2 * Copyright (c) 1999, Boris Popov
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by Boris Popov.
16 * 4. Neither the name of the author nor the names of any co-contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * $FreeBSD: src/sys/netncp/ncp_login.c,v 1.2 1999/10/12 10:36:59 bp Exp $
33 * $DragonFly: src/sys/netproto/ncp/ncp_login.c,v 1.8 2006/12/22 23:57:54 swildner Exp $
35 #include <sys/param.h>
36 #include <sys/errno.h>
37 #include <sys/malloc.h>
38 #include <sys/systm.h>
41 #include <sys/socket.h>
51 static int ncp_login_encrypted(struct ncp_conn
*conn
, struct ncp_bindery_object
*object
,
52 unsigned char *key
, unsigned char *passwd
,
53 struct thread
*td
, struct ucred
*cred
);
54 static int ncp_login_unencrypted(struct ncp_conn
*conn
, u_int16_t object_type
,
55 char *object_name
, unsigned char *passwd
,
56 struct thread
*td
, struct ucred
*cred
);
57 static int ncp_sign_start(struct ncp_conn
*conn
, char *logindata
);
58 static int ncp_get_encryption_key(struct ncp_conn
*conn
, char *target
);
61 * Initialize packet signatures. They a slightly modified MD4.
62 * The first 16 bytes of logindata are the shuffled password,
63 * the last 8 bytes the encryption key as received from the server.
66 ncp_sign_start(struct ncp_conn
*conn
, char *logindata
) {
70 memcpy(msg
, logindata
, 24);
71 memcpy(msg
+ 24, "Authorized NetWare Client", 25);
72 bzero(msg
+ 24 + 25, sizeof(msg
) - 24 - 25);
74 conn
->sign_state
[0] = 0x67452301;
75 conn
->sign_state
[1] = 0xefcdab89;
76 conn
->sign_state
[2] = 0x98badcfe;
77 conn
->sign_state
[3] = 0x10325476;
78 ncp_sign(conn
->sign_state
, msg
, state
);
79 conn
->sign_root
[0] = state
[0];
80 conn
->sign_root
[1] = state
[1];
81 conn
->flags
|= NCPFL_SIGNACTIVE
;
86 * target is a 8-byte buffer
89 ncp_get_encryption_key(struct ncp_conn
*conn
, char *target
) {
93 NCP_RQ_HEAD_S(23, 23, conn
->td
, conn
->ucred
);
94 checkbad(ncp_request(conn
,rqp
));
95 if (rqp
->rpsize
< 8) {
96 NCPFATAL("rpsize=%d < 8\n", rqp
->rpsize
);
99 ncp_rp_mem(rqp
, target
, 8);
105 ncp_login_object(struct ncp_conn
*conn
, unsigned char *username
,
106 int login_type
, unsigned char *password
,
107 struct thread
*td
,struct ucred
*cred
)
110 unsigned char ncp_key
[8];
111 struct ncp_bindery_object user
;
113 if ((error
= ncp_get_encryption_key(conn
, ncp_key
)) != 0) {
114 kprintf("%s: Warning: use unencrypted login\n", __func__
);
115 return ncp_login_unencrypted(conn
, login_type
, username
, password
,td
,cred
);
117 if ((error
= ncp_get_bindery_object_id(conn
, login_type
, username
, &user
,td
,cred
)) != 0) {
120 error
= ncp_login_encrypted(conn
, &user
, ncp_key
, password
,td
,cred
);
125 ncp_login_encrypted(struct ncp_conn
*conn
, struct ncp_bindery_object
*object
,
126 unsigned char *key
, unsigned char *passwd
,
127 struct thread
*td
,struct ucred
*cred
) {
128 u_int32_t tmpID
= htonl(object
->object_id
);
134 nw_keyhash((u_char
*)&tmpID
, passwd
, strlen(passwd
), buf
);
135 nw_encrypt(key
, buf
, encrypted
);
137 NCP_RQ_HEAD_S(23,24,td
,cred
);
138 ncp_rq_mem(rqp
, encrypted
, 8);
139 ncp_rq_word_hl(rqp
, object
->object_type
);
140 ncp_rq_pstring(rqp
, object
->object_name
);
141 error
= ncp_request(conn
, rqp
);
143 if (conn
->flags
& NCPFL_SIGNWANTED
) {
144 if (error
== 0 || error
== NWE_PASSWORD_EXPIRED
) {
145 memcpy(buf
+ 16, key
, 8);
146 error
= ncp_sign_start(conn
, buf
);
153 ncp_login_unencrypted(struct ncp_conn
*conn
, u_int16_t object_type
,
154 char *object_name
, unsigned char *passwd
,
155 struct thread
*td
, struct ucred
*cred
)
160 NCP_RQ_HEAD_S(23, 20, conn
->td
, conn
->ucred
);
161 ncp_rq_word_hl(rqp
, object_type
);
162 ncp_rq_pstring(rqp
, object_name
);
163 ncp_rq_pstring(rqp
, passwd
);
164 error
= ncp_request(conn
,rqp
);
170 * Login to specified server with username and password.
171 * conn should be locked.
174 ncp_login(struct ncp_conn
*conn
, const char *user
, int objtype
,
175 const char *password
, struct thread
*td
, struct ucred
*cred
)
179 if (ncp_suser(cred
) != 0 && cred
->cr_uid
!= conn
->nc_owner
->cr_uid
)
181 if (conn
->flags
& NCPFL_LOGGED
) return EALREADY
;
182 if ((conn
->flags
& NCPFL_ATTACHED
) == 0) return ENOTCONN
;
183 conn
->li
.user
= ncp_str_dup(user
);
184 conn
->li
.password
= ncp_str_dup(password
);
185 if (conn
->li
.user
== NULL
|| conn
->li
.password
== NULL
) {
189 ncp_str_upper(conn
->li
.user
);
190 if ((conn
->li
.opt
& NCP_OPT_NOUPCASEPASS
) == 0)
191 ncp_str_upper(conn
->li
.password
);
192 checkbad(ncp_login_object(conn
, conn
->li
.user
, objtype
, conn
->li
.password
,td
,cred
));
193 conn
->li
.objtype
= objtype
;
194 conn
->flags
|= NCPFL_LOGGED
;
197 if (conn
->li
.user
) kfree(conn
->li
.user
, M_NCPDATA
);
198 if (conn
->li
.password
) kfree(conn
->li
.password
, M_NCPDATA
);
199 conn
->li
.user
= conn
->li
.password
= NULL
;