source3/auth/auth_compat.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Password and authentication handling
   4    Copyright (C) Andrew Bartlett         2001-2002
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 2 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program; if not, write to the Free Software
  18    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  19 */
  20
  21 #include "includes.h"
  22
  23 #undef DBGC_CLASS
  24 #define DBGC_CLASS DBGC_AUTH
  25
  26 /****************************************************************************
  27  COMPATIBILITY INTERFACES:
  28  ***************************************************************************/
  29
  30 /****************************************************************************
  31 check if a username/password is OK assuming the password is a 24 byte
  32 SMB hash
  33 return True if the password is correct, False otherwise
  34 ****************************************************************************/
  35
  36 NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_password, auth_serversupplied_info **server_info)
  37 {
  38         struct auth_context *plaintext_auth_context = NULL;
  39         auth_usersupplied_info *user_info = NULL;
  40         const uint8 *chal;
  41         NTSTATUS nt_status;
  42         if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&plaintext_auth_context))) {
  43                 return nt_status;
  44         }
  45
  46         chal = plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context);
  47
  48         if (!make_user_info_for_reply(&user_info,
  49                                       smb_name, lp_workgroup(), chal,
  50                                       plaintext_password)) {
  51                 return NT_STATUS_NO_MEMORY;
  52         }
  53
  54         nt_status = plaintext_auth_context->check_ntlm_password(plaintext_auth_context,
  55                                                                 user_info, server_info);
  56
  57         (plaintext_auth_context->free)(&plaintext_auth_context);
  58         free_user_info(&user_info);
  59         return nt_status;
  60 }
  61
  62 static NTSTATUS pass_check_smb(const char *smb_name,
  63                                const char *domain,
  64                                DATA_BLOB lm_pwd,
  65                                DATA_BLOB nt_pwd,
  66                                DATA_BLOB plaintext_password,
  67                                BOOL encrypted)
  68
  69 {
  70         NTSTATUS nt_status;
  71         extern struct auth_context *negprot_global_auth_context;
  72         auth_serversupplied_info *server_info = NULL;
  73         if (encrypted) {
  74                 auth_usersupplied_info *user_info = NULL;
  75                 make_user_info_for_reply_enc(&user_info, smb_name,
  76                                              domain,
  77                                              lm_pwd,
  78                                              nt_pwd);
  79                 nt_status = negprot_global_auth_context->check_ntlm_password(negprot_global_auth_context,
  80                                                                              user_info, &server_info);
  81                 free_user_info(&user_info);
  82         } else {
  83                 nt_status = check_plaintext_password(smb_name, plaintext_password, &server_info);
  84         }
  85         free_server_info(&server_info);
  86         return nt_status;
  87 }
  88
  89 /****************************************************************************
  90 check if a username/password pair is ok via the auth subsystem.
  91 return True if the password is correct, False otherwise
  92 ****************************************************************************/
  93 BOOL password_ok(char *smb_name, DATA_BLOB password_blob)
  94 {
  95
  96         DATA_BLOB null_password = data_blob(NULL, 0);
  97         extern BOOL global_encrypted_passwords_negotiated;
  98         BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24);
  99
 100         if (encrypted) {
 101                 /*
 102                  * The password could be either NTLM or plain LM.  Try NTLM first,
 103                  * but fall-through as required.
 104                  * NTLMv2 makes no sense here.
 105                  */
 106                 if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) {
 107                         return True;
 108                 }
 109
 110                 if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), password_blob, null_password, null_password, encrypted))) {
 111                         return True;
 112                 }
 113         } else {
 114                 if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, null_password, password_blob, encrypted))) {
 115                         return True;
 116                 }
 117         }
 118
 119         return False;
 120 }
 121
 122