
0
文件: auth_sam.c 项目: AllardJ/Tomato
static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
				TALLOC_CTX *mem_ctx,
				struct samu *sampass, 
				const auth_usersupplied_info *user_info, 
				DATA_BLOB *user_sess_key, 
				DATA_BLOB *lm_sess_key)
{
	uint32 acct_ctrl;
	const uint8 *lm_pw, *nt_pw;
	const char *username = pdb_get_username(sampass);

	acct_ctrl = pdb_get_acct_ctrl(sampass);
	if (acct_ctrl & ACB_PWNOTREQ) {
		if (lp_null_passwords()) {
			DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", username));
			return NT_STATUS_OK;
		} else {
			DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", username));
			return NT_STATUS_LOGON_FAILURE;
		}		
	}

	lm_pw = pdb_get_lanman_passwd(sampass);
	nt_pw = pdb_get_nt_passwd(sampass);

	return ntlm_password_check(mem_ctx, &auth_context->challenge, 
				   &user_info->lm_resp, &user_info->nt_resp, 
				   &user_info->lm_interactive_pwd, &user_info->nt_interactive_pwd,
				   username, 
				   user_info->smb_name,
				   user_info->client_domain,
				   lm_pw, nt_pw, user_sess_key, lm_sess_key);
}
示例#2
0
/****************************************************************************
check if a username/password is OK
****************************************************************************/
BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
{
  pstring pass2;
  int level = lp_passwordlevel();
  struct passwd *pass;
  char challenge[8];
  BOOL update_encrypted = lp_update_encrypted();
  struct smb_passwd *smb_pass;
  BOOL challenge_done = False;

  if (password) password[pwlen] = 0;

  if (pwlen == 24)
    challenge_done = last_challenge(challenge);

#if DEBUG_PASSWORD
  if (challenge_done)
    {
      int i;      
      DEBUG(100,("checking user=[%s] pass=[",user));
      for( i = 0; i < 24; i++)
	DEBUG(100,("%0x ", (unsigned char)password[i]));
      DEBUG(100,("]\n"));
    } else {
	    DEBUG(100,("checking user=[%s] pass=[%s]\n",user,password));
    }
#endif

  if (!password)
    return(False);

  if (((!*password) || (!pwlen)) && !lp_null_passwords())
    return(False);

  if (pwd && !user) 
    {
      pass = (struct passwd *) pwd;
      user = pass->pw_name;
    } 
  else 
    pass = Get_Pwnam(user,True);

  DEBUG(4,("SMB Password - pwlen = %d, challenge_done = %d\n", pwlen, challenge_done));

  if ((pwlen == 24) && challenge_done)
  {
    DEBUG(4,("Checking SMB password for user %s (l=24)\n",user));

    if (!pass) 
    {
      DEBUG(3,("Couldn't find user %s\n",user));
      return(False);
    }

    /* non-null username indicates search by username not smb userid */
    smb_pass = get_smbpwd_entry(user, 0);
    if (!smb_pass)
    {
      DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user));
      return(False);
    }

    if(smb_pass->acct_ctrl & ACB_DISABLED)
    {
      DEBUG(3,("password_ok: account for user %s was disabled.\n", user));
          return(False);
    }

      /* Ensure the uid's match */
    if (smb_pass->smb_userid != pass->pw_uid)
    {
      DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n"));
      return(False);
    }

    if (Protocol >= PROTOCOL_NT1)
    {
      /* We have the NT MD4 hash challenge available - see if we can
         use it (ie. does it exist in the smbpasswd file).
       */
      if (smb_pass->smb_nt_passwd != NULL)
      {
        DEBUG(4,("Checking NT MD4 password\n"));
        if (smb_password_check(password, 
                               smb_pass->smb_nt_passwd, 
                               (unsigned char *)challenge))
        {
          update_protected_database(user,True);
          return(True);
        }
        DEBUG(4,("NT MD4 password check failed\n"));
      }
    }

