2002-01-05 07:55:41 +03:00
/*
2002-01-30 09:08:46 +03:00
Unix SMB / CIFS implementation .
2002-01-05 07:55:41 +03:00
Password and authentication handling
Copyright ( C ) Andrew Bartlett 2001 - 2002
2009-01-21 00:04:53 +03:00
2002-01-05 07:55:41 +03:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2002-01-05 07:55:41 +03:00
( at your option ) any later version .
2009-01-21 00:04:53 +03:00
2002-01-05 07:55:41 +03:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2009-01-21 00:04:53 +03:00
2002-01-05 07:55:41 +03:00
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2002-01-05 07:55:41 +03:00
*/
# include "includes.h"
2005-04-06 20:28:04 +04:00
extern struct auth_context * negprot_global_auth_context ;
2007-10-19 04:40:25 +04:00
extern bool global_encrypted_passwords_negotiated ;
2005-04-06 20:28:04 +04:00
2002-07-15 14:35:28 +04:00
# undef DBGC_CLASS
# define DBGC_CLASS DBGC_AUTH
2002-01-05 07:55:41 +03:00
/****************************************************************************
2002-04-08 03:41:55 +04:00
COMPATIBILITY INTERFACES :
2002-01-05 07:55:41 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
/****************************************************************************
check if a username / password is OK assuming the password is a 24 byte
SMB hash
return True if the password is correct , False otherwise
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-01-10 16:24:22 +03:00
NTSTATUS check_plaintext_password ( const char * smb_name ,
DATA_BLOB plaintext_password ,
struct auth_serversupplied_info * * server_info )
2002-01-20 11:58:21 +03:00
{
struct auth_context * plaintext_auth_context = NULL ;
2010-01-10 16:16:04 +03:00
struct auth_usersupplied_info * user_info = NULL ;
2009-02-20 01:41:48 +03:00
uint8_t chal [ 8 ] ;
2002-01-20 11:58:21 +03:00
NTSTATUS nt_status ;
if ( ! NT_STATUS_IS_OK ( nt_status = make_auth_context_subsystem ( & plaintext_auth_context ) ) ) {
return nt_status ;
}
2009-01-21 00:04:53 +03:00
2009-02-20 01:41:48 +03:00
plaintext_auth_context - > get_ntlm_challenge ( plaintext_auth_context ,
chal ) ;
2009-01-21 00:04:53 +03:00
2002-01-20 11:58:21 +03:00
if ( ! make_user_info_for_reply ( & user_info ,
smb_name , lp_workgroup ( ) , chal ,
plaintext_password ) ) {
return NT_STATUS_NO_MEMORY ;
}
2009-01-21 00:04:53 +03:00
2002-01-20 11:58:21 +03:00
nt_status = plaintext_auth_context - > check_ntlm_password ( plaintext_auth_context ,
user_info , server_info ) ;
2009-01-21 00:04:53 +03:00
2002-01-20 11:58:21 +03:00
( plaintext_auth_context - > free ) ( & plaintext_auth_context ) ;
free_user_info ( & user_info ) ;
return nt_status ;
}
2009-05-26 14:48:58 +04:00
static NTSTATUS pass_check_smb ( struct auth_context * actx ,
const char * smb_name ,
2002-01-20 11:58:21 +03:00
const char * domain ,
2002-01-05 07:55:41 +03:00
DATA_BLOB lm_pwd ,
DATA_BLOB nt_pwd ,
DATA_BLOB plaintext_password ,
2007-10-19 04:40:25 +04:00
bool encrypted )
2002-01-05 07:55:41 +03:00
{
NTSTATUS nt_status ;
2010-01-10 16:24:22 +03:00
struct auth_serversupplied_info * server_info = NULL ;
2009-05-26 14:48:58 +04:00
if ( encrypted ) {
2010-01-10 16:16:04 +03:00
struct auth_usersupplied_info * user_info = NULL ;
2009-05-26 14:48:58 +04:00
if ( actx = = NULL ) {
return NT_STATUS_INTERNAL_ERROR ;
}
2002-01-05 07:55:41 +03:00
make_user_info_for_reply_enc ( & user_info , smb_name ,
domain ,
lm_pwd ,
nt_pwd ) ;
2009-05-26 14:48:58 +04:00
nt_status = actx - > check_ntlm_password ( actx , user_info , & server_info ) ;
2002-01-20 11:58:21 +03:00
free_user_info ( & user_info ) ;
2002-01-05 07:55:41 +03:00
} else {
2002-01-20 11:58:21 +03:00
nt_status = check_plaintext_password ( smb_name , plaintext_password , & server_info ) ;
2002-01-05 07:55:41 +03:00
}
2006-02-20 20:59:58 +03:00
TALLOC_FREE ( server_info ) ;
2002-01-05 07:55:41 +03:00
return nt_status ;
}
/****************************************************************************
check if a username / password pair is ok via the auth subsystem .
return True if the password is correct , False otherwise
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-02-03 01:02:42 +03:00
2009-05-26 14:48:58 +04:00
bool password_ok ( struct auth_context * actx , bool global_encrypted ,
2009-05-26 18:38:45 +04:00
const char * session_workgroup ,
2009-05-26 14:48:58 +04:00
const char * smb_name , DATA_BLOB password_blob )
2002-01-05 07:55:41 +03:00
{
2007-05-14 16:16:20 +04:00
DATA_BLOB null_password = data_blob_null ;
2009-05-26 14:48:58 +04:00
bool encrypted = ( global_encrypted & & ( password_blob . length = = 24 | | password_blob . length > 46 ) ) ;
2009-01-21 00:04:53 +03:00
2002-01-05 07:55:41 +03:00
if ( encrypted ) {
/*
* The password could be either NTLM or plain LM . Try NTLM first ,
* but fall - through as required .
2007-02-03 01:02:42 +03:00
* Vista sends NTLMv2 here - we need to try the client given workgroup .
2002-01-05 07:55:41 +03:00
*/
2009-05-26 18:38:45 +04:00
if ( session_workgroup ) {
if ( NT_STATUS_IS_OK ( pass_check_smb ( actx , smb_name , session_workgroup , null_password , password_blob , null_password , encrypted ) ) ) {
2007-02-03 01:02:42 +03:00
return True ;
}
2009-05-26 18:38:45 +04:00
if ( NT_STATUS_IS_OK ( pass_check_smb ( actx , smb_name , session_workgroup , password_blob , null_password , null_password , encrypted ) ) ) {
2007-02-16 16:40:11 +03:00
return True ;
}
2007-02-03 01:02:42 +03:00
}
2009-05-26 14:48:58 +04:00
if ( NT_STATUS_IS_OK ( pass_check_smb ( actx , smb_name , lp_workgroup ( ) , null_password , password_blob , null_password , encrypted ) ) ) {
2002-01-05 07:55:41 +03:00
return True ;
}
2009-01-21 00:04:53 +03:00
2009-05-26 14:48:58 +04:00
if ( NT_STATUS_IS_OK ( pass_check_smb ( actx , smb_name , lp_workgroup ( ) , password_blob , null_password , null_password , encrypted ) ) ) {
2002-01-05 07:55:41 +03:00
return True ;
}
} else {
2009-05-26 14:48:58 +04:00
if ( NT_STATUS_IS_OK ( pass_check_smb ( actx , smb_name , lp_workgroup ( ) , null_password , null_password , password_blob , encrypted ) ) ) {
2002-01-05 07:55:41 +03:00
return True ;
}
}
return False ;
}
