source3/smbd/auth_smbpasswd.c

   1 /*
   2    Unix SMB/Netbios implementation.
   3    Version 1.9.
   4    Password and authentication handling
   5    Copyright (C) Andrew Tridgell              1992-2000
   6    Copyright (C) Luke Kenneth Casson Leighton 1996-2000
   7    Copyright (C) Andrew Bartlett              2001
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 2 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program; if not, write to the Free Software
  21    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  22 */
  23
  24 #include "includes.h"
  25
  26 extern int DEBUGLEVEL;
  27
  28 /****************************************************************************
  29 core of smb password checking routine.
  30 ****************************************************************************/
  31 static BOOL smb_pwd_check_ntlmv1(const uchar *password,
  32                                 const uchar *part_passwd,
  33                                 const uchar *c8,
  34                                 uchar user_sess_key[16])
  35 {
  36   /* Finish the encryption of part_passwd. */
  37   uchar p24[24];
  38
  39   if (part_passwd == NULL) {
  40           DEBUG(10,("No password set - DISALLOWING access\n"));
  41           /* No password set - always false ! */
  42           return False;
  43   }
  44
  45   SMBOWFencrypt(part_passwd, c8, p24);
  46         if (user_sess_key != NULL)
  47         {
  48                 SMBsesskeygen_ntv1(part_passwd, NULL, (char *)user_sess_key);
  49         }
  50
  51
  52
  53 #if DEBUG_PASSWORD
  54         DEBUG(100,("Part password (P16) was |"));
  55         dump_data(100, part_passwd, 16);
  56         DEBUG(100,("Password from client was |"));
  57         dump_data(100, password, 24);
  58         DEBUG(100,("Given challenge was |"));
  59         dump_data(100, c8, 8);
  60         DEBUG(100,("Value from encryption was |"));
  61         dump_data(100, p24, 24);
  62 #endif
  63   return (memcmp(p24, password, 24) == 0);
  64 }
  65
  66 /****************************************************************************
  67 core of smb password checking routine.
  68 ****************************************************************************/
  69 static BOOL smb_pwd_check_ntlmv2(const uchar *password, size_t pwd_len,
  70                                 uchar *part_passwd,
  71                                 uchar const *c8,
  72                                 const char *user, const char *domain,
  73                                 char *user_sess_key)
  74 {
  75         /* Finish the encryption of part_passwd. */
  76         uchar kr[16];
  77         uchar resp[16];
  78
  79         if (part_passwd == NULL)
  80         {
  81                 DEBUG(10,("No password set - DISALLOWING access\n"));
  82                 /* No password set - always False */
  83                 return False;
  84         }
  85
  86         ntv2_owf_gen(part_passwd, user, domain, kr);
  87         SMBOWFencrypt_ntv2(kr, c8, 8, password+16, pwd_len-16, (char *)resp);
  88         if (user_sess_key != NULL)
  89         {
  90                 SMBsesskeygen_ntv2(kr, resp, user_sess_key);
  91         }
  92
  93 #if DEBUG_PASSWORD
  94         DEBUG(100,("Part password (P16) was |"));
  95         dump_data(100, part_passwd, 16);
  96         DEBUG(100,("Password from client was |"));
  97         dump_data(100, password, pwd_len);
  98         DEBUG(100,("Given challenge was |"));
  99         dump_data(100, c8, 8);
 100         DEBUG(100,("Value from encryption was |"));
 101         dump_data(100, resp, 16);
 102 #endif
 103
 104         return (memcmp(resp, password, 16) == 0);
 105 }
 106
 107
 108 /****************************************************************************
 109  Do a specific test for an smb password being correct, given a smb_password and
 110  the lanman and NT responses.
