2 Unix SMB/Netbios implementation.
4 Password and authentication handling
5 Copyright (C) Andrew Tridgell 1992-2000
6 Copyright (C) Luke Kenneth Casson Leighton 1996-2000
7 Copyright (C) Andrew Bartlett 2001
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 extern int DEBUGLEVEL;
28 /****************************************************************************
29 core of smb password checking routine.
30 ****************************************************************************/
31 static BOOL smb_pwd_check_ntlmv1(const uchar *password,
32 const uchar *part_passwd,
34 uchar user_sess_key[16])
36 /* Finish the encryption of part_passwd. */
39 if (part_passwd == NULL) {
40 DEBUG(10,("No password set - DISALLOWING access\n"));
41 /* No password set - always false ! */
45 SMBOWFencrypt(part_passwd, c8, p24);
46 if (user_sess_key != NULL)
48 SMBsesskeygen_ntv1(part_passwd, NULL, user_sess_key);
54 DEBUG(100,("Part password (P16) was |"));
55 dump_data(100, part_passwd, 16);
56 DEBUG(100,("Password from client was |"));
57 dump_data(100, password, 24);
58 DEBUG(100,("Given challenge was |"));
59 dump_data(100, c8, 8);
60 DEBUG(100,("Value from encryption was |"));
61 dump_data(100, p24, 24);
63 return (memcmp(p24, password, 24) == 0);
66 /****************************************************************************
67 core of smb password checking routine.
68 ****************************************************************************/
69 static BOOL smb_pwd_check_ntlmv2(const uchar *password, size_t pwd_len,
72 const char *user, const char *domain,
75 /* Finish the encryption of part_passwd. */
79 if (part_passwd == NULL)
81 DEBUG(10,("No password set - DISALLOWING access\n"));
82 /* No password set - always False */
86 ntv2_owf_gen(part_passwd, user, domain, kr);
87 SMBOWFencrypt_ntv2(kr, c8, 8, password+16, pwd_len-16, resp);
88 if (user_sess_key != NULL)
90 SMBsesskeygen_ntv2(kr, resp, user_sess_key);
94 DEBUG(100,("Part password (P16) was |"));
95 dump_data(100, part_passwd, 16);
96 DEBUG(100,("Password from client was |"));
97 dump_data(100, password, pwd_len);
98 DEBUG(100,("Given challenge was |"));
99 dump_data(100, c8, 8);
100 DEBUG(100,("Value from encryption was |"));
101 dump_data(100, resp, 16);
104 return (memcmp(resp, password, 16) == 0);
108 /****************************************************************************
109 Do a specific test for an smb password being correct, given a smb_password and
110 the lanman and NT responses.
111 ****************************************************************************/
112 uint32 smb_password_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
114 uint8 *nt_pw, *lm_pw;
116 /* Quit if the account was disabled. */
117 if(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
118 DEBUG(1,("Account for user '%s' was disabled.\n", user_info->smb_username.str));
119 return(NT_STATUS_ACCOUNT_DISABLED);
122 if (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ)
124 if (lp_null_passwords())
126 DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", user_info->smb_username.str));
127 return(NT_STATUS_NOPROBLEMO);
131 DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", user_info->smb_username.str));
132 return(NT_STATUS_LOGON_FAILURE);
136 if (!user_info || !sampass)
137 return(NT_STATUS_LOGON_FAILURE);
139 DEBUG(4,("smb_password_ok: Checking SMB password for user %s\n",user_info->smb_username.str));
141 nt_pw = pdb_get_nt_passwd(sampass);
144 if ((user_info->nt_resp.len > 24 )) {
145 /* We have the NT MD4 hash challenge available - see if we can
146 use it (ie. does it exist in the smbpasswd file).
148 DEBUG(4,("smb_password_ok: Checking NTLMv2 password\n"));
149 if (smb_pwd_check_ntlmv2( user_info->nt_resp.buffer,
150 user_info->nt_resp.len,
152 user_info->chal, user_info->requested_username.str,
153 user_info->requested_domain.str,
154 server_info->session_key))
156 return NT_STATUS_NOPROBLEMO;
158 DEBUG(4,("smb_password_ok: NT MD4 password check failed\n"));
160 } else if (lp_ntlm_auth() && (user_info->nt_resp.len == 24 )) {
161 /* We have the NT MD4 hash challenge available - see if we can
162 use it (ie. does it exist in the smbpasswd file).
164 DEBUG(4,("smb_password_ok: Checking NT MD4 password\n"));
165 if (smb_pwd_check_ntlmv1(user_info->nt_resp.buffer,
166 nt_pw, user_info->chal,
167 server_info->session_key)) {
168 DEBUG(4,("smb_password_ok: NT MD4 password check succeeded\n"));
169 return NT_STATUS_NOPROBLEMO;
171 DEBUG(4,("smb_password_ok: NT MD4 password check failed\n"));
172 return NT_STATUS_WRONG_PASSWORD;
177 lm_pw = pdb_get_lanman_passwd(sampass);
179 if(lp_lanman_auth() && (lm_pw != NULL) && (user_info->lm_resp.len == 24 )) {
180 DEBUG(4,("smb_password_ok: Checking LM password\n"));
181 if (smb_pwd_check_ntlmv1(user_info->lm_resp.buffer,
182 lm_pw, user_info->chal,
183 server_info->session_key)) {
184 DEBUG(4,("smb_password_ok: LM password check succeeded\n"));
185 return NT_STATUS_NOPROBLEMO;
187 DEBUG(4,("smb_password_ok: LM password check failed\n"));
188 return NT_STATUS_WRONG_PASSWORD;
192 return NT_STATUS_LOGON_FAILURE;
196 /****************************************************************************
197 check if a username/password is OK assuming the password is a 24 byte
199 return True if the password is correct, False otherwise
200 ****************************************************************************/
202 uint32 check_smbpasswd_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
204 SAM_ACCOUNT *sampass=NULL;
208 pdb_init_sam(&sampass);
210 /* get the account information */
211 ret = pdb_getsampwnam(sampass, user_info->smb_username.str);
214 DEBUG(1,("Couldn't find user '%s' in passdb file.\n", user_info->smb_username.str));
215 pdb_free_sam(sampass);
216 return(NT_STATUS_NO_SUCH_USER);
219 if ((nt_status = smb_password_ok(sampass, user_info, server_info)) != NT_STATUS_NOPROBLEMO)
221 pdb_free_sam(sampass);
225 pdb_free_sam(sampass);