auth/pass_check.c

ソースコードを見る。

関数

static BOOL afs_auth (char *user, char *password)
static BOOL dfs_auth (char *user, char *password)
void dfs_unlogin (void)
static int linux_bigcrypt (char *password, char *salt1, char *crypted)
static char * osf1_bigcrypt (char *password, char *salt1)
static NTSTATUS string_combinations2 (char *s, int offset, NTSTATUS(*fn)(const char *), int N)
static NTSTATUS string_combinations (char *s, NTSTATUS(*fn)(const char *), int N)
static NTSTATUS password_check (const char *password)
NTSTATUS pass_check (const struct passwd *pass, const char *user, const char *password, int pwlen, BOOL(*fn)(const char *, const char *), BOOL run_cracker)

変数

static fstring this_user
static fstring this_salt
static fstring this_crypted
sec_login_handle_t my_dce_sec_context
int dcelogin_atmost_once = 0


関数

static BOOL afs_auth ( char *  user,
char *  password 
) [static]

pass_check.c44 行で定義されています。

参照元 password_check().

00045 {
00046         long password_expires = 0;
00047         char *reason;
00048 
00049         /* For versions of AFS prior to 3.3, this routine has few arguments, */
00050         /* but since I can't find the old documentation... :-)               */
00051         setpag();
00052         if (ka_UserAuthenticateGeneral
00053             (KA_USERAUTH_VERSION + KA_USERAUTH_DOSETPAG, user, (char *)0,       /* instance */
00054              (char *)0,         /* cell */
00055              password, 0,       /* lifetime, default */
00056              &password_expires, /*days 'til it expires */
00057              0,                 /* spare 2 */
00058              &reason) == 0)
00059         {
00060                 return (True);
00061         }
00062         DEBUG(1,
00063               ("AFS authentication for \"%s\" failed (%s)\n", user, reason));
00064         return (False);
00065 }

static BOOL dfs_auth ( char *  user,
char *  password 
) [static]

pass_check.c93 行で定義されています。

参照先 dcelogin_atmost_onceerrlocaltime()my_dce_sec_contextset_effective_gid()set_effective_uid()sys_getpid()tthis_cryptedthis_salt.

参照元 password_check().

