Removed version number from file header.
[kai/samba.git] / source3 / auth / auth_compat.c
1 /* 
2    Unix SMB/CIFS implementation.
3    Password and authentication handling
4    Copyright (C) Andrew Bartlett         2001-2002
5    
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License as published by
8    the Free Software Foundation; either version 2 of the License, or
9    (at your option) any later version.
10    
11    This program is distributed in the hope that it will be useful,
12    but WITHOUT ANY WARRANTY; without even the implied warranty of
13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14    GNU General Public License for more details.
15    
16    You should have received a copy of the GNU General Public License
17    along with this program; if not, write to the Free Software
18    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
20
21 #include "includes.h"
22
23 /****************************************************************************
24  COMPATABILITY INTERFACES:
25  ***************************************************************************/
26
27 /****************************************************************************
28 check if a username/password is OK assuming the password is a 24 byte
29 SMB hash
30 return True if the password is correct, False otherwise
31 ****************************************************************************/
32
33 NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_password, auth_serversupplied_info **server_info)
34 {
35         struct auth_context *plaintext_auth_context = NULL;
36         auth_usersupplied_info *user_info = NULL;
37         const uint8 *chal;
38         NTSTATUS nt_status;
39         if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&plaintext_auth_context))) {
40                 return nt_status;
41         }
42         
43         chal = plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context);
44         
45         if (!make_user_info_for_reply(&user_info, 
46                                       smb_name, lp_workgroup(), chal,
47                                       plaintext_password)) {
48                 return NT_STATUS_NO_MEMORY;
49         }
50         
51         nt_status = plaintext_auth_context->check_ntlm_password(plaintext_auth_context, 
52                                                                 user_info, server_info); 
53         
54         (plaintext_auth_context->free)(&plaintext_auth_context);
55         free_user_info(&user_info);
56         return nt_status;
57 }
58
59 static NTSTATUS pass_check_smb(const char *smb_name,
60                                const char *domain, 
61                                DATA_BLOB lm_pwd,
62                                DATA_BLOB nt_pwd,
63                                DATA_BLOB plaintext_password,
64                                BOOL encrypted)
65
66 {
67         NTSTATUS nt_status;
68         extern struct auth_context *negprot_global_auth_context;
69         auth_serversupplied_info *server_info = NULL;
70         if (encrypted) {                
71                 auth_usersupplied_info *user_info = NULL;
72                 make_user_info_for_reply_enc(&user_info, smb_name, 
73                                              domain,
74                                              lm_pwd, 
75                                              nt_pwd);
76                 nt_status = negprot_global_auth_context->check_ntlm_password(negprot_global_auth_context, 
77                                                                              user_info, &server_info);
78                 free_user_info(&user_info);
79         } else {
80                 nt_status = check_plaintext_password(smb_name, plaintext_password, &server_info);
81         }               
82         free_server_info(&server_info);
83         return nt_status;
84 }
85
86 /****************************************************************************
87 check if a username/password pair is ok via the auth subsystem.
88 return True if the password is correct, False otherwise
89 ****************************************************************************/
90 BOOL password_ok(char *smb_name, DATA_BLOB password_blob)
91 {
92
93         DATA_BLOB null_password = data_blob(NULL, 0);
94         extern BOOL global_encrypted_passwords_negotiated;
95         BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24);
96         
97         if (encrypted) {
98                 /* 
99                  * The password could be either NTLM or plain LM.  Try NTLM first, 
100                  * but fall-through as required.
101                  * NTLMv2 makes no sense here.
102                  */
103                 if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) {
104                         return True;
105                 }
106                 
107                 if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), password_blob, null_password, null_password, encrypted))) {
108                         return True;
109                 }
110         } else {
111                 if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, null_password, password_blob, encrypted))) {
112                         return True;
113                 }
114         }
115
116         return False;
117 }
118
119