Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/netncp/ncp_login.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* 2 * Copyright (c) 1999, Boris Popov 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by Boris Popov. 16 * 4. Neither the name of the author nor the names of any co-contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * $FreeBSD$ 33 */ 34 #include <sys/param.h> 35 #include <sys/errno.h> 36 #include <sys/malloc.h> 37 #include <sys/systm.h> 38 #include <sys/proc.h> 39 #include <sys/socket.h> 40 41 #include <netncp/ncp.h> 42 #include <netncp/ncp_conn.h> 43 #include <netncp/ncp_subr.h> 44 #include <netncp/ncp_ncp.h> 45 #include <netncp/ncp_rq.h> 46 #include <netncp/ncp_nls.h> 47 #include <netncp/nwerror.h> 48 49 static int ncp_login_encrypted(struct ncp_conn *conn, struct ncp_bindery_object *object, 50 unsigned char *key, unsigned char *passwd, 51 struct proc *p, struct ucred *cred); 52 static int ncp_login_unencrypted(struct ncp_conn *conn, u_int16_t object_type, 53 char *object_name, unsigned char *passwd, 54 struct proc *p, struct ucred *cred); 55 static int ncp_sign_start(struct ncp_conn *conn, char *logindata); 56 static int ncp_get_encryption_key(struct ncp_conn *conn, char *target); 57 58 /* 59 * Initialize packet signatures. They a slightly modified MD4. 60 * The first 16 bytes of logindata are the shuffled password, 61 * the last 8 bytes the encryption key as received from the server. 62 */ 63 int 64 ncp_sign_start(struct ncp_conn *conn, char *logindata) { 65 char msg[64]; 66 u_int32_t state[4]; 67 68 memcpy(msg, logindata, 24); 69 memcpy(msg + 24, "Authorized NetWare Client", 25); 70 bzero(msg + 24 + 25, sizeof(msg) - 24 - 25); 71 72 conn->sign_state[0] = 0x67452301; 73 conn->sign_state[1] = 0xefcdab89; 74 conn->sign_state[2] = 0x98badcfe; 75 conn->sign_state[3] = 0x10325476; 76 ncp_sign(conn->sign_state, msg, state); 77 conn->sign_root[0] = state[0]; 78 conn->sign_root[1] = state[1]; 79 conn->flags |= NCPFL_SIGNACTIVE; 80 return 0; 81 } 82 83 /* 84 * target is a 8-byte buffer 85 */ 86 int 87 ncp_get_encryption_key(struct ncp_conn *conn, char *target) { 88 int error; 89 DECLARE_RQ; 90 91 NCP_RQ_HEAD_S(23,23,conn->procp,conn->ucred); 92 checkbad(ncp_request(conn,rqp)); 93 if (rqp->rpsize < 8) { 94 NCPFATAL("rpsize=%d < 8\n", rqp->rpsize); 95 return EIO; 96 } 97 ncp_rp_mem(rqp, target, 8); 98 NCP_RQ_EXIT; 99 return error; 100 } 101 102 int 103 ncp_login_object(struct ncp_conn *conn, unsigned char *username, 104 int login_type, unsigned char *password, 105 struct proc *p,struct ucred *cred) 106 { 107 int error; 108 unsigned char ncp_key[8]; 109 struct ncp_bindery_object user; 110 111 if ((error = ncp_get_encryption_key(conn, ncp_key)) != 0) { 112 printf("%s: Warning: use unencrypted login\n", __FUNCTION__); 113 return ncp_login_unencrypted(conn, login_type, username, password,p,cred); 114 } 115 if ((error = ncp_get_bindery_object_id(conn, login_type, username, &user,p,cred)) != 0) { 116 return error; 117 } 118 error = ncp_login_encrypted(conn, &user, ncp_key, password,p,cred); 119 return error; 120 } 121 122 int 123 ncp_login_encrypted(struct ncp_conn *conn, struct ncp_bindery_object *object, 124 unsigned char *key, unsigned char *passwd, 125 struct proc *p,struct ucred *cred) { 126 u_int32_t tmpID = htonl(object->object_id); 127 u_char buf[16 + 8]; 128 u_char encrypted[8]; 129 int error; 130 DECLARE_RQ; 131 132 nw_keyhash((u_char*)&tmpID, passwd, strlen(passwd), buf); 133 nw_encrypt(key, buf, encrypted); 134 135 NCP_RQ_HEAD_S(23,24,p,cred); 136 ncp_rq_mem(rqp, encrypted, 8); 137 ncp_rq_word_hl(rqp, object->object_type); 138 ncp_rq_pstring(rqp, object->object_name); 139 error = ncp_request(conn, rqp); 140 NCP_RQ_EXIT_NB; 141 if (conn->flags & NCPFL_SIGNWANTED) { 142 if (error == 0 || error == NWE_PASSWORD_EXPIRED) { 143 memcpy(buf + 16, key, 8); 144 error = ncp_sign_start(conn, buf); 145 } 146 } 147 return error; 148 } 149 150 int 151 ncp_login_unencrypted(struct ncp_conn *conn, u_int16_t object_type, 152 char *object_name, unsigned char *passwd, 153 struct proc *p, struct ucred *cred) 154 { 155 int error; 156 DECLARE_RQ; 157 158 NCP_RQ_HEAD_S(23,20,conn->procp,conn->ucred); 159 ncp_rq_word_hl(rqp, object_type); 160 ncp_rq_pstring(rqp, object_name); 161 ncp_rq_pstring(rqp, passwd); 162 error = ncp_request(conn,rqp); 163 NCP_RQ_EXIT_NB; 164 return error; 165 } 166 167 /* 168 * Login to specified server with username and password. 169 * conn should be locked. 170 */ 171 int 172 ncp_login(struct ncp_conn *conn, char *user, int objtype, char *password, 173 struct proc *p, struct ucred *cred) { 174 int error; 175 176 if (ncp_suser(cred) != 0 && cred->cr_uid != conn->nc_owner->cr_uid) 177 return EACCES; 178 if (conn->flags & NCPFL_LOGGED) return EALREADY; 179 if ((conn->flags & NCPFL_ATTACHED) == 0) return ENOTCONN; 180 conn->li.user = ncp_str_dup(user); 181 conn->li.password = ncp_str_dup(password); 182 if (conn->li.user == NULL || conn->li.password == NULL) { 183 error = EINVAL; 184 goto bad; 185 } 186 ncp_str_upper(conn->li.user); 187 if ((conn->li.opt & NCP_OPT_NOUPCASEPASS) == 0) 188 ncp_str_upper(conn->li.password); 189 checkbad(ncp_login_object(conn, conn->li.user, objtype, conn->li.password,p,cred)); 190 conn->li.objtype = objtype; 191 conn->flags |= NCPFL_LOGGED; 192 return 0; 193 bad: 194 if (conn->li.user) free(conn->li.user, M_NCPDATA); 195 if (conn->li.password) free(conn->li.password, M_NCPDATA); 196 conn->li.user = conn->li.password = NULL; 197 return error; 198 }
Cache object: 7c7933817ceff93b18992219988f68b3
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]