00094 {
00095         struct tm *t;
00096         error_status_t err;
00097         int err2;
00098         int prterr;
00099         signed32 expire_time, current_time;
00100         boolean32 password_reset;
00101         struct passwd *pw;
00102         sec_passwd_rec_t passwd_rec;
00103         sec_login_auth_src_t auth_src = sec_login_auth_src_network;
00104         unsigned char dce_errstr[dce_c_error_string_len];
00105         gid_t egid;
00106 
00107         if (dcelogin_atmost_once)
00108                 return (False);
00109 
00110 #ifdef HAVE_CRYPT
00111         /*
00112          * We only go for a DCE login context if the given password
00113          * matches that stored in the local password file.. 
00114          * Assumes local passwd file is kept in sync w/ DCE RGY!
00115          */
00116 
00117         if (strcmp((char *)crypt(password, this_salt), this_crypted))
00118         {
00119                 return (False);
00120         }
00121 #endif
00122 
00123         sec_login_get_current_context(&my_dce_sec_context, &err);
00124         if (err != error_status_ok)
00125         {
00126                 dce_error_inq_text(err, dce_errstr, &err2);
00127                 DEBUG(0, ("DCE can't get current context. %s\n", dce_errstr));
00128 
00129                 return (False);
00130         }
00131 
00132         sec_login_certify_identity(my_dce_sec_context, &err);
00133         if (err != error_status_ok)
00134         {
00135                 dce_error_inq_text(err, dce_errstr, &err2);
00136                 DEBUG(0, ("DCE can't get current context. %s\n", dce_errstr));
00137 
00138                 return (False);
00139         }
00140 
00141         sec_login_get_expiration(my_dce_sec_context, &expire_time, &err);
00142         if (err != error_status_ok)
00143         {
00144                 dce_error_inq_text(err, dce_errstr, &err2);
00145                 DEBUG(0, ("DCE can't get expiration. %s\n", dce_errstr));
00146 
00147                 return (False);
00148         }
00149 
00150         time(&current_time);
00151 
00152         if (expire_time < (current_time + 60))
00153         {
00154                 struct passwd *pw;
00155                 sec_passwd_rec_t *key;
00156 
00157                 sec_login_get_pwent(my_dce_sec_context,
00158                                     (sec_login_passwd_t *) & pw, &err);
00159                 if (err != error_status_ok)
00160                 {
00161                         dce_error_inq_text(err, dce_errstr, &err2);
00162                         DEBUG(0, ("DCE can't get pwent. %s\n", dce_errstr));
00163 
00164                         return (False);
00165                 }
00166 
00167                 sec_login_refresh_identity(my_dce_sec_context, &err);
00168                 if (err != error_status_ok)
00169                 {
00170                         dce_error_inq_text(err, dce_errstr, &err2);
00171                         DEBUG(0, ("DCE can't refresh identity. %s\n",
00172                                   dce_errstr));
00173 
00174                         return (False);
00175                 }
00176 
00177                 sec_key_mgmt_get_key(rpc_c_authn_dce_secret, NULL,
00178                                      (unsigned char *)pw->pw_name,
00179                                      sec_c_key_version_none,
00180                                      (void **)&key, &err);
00181                 if (err != error_status_ok)
00182                 {
00183                         dce_error_inq_text(err, dce_errstr, &err2);
00184                         DEBUG(0, ("DCE can't get key for %s. %s\n",
00185                                   pw->pw_name, dce_errstr));
00186 
00187                         return (False);
00188                 }
00189 
00190                 sec_login_valid_and_cert_ident(my_dce_sec_context, key,
00191                                                &password_reset, &auth_src,
00192                                                &err);
00193                 if (err != error_status_ok)
00194                 {
00195                         dce_error_inq_text(err, dce_errstr, &err2);
00196                         DEBUG(0,
00197                               ("DCE can't validate and certify identity for %s. %s\n",
00198                                pw->pw_name, dce_errstr));
00199                 }
00200 
00201                 sec_key_mgmt_free_key(key, &err);
00202                 if (err != error_status_ok)
00203                 {
00204                         dce_error_inq_text(err, dce_errstr, &err2);
00205                         DEBUG(0, ("DCE can't free key.\n", dce_errstr));
00206                 }
00207         }
00208 
00209         if (sec_login_setup_identity((unsigned char *)user,
00210                                      sec_login_no_flags,
00211                                      &my_dce_sec_context, &err) == 0)
00212         {
00213                 dce_error_inq_text(err, dce_errstr, &err2);
00214                 DEBUG(0, ("DCE Setup Identity for %s failed: %s\n",
00215                           user, dce_errstr));
00216                 return (False);
00217         }
00218 
00219         sec_login_get_pwent(my_dce_sec_context,
00220                             (sec_login_passwd_t *) & pw, &err);
00221         if (err != error_status_ok)
00222         {
00223                 dce_error_inq_text(err, dce_errstr, &err2);
00224                 DEBUG(0, ("DCE can't get pwent. %s\n", dce_errstr));
