source3/auth/auth_compat.c

   1 /*
   2    Unix SMB/Netbios implementation.
   3    Version 3.0.
   4    Password and authentication handling
   5    Copyright (C) Andrew Bartlett         2001-2002
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 2 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program; if not, write to the Free Software
  19    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  20 */
  21
  22 #include "includes.h"
  23
  24 /****************************************************************************
  25  COMPATABILITY INTERFACES:
  26  ***************************************************************************/
  27
  28 /****************************************************************************
  29 check if a username/password is OK assuming the password is a 24 byte
  30 SMB hash
  31 return True if the password is correct, False otherwise
  32 ****************************************************************************/
  33
  34 NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_password, auth_serversupplied_info **server_info)
  35 {
  36         struct auth_context *plaintext_auth_context = NULL;
  37         auth_usersupplied_info *user_info = NULL;
  38         const uint8 *chal;
  39         NTSTATUS nt_status;
  40         if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&plaintext_auth_context))) {
  41                 return nt_status;
  42         }
  43
  44         chal = plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context);
  45
  46         if (!make_user_info_for_reply(&user_info,
  47                                       smb_name, lp_workgroup(), chal,
  48                                       plaintext_password)) {
  49                 return NT_STATUS_NO_MEMORY;
  50         }
  51
  52         nt_status = plaintext_auth_context->check_ntlm_password(plaintext_auth_context,
  53                                                                 user_info, server_info);
  54
  55         (plaintext_auth_context->free)(&plaintext_auth_context);
  56         free_user_info(&user_info);
  57         return nt_status;
  58 }
  59
  60 static NTSTATUS pass_check_smb(const char *smb_name,
  61                                const char *domain,
  62                                DATA_BLOB lm_pwd,
  63                                DATA_BLOB nt_pwd,
  64                                DATA_BLOB plaintext_password,
  65                                BOOL encrypted)
  66
  67 {
  68         NTSTATUS nt_status;
  69         extern struct auth_context *negprot_global_auth_context;
  70         auth_serversupplied_info *server_info = NULL;
  71         if (encrypted) {
  72                 auth_usersupplied_info *user_info = NULL;
  73                 make_user_info_for_reply_enc(&user_info, smb_name,
  74                                              domain,
  75                                              lm_pwd,
  76                                              nt_pwd);
  77                 nt_status = negprot_global_auth_context->check_ntlm_password(negprot_global_auth_context,
  78                                                                              user_info, &server_info);
  79                 free_user_info(&user_info);
  80         } else {
  81                 nt_status = check_plaintext_password(smb_name, plaintext_password, &server_info);
  82         }
  83         free_server_info(&server_info);
  84         return nt_status;
  85 }
  86
  87 /****************************************************************************
  88 check if a username/password pair is ok via the auth subsystem.
  89 return True if the password is correct, False otherwise
  90 ****************************************************************************/
  91 BOOL password_ok(char *smb_name, DATA_BLOB password_blob)
  92 {
  93
  94         DATA_BLOB null_password = data_blob(NULL, 0);
  95         extern BOOL global_encrypted_passwords_negotiated;
  96         BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24);
  97
  98         if (encrypted) {
  99                 /*
 100                  * The password could be either NTLM or plain LM.  Try NTLM first,
 101                  * but fall-through as required.
 102                  * NTLMv2 makes no sense here.
 103                  */
 104                 if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) {
 105                         return True;
 106                 }
 107
 108                 if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), password_blob, null_password, null_password, encrypted))) {
 109                         return True;
 110                 }
 111         } else {
 112                 if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, null_password, password_blob, encrypted))) {
 113                         return True;
 114                 }
 115         }
 116
 117         return False;
 118 }
 119
 120