diff options
Diffstat (limited to 'examples/auth')
-rw-r--r-- | examples/auth/Makefile | 31 | ||||
-rw-r--r-- | examples/auth/auth_skel.c | 58 | ||||
-rw-r--r-- | examples/auth/crackcheck/Makefile | 25 | ||||
-rw-r--r-- | examples/auth/crackcheck/crackcheck.c | 140 |
4 files changed, 254 insertions, 0 deletions
diff --git a/examples/auth/Makefile b/examples/auth/Makefile new file mode 100644 index 0000000000..d6dbc28f40 --- /dev/null +++ b/examples/auth/Makefile @@ -0,0 +1,31 @@ +# Makefile for samba-pdb examples +# Variables + +CC = gcc +LIBTOOL = libtool + +SAMBA_SRC = ../../source +SAMBA_INCL = ../../source/include +UBIQX_SRC = ../../source/ubiqx +SMBWR_SRC = ../../source/smbwrapper +CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -Wall -g +AUTH_OBJS = auth_skel.la + +# Default target + +default: $(AUTH_OBJS) + +# Pattern rules + +%.la: %.lo + $(LIBTOOL) --mode=link $(CC) -module -o $@ $< $(LDFLAGS) + +%.lo: %.c + $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS) -c $< + +# Misc targets + +clean: + rm -rf .libs + rm -f core *~ *% *.bak \ + $(AUTH_OBJS) $(AUTH_OBJS:.la=.o) $(AUTH_OBJS:.la=.lo) diff --git a/examples/auth/auth_skel.c b/examples/auth/auth_skel.c new file mode 100644 index 0000000000..e6cbd73968 --- /dev/null +++ b/examples/auth/auth_skel.c @@ -0,0 +1,58 @@ +/* + Unix SMB/CIFS implementation. + Password and authentication handling + Copyright (C) Andrew Bartlett 2001 + Copyright (C) Jelmer Vernooij 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + +static NTSTATUS check_skel_security(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info) +{ + if (!user_info || !auth_context) { + return NT_STATUS_LOGON_FAILURE; + } + + /* Insert your authentication checking code here, + * and return NT_STATUS_OK if authentication succeeds */ + + /* For now, just refuse all connections */ + return NT_STATUS_LOGON_FAILURE; +} + +/* module initialisation */ +NTSTATUS auth_init_skel(struct auth_context *auth_context, const char *param, auth_methods **auth_method) +{ + if (!make_auth_methods(auth_context, auth_method)) { + return NT_STATUS_NO_MEMORY; + } + + (*auth_method)->auth = check_skel_security; + (*auth_method)->name = "skel"; + return NT_STATUS_OK; +} + +NTSTATUS init_module(void) +{ + return smb_register_auth(AUTH_INTERFACE_VERSION, "skel", auth_init_skel); +} diff --git a/examples/auth/crackcheck/Makefile b/examples/auth/crackcheck/Makefile new file mode 100644 index 0000000000..84377aafef --- /dev/null +++ b/examples/auth/crackcheck/Makefile @@ -0,0 +1,25 @@ +# C compiler +#CC=cc +CC=gcc + +# Uncomment the following to add symbols to the code for debugging +#DEBUG=-g -Wall + +# Optimization for the compiler +#OPTIMIZE= +OPTIMIZE=-O2 + +CFLAGS= $(DEBUG) $(OPTIMIZE) + +OBJS = crackcheck.o +LIBS = -lcrack + +crackcheck: $(OBJS) + $(CC) $(CFLAGS) $(LIBS) -o crackcheck $(OBJS) + +clean: + rm -f core *.o crackcheck + +install: crackcheck + install -m 555 crackcheck $(PREFIX)/sbin/crackcheck + diff --git a/examples/auth/crackcheck/crackcheck.c b/examples/auth/crackcheck/crackcheck.c new file mode 100644 index 0000000000..ac29b22592 --- /dev/null +++ b/examples/auth/crackcheck/crackcheck.c @@ -0,0 +1,140 @@ +#include <memory.h> +#include <string.h> +#include <stdlib.h> +#include <stdio.h> +#include <ctype.h> +#include <crack.h> + +void usage(char *command) { + char *c, *comm; + + comm = command; + while ((c = strrchr(comm, '/')) != NULL) { + comm = c + 1; + } + + fprintf(stderr, "Usage: %s [-c] [-s] [-d <dictionary>]\n\n", comm); + fprintf(stderr, " -c enables NT like complexity checks\n"); + fprintf(stderr, " -d <dictionary file> for cracklib\n"); + fprintf(stderr, " -s simple check use NT like checks ONLY\n\n"); + fprintf(stderr, "The password is read via stdin.\n\n"); + exit(-1); +} + +int complexity(char* passwd) +{ + /* TG 26.10.2005 + * check password for complexity like MS Windows NT + */ + + int c_upper = 0; + int c_lower = 0; + int c_digit = 0; + int c_punct = 0; + int c_tot = 0; + int i, len; + + if (!passwd) goto fail; + len = strlen(passwd); + + for (i = 0; i < len; i++) { + + if (c_tot >= 3) break; + + if (isupper(passwd[i])) { + if (!c_upper) { + c_upper = 1; + c_tot += 1; + } + continue; + } + if (islower(passwd[i])) { + if (!c_lower) { + c_lower = 1; + c_tot += 1; + } + continue; + } + if (isdigit(passwd[i])) { + if (!c_digit) { + c_digit = 1; + c_tot += 1; + } + continue; + } + if (ispunct(passwd[i])) { + if (!c_punct) { + c_punct = 1; + c_tot += 1; + } + continue; + } + } + + if ((c_tot) < 3) goto fail; + return 0; + +fail: + fprintf(stderr, "ERR Complexity check failed\n\n"); + return -4; +} + +int main(int argc, char **argv) { + extern char *optarg; + int c, ret, complex_check = 0, simplex_check = 0; + + char f[256]; + char *dictionary = NULL; + char *password; + char *reply; + + while ( (c = getopt(argc, argv, "d:cs")) != EOF){ + switch(c) { + case 'd': + dictionary = strdup(optarg); + break; + case 'c': + complex_check = 1; + break; + case 's': + complex_check = 1; + simplex_check = 1; + break; + default: + usage(argv[0]); + } + } + + if (!simplex_check && dictionary == NULL) { + fprintf(stderr, "ERR - Missing cracklib dictionary\n\n"); + usage(argv[0]); + } + + fflush(stdin); + password = fgets(f, sizeof(f), stdin); + + if (password == NULL) { + fprintf(stderr, "ERR - Failed to read password\n\n"); + exit(-2); + } + + if (complex_check) { + ret = complexity(password); + if (ret) { + exit(ret); + } + } + + if (simplex_check) { + exit(0); + } + + reply = FascistCheck(password, dictionary); + if (reply != NULL) { + fprintf(stderr, "ERR - %s\n\n", reply); + exit(-3); + } + + exit(0); +} + |