00225 
00226                 return (False);
00227         }
00228 
00229         sec_login_purge_context(&my_dce_sec_context, &err);
00230         if (err != error_status_ok)
00231         {
00232                 dce_error_inq_text(err, dce_errstr, &err2);
00233                 DEBUG(0, ("DCE can't purge context. %s\n", dce_errstr));
00234 
00235                 return (False);
00236         }
00237 
00238         /*
00239          * NB. I'd like to change these to call something like change_to_user()
00240          * instead but currently we don't have a connection
00241          * context to become the correct user. This is already
00242          * fairly platform specific code however, so I think
00243          * this should be ok. I have added code to go
00244          * back to being root on error though. JRA.
00245          */
00246 
00247         egid = getegid();
00248 
00249         set_effective_gid(pw->pw_gid);
00250         set_effective_uid(pw->pw_uid);
00251 
00252         if (sec_login_setup_identity((unsigned char *)user,
00253                                      sec_login_no_flags,
00254                                      &my_dce_sec_context, &err) == 0)
00255         {
00256                 dce_error_inq_text(err, dce_errstr, &err2);
00257                 DEBUG(0, ("DCE Setup Identity for %s failed: %s\n",
00258                           user, dce_errstr));
00259                 goto err;
00260         }
00261 
00262         sec_login_get_pwent(my_dce_sec_context,
00263                             (sec_login_passwd_t *) & pw, &err);
00264         if (err != error_status_ok)
00265         {
00266                 dce_error_inq_text(err, dce_errstr, &err2);
00267                 DEBUG(0, ("DCE can't get pwent. %s\n", dce_errstr));
00268                 goto err;
00269         }
00270 
00271         passwd_rec.version_number = sec_passwd_c_version_none;
00272         passwd_rec.pepper = NULL;
00273         passwd_rec.key.key_type = sec_passwd_plain;
00274         passwd_rec.key.tagged_union.plain = (idl_char *) password;
00275 
00276         sec_login_validate_identity(my_dce_sec_context,
00277                                     &passwd_rec, &password_reset,
00278                                     &auth_src, &err);
00279         if (err != error_status_ok)
00280         {
00281                 dce_error_inq_text(err, dce_errstr, &err2);
00282                 DEBUG(0,
00283                       ("DCE Identity Validation failed for principal %s: %s\n",
00284                        user, dce_errstr));
00285                 goto err;
00286         }
00287 
00288         sec_login_certify_identity(my_dce_sec_context, &err);
00289         if (err != error_status_ok)
00290         {
00291                 dce_error_inq_text(err, dce_errstr, &err2);
00292                 DEBUG(0, ("DCE certify identity failed: %s\n", dce_errstr));
00293                 goto err;
00294         }
00295 
00296         if (auth_src != sec_login_auth_src_network)
00297         {
00298                 DEBUG(0, ("DCE context has no network credentials.\n"));
00299         }
00300 
00301         sec_login_set_context(my_dce_sec_context, &err);
00302         if (err != error_status_ok)
00303         {
00304                 dce_error_inq_text(err, dce_errstr, &err2);
00305                 DEBUG(0,
00306                       ("DCE login failed for principal %s, cant set context: %s\n",
00307                        user, dce_errstr));
00308 
00309                 sec_login_purge_context(&my_dce_sec_context, &err);
00310                 goto err;
00311         }
00312 
00313         sec_login_get_pwent(my_dce_sec_context,
00314                             (sec_login_passwd_t *) & pw, &err);
00315         if (err != error_status_ok)
00316         {
00317                 dce_error_inq_text(err, dce_errstr, &err2);
00318                 DEBUG(0, ("DCE can't get pwent. %s\n", dce_errstr));
00319                 goto err;
00320         }
00321 
00322         DEBUG(0, ("DCE login succeeded for principal %s on pid %d\n",
00323                   user, sys_getpid()));
00324 
00325         DEBUG(3, ("DCE principal: %s\n"
00326                   "          uid: %d\n"
00327                   "          gid: %d\n",
00328                   pw->pw_name, pw->pw_uid, pw->pw_gid));
00329         DEBUG(3, ("         info: %s\n"
00330                   "          dir: %s\n"
00331                   "        shell: %s\n",
00332                   pw->pw_gecos, pw->pw_dir, pw->pw_shell));
00333 
00334         sec_login_get_expiration(my_dce_sec_context, &expire_time, &err);
00335         if (err != error_status_ok)
00336         {
00337                 dce_error_inq_text(err, dce_errstr, &err2);
00338                 DEBUG(0, ("DCE can't get expiration. %s\n", dce_errstr));
00339                 goto err;
00340         }
00341 
00342         set_effective_uid(0);
00343         set_effective_gid(0);
00344 
00345         t = localtime(&expire_time);
00346         if (t) {
00347                 const char *asct = asctime(t);
00348                 if (asct) {
00349                         DEBUG(0,("DCE context expires: %s", asct));
00350                 }
00351         }
00352 
00353         dcelogin_atmost_once = 1;
00354         return (True);
00355 
00356       err:
00357 
00358         /* Go back to root, JRA. */
00359         set_effective_uid(0);
00360         set_effective_gid(egid);
00361         return (False);
00362 }