    /* Try against the lanman password */
    if((smb_pass->smb_passwd == NULL) && (smb_pass->acct_ctrl & ACB_PWNOTREQ ))
    {
      /* No password. */
      DEBUG(1,("password_ok: User %s has NO PASSWORD !\n", user));
      update_protected_database(user,True);
      return(True);
    }

    if ((smb_pass->smb_passwd != NULL) && 
        smb_password_check(password, smb_pass->smb_passwd,
                           (unsigned char *)challenge))
    {
      update_protected_database(user,True);
      return(True);
    }

    DEBUG(3,("Error smb_password_check failed\n"));
  }

  DEBUG(4,("Checking password for user %s (l=%d)\n",user,pwlen));

  if (!pass) 
    {
      DEBUG(3,("Couldn't find user %s\n",user));
      return(False);
    }

#ifdef SHADOW_PWD
  {
    struct spwd *spass;

    /* many shadow systems require you to be root to get the password,
       in most cases this should already be the case when this
       function is called, except perhaps for IPC password changing
       requests */

    spass = getspnam(pass->pw_name);
    if (spass && spass->sp_pwdp)
      pass->pw_passwd = spass->sp_pwdp;
  }
#elif defined(IA_UINFO)
  {
      /* Need to get password with SVR4.2's ia_ functions instead of
         get{sp,pw}ent functions. Required by UnixWare 2.x, tested on 
         version 2.1. ([email protected]) */
      uinfo_t uinfo;
      if (ia_openinfo(pass->pw_name, &uinfo) != -1)
        ia_get_logpwd(uinfo, &(pass->pw_passwd));
  }
#endif

#ifdef SecureWare
  {
    struct pr_passwd *pr_pw = getprpwnam(pass->pw_name);
    if (pr_pw && pr_pw->ufld.fd_encrypt)
      pass->pw_passwd = pr_pw->ufld.fd_encrypt;
  }
#endif

#ifdef HPUX_10_TRUSTED
  {
    struct pr_passwd *pr_pw = getprpwnam(pass->pw_name);
    if (pr_pw && pr_pw->ufld.fd_encrypt)
      pass->pw_passwd = pr_pw->ufld.fd_encrypt;
  }
#endif

#ifdef OSF1_ENH_SEC
  {
    struct pr_passwd *mypasswd;
    DEBUG(5,("Checking password for user %s in OSF1_ENH_SEC\n",user));
    mypasswd = getprpwnam (user);
    if ( mypasswd )
      { 
  	pstrcpy(pass->pw_name,mypasswd->ufld.fd_name);
  	pstrcpy(pass->pw_passwd,mypasswd->ufld.fd_encrypt);
      }
    else
      {
	DEBUG(5,("No entry for user %s in protected database !\n",user));
	return(False);
      }
  }
#endif

#ifdef ULTRIX_AUTH
  {
    AUTHORIZATION *ap = getauthuid( pass->pw_uid );
    if (ap)
      {
	pstrcpy( pass->pw_passwd, ap->a_password );
	endauthent();
      }
  }
#endif

  /* extract relevant info */
  fstrcpy(this_user,pass->pw_name);  
  fstrcpy(this_salt,pass->pw_passwd);
#ifdef HPUX
  /* The crypt on HPUX won't work with more than 2 salt characters. */
  this_salt[2] = 0;
#endif /* HPUX */
  fstrcpy(this_crypted,pass->pw_passwd);
 
  if (!*this_crypted) {
    if (!lp_null_passwords()) {
      DEBUG(2,("Disallowing access to %s due to null password\n",this_user));
      return(False);
    }
#ifndef PWDAUTH
    if (!*password) {
      DEBUG(3,("Allowing access to %s with null password\n",this_user));
      return(True);
    }
#endif    
  }

  /* try it as it came to us */
  if (password_check(password))
    {
      update_protected_database(user,True);
      if (pass && update_encrypted)
        update_smbpassword_file(pass,password);
      return(True);
    }

  /* if the password was given to us with mixed case then we don't
     need to proceed as we know it hasn't been case modified by the
     client */
  if (strhasupper(password) && strhaslower(password))
    return(False);

  /* make a copy of it */
  StrnCpy(pass2,password,sizeof(pstring)-1);
  