 111 ****************************************************************************/
 112 uint32 smb_password_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
 113 {
 114         uint8 *nt_pw, *lm_pw;
 115         uint16  acct_ctrl;
 116
 117         acct_ctrl = pdb_get_acct_ctrl(sampass);
 118
 119         /* Quit if the account was disabled. */
 120         if(acct_ctrl & ACB_DISABLED) {
 121                 DEBUG(1,("Account for user '%s' was disabled.\n", user_info->smb_username.str));
 122                 return(NT_STATUS_ACCOUNT_DISABLED);
 123         }
 124
 125         if (acct_ctrl & ACB_PWNOTREQ)
 126         {
 127                 if (lp_null_passwords())
 128                 {
 129                         DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", user_info->smb_username.str));
 130                         return(NT_STATUS_NOPROBLEMO);
 131                 }
 132                 else
 133                 {
 134                         DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", user_info->smb_username.str));
 135                         return(NT_STATUS_LOGON_FAILURE);
 136                 }
 137         }
 138
 139         if (!user_info || !sampass)
 140                 return(NT_STATUS_LOGON_FAILURE);
 141
 142         DEBUG(4,("smb_password_ok: Checking SMB password for user %s\n",user_info->smb_username.str));
 143
 144         nt_pw = pdb_get_nt_passwd(sampass);
 145
 146         if (nt_pw != NULL) {
 147                 if ((user_info->nt_resp.len > 24 )) {
 148                         /* We have the NT MD4 hash challenge available - see if we can
 149                            use it (ie. does it exist in the smbpasswd file).
 150                         */
 151                         DEBUG(4,("smb_password_ok: Checking NTLMv2 password\n"));
 152                         if (smb_pwd_check_ntlmv2( user_info->nt_resp.buffer,
 153                                                   user_info->nt_resp.len,
 154                                                   nt_pw,
 155                                                   user_info->chal, user_info->requested_username.str,
 156                                                   user_info->requested_domain.str,
 157                                                   (char *)server_info->session_key))
 158                         {
 159                                 return NT_STATUS_NOPROBLEMO;
 160                         }
 161                         DEBUG(4,("smb_password_ok: NTLMv2 password check failed\n"));
 162
 163                 } else if (lp_ntlm_auth() && (user_info->nt_resp.len == 24 )) {
 164                                 /* We have the NT MD4 hash challenge available - see if we can
 165                                    use it (ie. does it exist in the smbpasswd file).
 166                                 */
 167                         DEBUG(4,("smb_password_ok: Checking NT MD4 password\n"));
 168                         if (smb_pwd_check_ntlmv1(user_info->nt_resp.buffer,
 169                                                  nt_pw, user_info->chal,
 170                                                  server_info->session_key)) {
 171                                 DEBUG(4,("smb_password_ok: NT MD4 password check succeeded\n"));
 172                                 return NT_STATUS_NOPROBLEMO;
 173                         } else {
 174                                 DEBUG(4,("smb_password_ok: NT MD4 password check failed\n"));
 175                                 return NT_STATUS_WRONG_PASSWORD;
 176                         }
 177                 }
 178         }
 179
 180         lm_pw = pdb_get_lanman_passwd(sampass);
 181
 182         if(lp_lanman_auth() && (lm_pw != NULL) && (user_info->lm_resp.len == 24 )) {
 183                 DEBUG(4,("smb_password_ok: Checking LM password\n"));
 184                 if (smb_pwd_check_ntlmv1(user_info->lm_resp.buffer,
 185                                          lm_pw, user_info->chal,
 186                                          server_info->session_key)) {
 187                         DEBUG(4,("smb_password_ok: LM password check succeeded\n"));
 188                         return NT_STATUS_NOPROBLEMO;
 189                 } else {
 190                         DEBUG(4,("smb_password_ok: LM password check failed\n"));
 191                         return NT_STATUS_WRONG_PASSWORD;
 192                 }
 193         }
 194
 195         return NT_STATUS_LOGON_FAILURE;
 196 }
 197
 198
 199 /****************************************************************************
 200 check if a username/password is OK assuming the password is a 24 byte
 201 SMB hash supplied in the user_info structure
 202 return an NT_STATUS constant.
 203 ****************************************************************************/
 204
 205 uint32 check_smbpasswd_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
 206 {
 207         SAM_ACCOUNT *sampass=NULL;
 208         BOOL ret;
 209         uint32 nt_status;
 210
 211         pdb_init_sam(&sampass);
 212
 213         /* get the account information */
 214
 215         become_root();
 216         ret = pdb_getsampwnam(sampass, user_info->smb_username.str);
 217         unbecome_root();
 218
 219         if (ret == False)
 220         {
 221                 DEBUG(1,("Couldn't find user '%s' in passdb file.\n", user_info->smb_username.str));
 222                 pdb_free_sam(sampass);
 223                 return(NT_STATUS_NO_SUCH_USER);
 224         }
 225
 226         nt_status = smb_password_ok(sampass, user_info, server_info);
 227
 228         pdb_free_sam(sampass);
 229         return nt_status;
 230 }
 231
 232