void dfs_unlogin ( void   ) 

pass_check.c364 行で定義されています。

参照先 errmy_dce_sec_contextsys_getpid().

参照元 exit_server_common().

00365 {
00366         error_status_t err;
00367         int err2;
00368         unsigned char dce_errstr[dce_c_error_string_len];
00369 
00370         sec_login_purge_context(&my_dce_sec_context, &err);
00371         if (err != error_status_ok)
00372         {
00373                 dce_error_inq_text(err, dce_errstr, &err2);
00374                 DEBUG(0,
00375                       ("DCE purge login context failed for server instance %d: %s\n",
00376                        sys_getpid(), dce_errstr));
00377         }
00378 }

static int linux_bigcrypt ( char *  password,
char *  salt1,
char *  crypted 
) [static]

pass_check.c385 行で定義されています。

参照元 password_check().

00386 {
00387 #define LINUX_PASSWORD_SEG_CHARS 8
00388         char salt[3];
00389         int i;
00390 
00391         StrnCpy(salt, salt1, 2);
00392         crypted += 2;
00393 
00394         for (i = strlen(password); i > 0; i -= LINUX_PASSWORD_SEG_CHARS) {
00395                 char *p = crypt(password, salt) + 2;
00396                 if (strncmp(p, crypted, LINUX_PASSWORD_SEG_CHARS) != 0)
00397                         return (0);
00398                 password += LINUX_PASSWORD_SEG_CHARS;
00399                 crypted += strlen(p);
00400         }
00401 
00402         return (1);
00403 }

static char* osf1_bigcrypt ( char *  password,
char *  salt1 
) [static]

pass_check.c410 行で定義されています。

参照先 result.

参照元 password_check().

00411 {
00412         static char result[AUTH_MAX_PASSWD_LENGTH] = "";
00413         char *p1;
00414         char *p2 = password;
00415         char salt[3];
00416         int i;
00417         int parts = strlen(password) / AUTH_CLEARTEXT_SEG_CHARS;
00418         if (strlen(password) % AUTH_CLEARTEXT_SEG_CHARS)
00419                 parts++;
00420 
00421         StrnCpy(salt, salt1, 2);
00422         StrnCpy(result, salt1, 2);
00423         result[2] = '\0';
00424 
00425         for (i = 0; i < parts; i++) {
00426                 p1 = crypt(p2, salt);
00427                 strncat(result, p1 + 2,
00428                         AUTH_MAX_PASSWD_LENGTH - strlen(p1 + 2) - 1);
00429                 StrnCpy(salt, &result[2 + i * AUTH_CIPHERTEXT_SEG_CHARS], 2);
00430                 p2 += AUTH_CLEARTEXT_SEG_CHARS;
00431         }
00432 
00433         return (result);
00434 }

static NTSTATUS string_combinations2 ( char *  s,
int  offset,
NTSTATUS(*)(const char *)  fn,
int  N 
) [static]

pass_check.c445 行で定義されています。

参照先 cfnislower_ascii()lentoupper_ascii().

参照元 string_combinations().

00447 {
00448         int len = strlen(s);
00449         int i;
00450         NTSTATUS nt_status;
00451 
00452 #ifdef PASSWORD_LENGTH
00453         len = MIN(len, PASSWORD_LENGTH);
00454 #endif
00455 
00456         if (N <= 0 || offset >= len)
00457                 return (fn(s));
00458 
00459         for (i = offset; i < (len - (N - 1)); i++) {
00460                 char c = s[i];
00461                 if (!islower_ascii(c))
00462                         continue;
00463                 s[i] = toupper_ascii(c);
00464                 if (!NT_STATUS_EQUAL(nt_status = string_combinations2(s, i + 1, fn, N - 1),NT_STATUS_WRONG_PASSWORD)) {
00465                         return (nt_status);
00466                 }
00467                 s[i] = c;
00468         }
00469         return (NT_STATUS_WRONG_PASSWORD);
00470 }

static NTSTATUS string_combinations ( char *  s,
NTSTATUS(*)(const char *)  fn,
int  N 
) [static]

pass_check.c479 行で定義されています。

参照先 fnstring_combinations2().

参照元 pass_check().

00480 {
00481         int n;
00482         NTSTATUS nt_status;
00483         for (n = 1; n <= N; n++)
00484                 if (!NT_STATUS_EQUAL(nt_status = string_combinations2(s, 0, fn, n), NT_STATUS_WRONG_PASSWORD))
00485                         return nt_status;
00486         return NT_STATUS_WRONG_PASSWORD;
00487 }

static NTSTATUS password_check ( const char *  password  )  [static]

pass_check.c493 行で定義されています。

参照先 afs_auth()dfs_auth()linux_bigcrypt()osf1_bigcrypt()smb_pam_passcheck()this_cryptedthis_saltthis_user.

