#define PASSWORD_LENGTH 8
#endif
-/* these are kept here to keep the string_combinations function simple */
-static char *ths_user;
-
-static const char *get_this_user(void)
-{
- if (!ths_user) {
- return "";
- }
- return ths_user;
-}
-
-#if defined(WITH_PAM) || defined(OSF1_ENH_SEC)
-static const char *set_this_user(const char *newuser)
-{
- char *orig_user = ths_user;
- ths_user = SMB_STRDUP(newuser);
- SAFE_FREE(orig_user);
- return ths_user;
-}
-#endif
-
#if !defined(WITH_PAM)
static char *ths_salt;
/* This must be writable. */
#endif
-/****************************************************************************
-apply a function to upper/lower case combinations
-of a string and return true if one of them returns true.
-try all combinations with N uppercase letters.
-offset is the first char to try and change (start with 0)
-it assumes the string starts lowercased
-****************************************************************************/
-static NTSTATUS string_combinations2(char *s, int offset,
- NTSTATUS (*fn)(const char *s,
- const void *private_data),
- int N, const void *private_data)
-{
- int len = strlen(s);
- int i;
- NTSTATUS nt_status;
-
-#ifdef PASSWORD_LENGTH
- len = MIN(len, PASSWORD_LENGTH);
-#endif
-
- if (N <= 0 || offset >= len)
- return (fn(s, private_data));
-
- for (i = offset; i < (len - (N - 1)); i++) {
- char c = s[i];
- if (!islower_m(c))
- continue;
- s[i] = toupper_m(c);
- nt_status = string_combinations2(s, i + 1, fn, N - 1,
- private_data);
- if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) {
- return nt_status;
- }
- s[i] = c;
- }
- return (NT_STATUS_WRONG_PASSWORD);
-}
-
-/****************************************************************************
-apply a function to upper/lower case combinations
-of a string and return true if one of them returns true.
-try all combinations with up to N uppercase letters.
-offset is the first char to try and change (start with 0)
-it assumes the string starts lowercased
-****************************************************************************/
-static NTSTATUS string_combinations(char *s,
- NTSTATUS (*fn)(const char *s,
- const void *private_data),
- int N, const void *private_data)
-{
- int n;
- NTSTATUS nt_status;
- for (n = 1; n <= N; n++) {
- nt_status = string_combinations2(s, 0, fn, n, private_data);
- if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) {
- return nt_status;
- }
- }
- return NT_STATUS_WRONG_PASSWORD;
-}
-
-
/****************************************************************************
core of password checking routine
****************************************************************************/
-static NTSTATUS password_check(const char *password, const void *private_data)
+static NTSTATUS password_check(const char *user, const char *password, const void *private_data)
{
#ifdef WITH_PAM
const char *rhost = (const char *)private_data;
- return smb_pam_passcheck(get_this_user(), rhost, password);
+ return smb_pam_passcheck(user, rhost, password);
#else
bool ret;
#ifdef WITH_AFS
- if (afs_auth(get_this_user(), password))
+ if (afs_auth(user, password))
return NT_STATUS_OK;
#endif /* WITH_AFS */
#ifdef WITH_DFS
- if (dfs_auth(get_this_user(), password))
+ if (dfs_auth(user, password))
return NT_STATUS_OK;
#endif /* WITH_DFS */
bool run_cracker)
{
char *pass2 = NULL;
- int level = lp_passwordlevel();
NTSTATUS nt_status;
* checks below and dive straight into the PAM code.
*/
- if (set_this_user(user) == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
DEBUG(4, ("pass_check: Checking (PAM) password for user %s\n", user));
#else /* Not using PAM */
user));
mypasswd = getprpwnam(user);
if (mypasswd) {
- if (set_this_user(mypasswd->ufld.fd_name) == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
+ user = mypasswd->ufld.fd_name;
if (set_this_crypted(mypasswd->ufld.fd_encrypt) == NULL) {
return NT_STATUS_NO_MEMORY;
}
if (!get_this_crypted() || !*get_this_crypted()) {
if (!lp_null_passwords()) {
DEBUG(2, ("Disallowing %s with null password\n",
- get_this_user()));
+ user));
return NT_STATUS_LOGON_FAILURE;
}
if (!*password) {
DEBUG(3,
("Allowing access to %s with null password\n",
- get_this_user()));
+ user));
return NT_STATUS_OK;
}
}
#endif /* defined(WITH_PAM) */
/* try it as it came to us */
- nt_status = password_check(password, (const void *)rhost);
+ nt_status = password_check(user, password, (const void *)rhost);
if NT_STATUS_IS_OK(nt_status) {
return (nt_status);
} else if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) {
if (!strlower_m(pass2)) {
return NT_STATUS_INVALID_PARAMETER;
}
- nt_status = password_check(pass2, (const void *)rhost);
+ nt_status = password_check(user, pass2, (const void *)rhost);
if (NT_STATUS_IS_OK(nt_status)) {
return (nt_status);
}
}
- /* give up? */
- if (level < 1) {
- return NT_STATUS_WRONG_PASSWORD;
- }
-
- /* last chance - all combinations of up to level chars upper! */
- if (!strlower_m(pass2)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- nt_status = string_combinations(pass2, password_check, level,
- (const void *)rhost);
- if (NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-
return NT_STATUS_WRONG_PASSWORD;
}