2002-01-05 04:55:41 +00:00
/*
Unix SMB / Netbios implementation .
Version 3.0 .
Password and authentication handling
Copyright ( C ) Andrew Bartlett 2001 - 2002
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
/****************************************************************************
COMPATABILITY INTERFACES :
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
/****************************************************************************
check if a username / password is OK assuming the password is a 24 byte
SMB hash
return True if the password is correct , False otherwise
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS pass_check_smb ( char * smb_name ,
char * domain ,
DATA_BLOB lm_pwd ,
DATA_BLOB nt_pwd ,
DATA_BLOB plaintext_password ,
BOOL encrypted )
{
NTSTATUS nt_status ;
auth_usersupplied_info * user_info = NULL ;
extern struct auth_context * negprot_global_auth_context ;
auth_serversupplied_info * server_info = NULL ;
if ( encrypted ) {
make_user_info_for_reply_enc ( & user_info , smb_name ,
domain ,
lm_pwd ,
nt_pwd ) ;
nt_status = negprot_global_auth_context - > check_ntlm_password ( negprot_global_auth_context ,
user_info , & server_info ) ;
} else {
struct auth_context * plaintext_auth_context = NULL ;
const uint8 * chal ;
if ( ! NT_STATUS_IS_OK ( nt_status = make_auth_context_subsystem ( & plaintext_auth_context ) ) ) {
return nt_status ;
}
chal = plaintext_auth_context - > get_ntlm_challenge ( plaintext_auth_context ) ;
if ( ! make_user_info_for_reply ( & user_info ,
smb_name , domain , chal ,
plaintext_password ) ) {
return NT_STATUS_NO_MEMORY ;
}
nt_status = plaintext_auth_context - > check_ntlm_password ( plaintext_auth_context ,
user_info , & server_info ) ;
2002-01-09 07:52:51 +00:00
( plaintext_auth_context - > free ) ( & plaintext_auth_context ) ;
2002-01-05 04:55:41 +00:00
}
free_user_info ( & user_info ) ;
free_server_info ( & server_info ) ;
return nt_status ;
}
/****************************************************************************
check if a username / password pair is ok via the auth subsystem .
return True if the password is correct , False otherwise
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
BOOL password_ok ( char * smb_name , DATA_BLOB password_blob )
{
DATA_BLOB null_password = data_blob ( NULL , 0 ) ;
extern BOOL global_encrypted_passwords_negotiated ;
BOOL encrypted = ( global_encrypted_passwords_negotiated & & password_blob . length = = 24 ) ;
if ( encrypted ) {
/*
* The password could be either NTLM or plain LM . Try NTLM first ,
* but fall - through as required .
* NTLMv2 makes no sense here .
*/
if ( NT_STATUS_IS_OK ( pass_check_smb ( smb_name , lp_workgroup ( ) , null_password , password_blob , null_password , encrypted ) ) ) {
return True ;
}
if ( NT_STATUS_IS_OK ( pass_check_smb ( smb_name , lp_workgroup ( ) , password_blob , null_password , null_password , encrypted ) ) ) {
return True ;
}
} else {
if ( NT_STATUS_IS_OK ( pass_check_smb ( smb_name , lp_workgroup ( ) , null_password , null_password , password_blob , encrypted ) ) ) {
return True ;
}
}
return False ;
}