source3/auth/auth_compat.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Password and authentication handling
   4    Copyright (C) Andrew Bartlett         2001-2002
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 2 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program; if not, write to the Free Software
  18    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  19 */
  20
  21 #include "includes.h"
  22
  23 /****************************************************************************
  24  COMPATIBILITY INTERFACES:
  25  ***************************************************************************/
  26
  27 /****************************************************************************
  28 check if a username/password is OK assuming the password is a 24 byte
  29 SMB hash
  30 return True if the password is correct, False otherwise
  31 ****************************************************************************/
  32
  33 NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_password, auth_serversupplied_info **server_info)
  34 {
  35         struct auth_context *plaintext_auth_context = NULL;
  36         auth_usersupplied_info *user_info = NULL;
  37         const uint8 *chal;
  38         NTSTATUS nt_status;
  39         if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&plaintext_auth_context))) {
  40                 return nt_status;
  41         }
  42
  43         chal = plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context);
  44
  45         if (!make_user_info_for_reply(&user_info,
  46                                       smb_name, lp_workgroup(), chal,
  47                                       plaintext_password)) {
  48                 return NT_STATUS_NO_MEMORY;
  49         }
  50
  51         nt_status = plaintext_auth_context->check_ntlm_password(plaintext_auth_context,
  52                                                                 user_info, server_info);
  53
  54         (plaintext_auth_context->free)(&plaintext_auth_context);
  55         free_user_info(&user_info);
  56         return nt_status;
  57 }
  58
  59 static NTSTATUS pass_check_smb(const char *smb_name,
  60                                const char *domain,
  61                                DATA_BLOB lm_pwd,
  62                                DATA_BLOB nt_pwd,
  63                                DATA_BLOB plaintext_password,
  64                                BOOL encrypted)
  65
  66 {
  67         NTSTATUS nt_status;
  68         extern struct auth_context *negprot_global_auth_context;
  69         auth_serversupplied_info *server_info = NULL;
  70         if (encrypted) {
  71                 auth_usersupplied_info *user_info = NULL;
  72                 make_user_info_for_reply_enc(&user_info, smb_name,
  73                                              domain,
  74                                              lm_pwd,
  75                                              nt_pwd);
  76                 nt_status = negprot_global_auth_context->check_ntlm_password(negprot_global_auth_context,
  77                                                                              user_info, &server_info);
  78                 free_user_info(&user_info);
  79         } else {
  80                 nt_status = check_plaintext_password(smb_name, plaintext_password, &server_info);
  81         }
  82         free_server_info(&server_info);
  83         return nt_status;
  84 }
  85
  86 /****************************************************************************
  87 check if a username/password pair is ok via the auth subsystem.
  88 return True if the password is correct, False otherwise
  89 ****************************************************************************/
  90 BOOL password_ok(char *smb_name, DATA_BLOB password_blob)
  91 {
  92
  93         DATA_BLOB null_password = data_blob(NULL, 0);
  94         extern BOOL global_encrypted_passwords_negotiated;
  95         BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24);
  96
  97         if (encrypted) {
  98                 /*
  99                  * The password could be either NTLM or plain LM.  Try NTLM first,
 100                  * but fall-through as required.
 101                  * NTLMv2 makes no sense here.
 102                  */
 103                 if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) {
 104                         return True;
 105                 }
 106
 107                 if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), password_blob, null_password, null_password, encrypted))) {
 108                         return True;
 109                 }
 110         } else {
 111                 if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, null_password, password_blob, encrypted))) {
 112                         return True;
 113                 }
 114         }
 115
 116         return False;
 117 }
 118
 119