  /* try all lowercase */
  strlower(password);
  if (password_check(password))
    {
      update_protected_database(user,True);
      if (pass && update_encrypted)
        update_smbpassword_file(pass,password);
      return(True);
    }

  /* give up? */
  if (level < 1)
    {
      update_protected_database(user,False);

      /* restore it */
      pstrcpy(password,pass2);

      return(False);
    }

  /* last chance - all combinations of up to level chars upper! */
  strlower(password);

  if (string_combinations(password,password_check,level))
    {
      update_protected_database(user,True);
      if (pass && update_encrypted)
        update_smbpassword_file(pass,password);
      return(True);
    }

  update_protected_database(user,False);
  
  /* restore it */
  pstrcpy(password,pass2);
  
  return(False);
}
示例#3
0
static NTSTATUS sam_password_ok(TALLOC_CTX *mem_ctx,
				const char *username,
				uint32_t acct_ctrl,
				const DATA_BLOB *challenge,
				const uint8_t *lm_pw,
				const uint8_t *nt_pw,
				const struct auth_usersupplied_info *user_info,
				DATA_BLOB *user_sess_key,
				DATA_BLOB *lm_sess_key)
{
	NTSTATUS status;
	struct samr_Password _lm_hash, _nt_hash;
	struct samr_Password *lm_hash = NULL;
	struct samr_Password *nt_hash = NULL;

	*user_sess_key = data_blob_null;
	*lm_sess_key = data_blob_null;

	if (acct_ctrl & ACB_PWNOTREQ) {
		if (lp_null_passwords()) {
			DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", username));
			return NT_STATUS_OK;
		} else {
			DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", username));
			return NT_STATUS_LOGON_FAILURE;
		}
	}

	if (lm_pw) {
		memcpy(_lm_hash.hash, lm_pw, sizeof(_lm_hash.hash));
		lm_hash = &_lm_hash;
	}
	if (nt_pw) {
		memcpy(_nt_hash.hash, nt_pw, sizeof(_nt_hash.hash));
		nt_hash = &_nt_hash;
	}
	switch (user_info->password_state) {
	case AUTH_PASSWORD_HASH:
		status = hash_password_check(mem_ctx, lp_lanman_auth(),
					     user_info->password.hash.lanman,
					     user_info->password.hash.nt,
					     username,
					     lm_hash,
					     nt_hash);
		if (NT_STATUS_IS_OK(status)) {
			if (nt_pw) {
				*user_sess_key = data_blob_talloc(mem_ctx, NULL, 16);
				if (!user_sess_key->data) {
					return NT_STATUS_NO_MEMORY;
				}
				SMBsesskeygen_ntv1(nt_pw, user_sess_key->data);
			}
		}
		return status;

	/* Eventually we should test plaintext passwords in their own
	 * function, not assuming the caller has done a
	 * mapping */
	case AUTH_PASSWORD_PLAIN:
	case AUTH_PASSWORD_RESPONSE:
		return ntlm_password_check(mem_ctx, lp_lanman_auth(),
					   lp_ntlm_auth(),
					   user_info->logon_parameters,
					   challenge,
					   &user_info->password.response.lanman, &user_info->password.response.nt,
					   username,
					   user_info->client.account_name,
					   user_info->client.domain_name,
					   lm_hash,
					   nt_hash,
					   user_sess_key, lm_sess_key);
	default:
		DEBUG(0,("user_info constructed for user '%s' was invalid - password_state=%u invalid.\n", username, user_info->password_state));
		return NT_STATUS_INTERNAL_ERROR;
	}
}
示例#4
0
文件: pass_check.c 项目: hajuuk/R7000
NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *password, 
		    int pwlen, BOOL (*fn) (const char *, const char *), BOOL run_cracker)
{
	pstring pass2;
	int level = lp_passwordlevel();

	NTSTATUS nt_status;

#ifdef DEBUG_PASSWORD
	DEBUG(100, ("checking user=[%s] pass=[%s]\n", user, password));
#endif

	if (!password)
		return NT_STATUS_LOGON_FAILURE;

	if (((!*password) || (!pwlen)) && !lp_null_passwords())
		return NT_STATUS_LOGON_FAILURE;

