diff options
Diffstat (limited to 'source3/auth/pass_check.c')
-rw-r--r-- | source3/auth/pass_check.c | 65 |
1 files changed, 37 insertions, 28 deletions
diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c index 63918796ef..47c9664a74 100644 --- a/source3/auth/pass_check.c +++ b/source3/auth/pass_check.c @@ -23,9 +23,6 @@ #include "includes.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_AUTH - /* these are kept here to keep the string_combinations function simple */ static fstring this_user; #if !defined(WITH_PAM) @@ -436,7 +433,7 @@ try all combinations with N uppercase letters. offset is the first char to try and change (start with 0) it assumes the string starts lowercased ****************************************************************************/ -static NTSTATUS string_combinations2(char *s, int offset, NTSTATUS (*fn) (const char *), +static NTSTATUS string_combinations2(char *s, int offset, NTSTATUS (*fn) (char *), int N) { int len = strlen(s); @@ -470,7 +467,7 @@ try all combinations with up to N uppercase letters. offset is the first char to try and change (start with 0) it assumes the string starts lowercased ****************************************************************************/ -static NTSTATUS string_combinations(char *s, NTSTATUS (*fn) (const char *), int N) +static NTSTATUS string_combinations(char *s, NTSTATUS (*fn) (char *), int N) { int n; NTSTATUS nt_status; @@ -484,7 +481,7 @@ static NTSTATUS string_combinations(char *s, NTSTATUS (*fn) (const char *), int /**************************************************************************** core of password checking routine ****************************************************************************/ -static NTSTATUS password_check(const char *password) +static NTSTATUS password_check(char *password) { #ifdef WITH_PAM return smb_pam_passcheck(this_user, password); @@ -591,13 +588,16 @@ match is found and is used to update the encrypted password file return NT_STATUS_OK on correct match, appropriate error otherwise ****************************************************************************/ -NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *password, - int pwlen, BOOL (*fn) (const char *, const char *), BOOL run_cracker) +NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, + int pwlen, BOOL (*fn) (char *, char *), BOOL run_cracker) { + struct passwd *pass; pstring pass2; int level = lp_passwordlevel(); NTSTATUS nt_status; + if (password) + password[pwlen] = 0; #if DEBUG_PASSWORD DEBUG(100, ("checking user=[%s] pass=[%s]\n", user, password)); @@ -624,16 +624,12 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas DEBUG(4, ("pass_check: Checking password for user %s (l=%d)\n", user, pwlen)); - if (!pass) { + if (!input_pass) { DEBUG(3, ("Couldn't find user %s\n", user)); return NT_STATUS_NO_SUCH_USER; } - - /* Copy into global for the convenience of looping code */ - /* Also the place to keep the 'password' no matter what - crazy struct it started in... */ - fstrcpy(this_crypted, pass->pw_passwd); + pass = make_modifyable_passwd(input_pass); #ifdef HAVE_GETSPNAM { @@ -646,7 +642,7 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas spass = getspnam(pass->pw_name); if (spass && spass->sp_pwdp) - fstrcpy(this_crypted, spass->sp_pwdp); + pstrcpy(pass->pw_passwd, spass->sp_pwdp); } #elif defined(IA_UINFO) { @@ -664,7 +660,7 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas { struct pr_passwd *pr_pw = getprpwnam(pass->pw_name); if (pr_pw && pr_pw->ufld.fd_encrypt) - fstrcpy(this_crypted, pr_pw->ufld.fd_encrypt); + pstrcpy(pass->pw_passwd, pr_pw->ufld.fd_encrypt); } #endif @@ -673,7 +669,7 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas struct passwd_adjunct *pwret; pwret = getpwanam(s); if (pwret && pwret->pwa_passwd) - fstrcpy(this_crypted, pwret->pwa_passwd); + pstrcpy(pass->pw_passwd,pwret->pwa_passwd); } #endif @@ -684,8 +680,8 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas user)); mypasswd = getprpwnam(user); if (mypasswd) { - fstrcpy(this_user, mypasswd->ufld.fd_name); - fstrcpy(this_crypted, mypasswd->ufld.fd_encrypt); + fstrcpy(pass->pw_name, mypasswd->ufld.fd_name); + fstrcpy(pass->pw_passwd, mypasswd->ufld.fd_encrypt); } else { DEBUG(5, ("OSF1_ENH_SEC: No entry for user %s in protected database !\n", @@ -698,7 +694,7 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas { AUTHORIZATION *ap = getauthuid(pass->pw_uid); if (ap) { - fstrcpy(this_crypted, ap->a_password); + fstrcpy(pass->pw_passwd, ap->a_password); endauthent(); } } @@ -713,20 +709,27 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas this_salt[2] = 0; #endif + /* Copy into global for the convenience of looping code */ + fstrcpy(this_crypted, pass->pw_passwd); + if (!*this_crypted) { if (!lp_null_passwords()) { DEBUG(2, ("Disallowing %s with null password\n", this_user)); + passwd_free(&pass); return NT_STATUS_LOGON_FAILURE; } if (!*password) { DEBUG(3, ("Allowing access to %s with null password\n", this_user)); + passwd_free(&pass); return NT_STATUS_OK; } } + passwd_free(&pass); + #endif /* defined(WITH_PAM) */ /* try it as it came to us */ @@ -749,36 +752,42 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas * need to proceed as we know it hasn't been case modified by the * client */ if (strhasupper(password) && strhaslower(password)) { + passwd_free(&pass); return nt_status; } /* make a copy of it */ - pstrcpy(pass2, password); + StrnCpy(pass2, password, sizeof(pstring) - 1); /* try all lowercase if it's currently all uppercase */ - if (strhasupper(pass2)) { - strlower(pass2); - if NT_STATUS_IS_OK(nt_status = password_check(pass2)) { + if (strhasupper(password)) { + strlower(password); + if NT_STATUS_IS_OK(nt_status = password_check(password)) { if (fn) - fn(user, pass2); + fn(user, password); return (nt_status); } } /* give up? */ if (level < 1) { + /* restore it */ + fstrcpy(password, pass2); return NT_STATUS_WRONG_PASSWORD; } /* last chance - all combinations of up to level chars upper! */ - strlower(pass2); + strlower(password); - if (NT_STATUS_IS_OK(nt_status = string_combinations(pass2, password_check, level))) { + if NT_STATUS_IS_OK(nt_status = string_combinations(password, password_check, level)) { if (fn) - fn(user, pass2); + fn(user, password); return nt_status; } + /* restore it */ + fstrcpy(password, pass2); + return NT_STATUS_WRONG_PASSWORD; } |