#if defined(WITH_PAM) 

	/*
	 * If we're using PAM we want to short-circuit all the 
	 * checks below and dive straight into the PAM code.
	 */

	fstrcpy(this_user, user);

	DEBUG(4, ("pass_check: Checking (PAM) password for user %s (l=%d)\n", user, pwlen));

#else /* Not using PAM */

	DEBUG(4, ("pass_check: Checking password for user %s (l=%d)\n", user, pwlen));

	if (!pass) {
		DEBUG(3, ("Couldn't find user %s\n", user));
		return NT_STATUS_NO_SUCH_USER;
	}


	/* Copy into global for the convenience of looping code */
	/* Also the place to keep the 'password' no matter what
	   crazy struct it started in... */
	fstrcpy(this_crypted, pass->pw_passwd);
	fstrcpy(this_salt, pass->pw_passwd);

#ifdef HAVE_GETSPNAM
	{
		struct spwd *spass;

		/* many shadow systems require you to be root to get
		   the password, in most cases this should already be
		   the case when this function is called, except
		   perhaps for IPC password changing requests */

		spass = getspnam(pass->pw_name);
		if (spass && spass->sp_pwdp) {
			fstrcpy(this_crypted, spass->sp_pwdp);
			fstrcpy(this_salt, spass->sp_pwdp);
		}
	}
#elif defined(IA_UINFO)
	{
		/* Need to get password with SVR4.2's ia_ functions
		   instead of get{sp,pw}ent functions. Required by
		   UnixWare 2.x, tested on version
		   2.1. ([email protected]) */
		uinfo_t uinfo;
		if (ia_openinfo(pass->pw_name, &uinfo) != -1)
			ia_get_logpwd(uinfo, &(pass->pw_passwd));
	}
#endif

#ifdef HAVE_GETPRPWNAM
	{
		struct pr_passwd *pr_pw = getprpwnam(pass->pw_name);
		if (pr_pw && pr_pw->ufld.fd_encrypt)
			fstrcpy(this_crypted, pr_pw->ufld.fd_encrypt);
	}
#endif

#ifdef HAVE_GETPWANAM
	{
		struct passwd_adjunct *pwret;
		pwret = getpwanam(s);
		if (pwret && pwret->pwa_passwd)
			fstrcpy(this_crypted, pwret->pwa_passwd);
	}
#endif

#ifdef OSF1_ENH_SEC
	{
		struct pr_passwd *mypasswd;
		DEBUG(5, ("Checking password for user %s in OSF1_ENH_SEC\n",
			  user));
		mypasswd = getprpwnam(user);
		if (mypasswd) {
			fstrcpy(this_user, mypasswd->ufld.fd_name);
			fstrcpy(this_crypted, mypasswd->ufld.fd_encrypt);
		} else {
			DEBUG(5,
			      ("OSF1_ENH_SEC: No entry for user %s in protected database !\n",
			       user));
		}
	}
#endif

#ifdef ULTRIX_AUTH
	{
		AUTHORIZATION *ap = getauthuid(pass->pw_uid);
		if (ap) {
			fstrcpy(this_crypted, ap->a_password);
			endauthent();
		}
	}
#endif

#if defined(HAVE_TRUNCATED_SALT)
	/* crypt on some platforms (HPUX in particular)
	   won't work with more than 2 salt characters. */
	this_salt[2] = 0;
#endif

	if (!*this_crypted) {
		if (!lp_null_passwords()) {
			DEBUG(2, ("Disallowing %s with null password\n",
				  this_user));
			return NT_STATUS_LOGON_FAILURE;
		}
		if (!*password) {
			DEBUG(3,
			      ("Allowing access to %s with null password\n",
			       this_user));
			return NT_STATUS_OK;
		}
	}

#endif /* defined(WITH_PAM) */

	/* try it as it came to us */
	nt_status = password_check(password);
        if NT_STATUS_IS_OK(nt_status) {
                if (fn) {
                        fn(user, password);
		}
		return (nt_status);
	} else if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) {