参照元 pass_check().

00494 {
00495 #ifdef WITH_PAM
00496         return smb_pam_passcheck(this_user, password);
00497 #else
00498 
00499         BOOL ret;
00500 
00501 #ifdef WITH_AFS
00502         if (afs_auth(this_user, password))
00503                 return NT_STATUS_OK;
00504 #endif /* WITH_AFS */
00505 
00506 #ifdef WITH_DFS
00507         if (dfs_auth(this_user, password))
00508                 return NT_STATUS_OK;
00509 #endif /* WITH_DFS */
00510 
00511 #ifdef OSF1_ENH_SEC
00512         
00513         ret = (strcmp(osf1_bigcrypt(password, this_salt),
00514                       this_crypted) == 0);
00515         if (!ret) {
00516                 DEBUG(2,
00517                       ("OSF1_ENH_SEC failed. Trying normal crypt.\n"));
00518                 ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0);
00519         }
00520         if (ret) {
00521                 return NT_STATUS_OK;
00522         } else {
00523                 return NT_STATUS_WRONG_PASSWORD;
00524         }
00525         
00526 #endif /* OSF1_ENH_SEC */
00527         
00528 #ifdef ULTRIX_AUTH
00529         ret = (strcmp((char *)crypt16(password, this_salt), this_crypted) == 0);
00530         if (ret) {
00531                 return NT_STATUS_OK;
00532         } else {
00533                 return NT_STATUS_WRONG_PASSWORD;
00534         }
00535         
00536 #endif /* ULTRIX_AUTH */
00537         
00538 #ifdef LINUX_BIGCRYPT
00539         ret = (linux_bigcrypt(password, this_salt, this_crypted));
00540         if (ret) {
00541                 return NT_STATUS_OK;
00542         } else {
00543                 return NT_STATUS_WRONG_PASSWORD;
00544         }
00545 #endif /* LINUX_BIGCRYPT */
00546         
00547 #if defined(HAVE_BIGCRYPT) && defined(HAVE_CRYPT) && defined(USE_BOTH_CRYPT_CALLS)
00548         
00549         /*
00550          * Some systems have bigcrypt in the C library but might not
00551          * actually use it for the password hashes (HPUX 10.20) is
00552          * a noteable example. So we try bigcrypt first, followed
00553          * by crypt.
00554          */
00555 
00556         if (strcmp(bigcrypt(password, this_salt), this_crypted) == 0)
00557                 return NT_STATUS_OK;
00558         else
00559                 ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0);
00560         if (ret) {
00561                 return NT_STATUS_OK;
00562         } else {
00563                 return NT_STATUS_WRONG_PASSWORD;
00564         }
00565 #else /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */
00566         
00567 #ifdef HAVE_BIGCRYPT
00568         ret = (strcmp(bigcrypt(password, this_salt), this_crypted) == 0);
00569         if (ret) {
00570                 return NT_STATUS_OK;
00571         } else {
00572                 return NT_STATUS_WRONG_PASSWORD;
00573         }
00574 #endif /* HAVE_BIGCRYPT */
00575         
00576 #ifndef HAVE_CRYPT
00577         DEBUG(1, ("Warning - no crypt available\n"));
00578         return NT_STATUS_LOGON_FAILURE;
00579 #else /* HAVE_CRYPT */
00580         ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0);
00581         if (ret) {
00582                 return NT_STATUS_OK;
00583         } else {
00584                 return NT_STATUS_WRONG_PASSWORD;
00585         }
00586 #endif /* HAVE_CRYPT */
00587 #endif /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */
00588 #endif /* WITH_PAM */
00589 }

NTSTATUS pass_check ( const struct passwd *  pass,
const char *  user,
const char *  password,
int  pwlen,
BOOL(*)(const char *, const char *)  fn,
BOOL  run_cracker 
)

pass_check.c600 行で定義されています。

参照先 fnlevelpassword_check()strhaslower()strhasupper()string_combinations()strlower_m()this_cryptedthis_saltthis_user.

参照元 cgi_handle_authorization()check_unix_security().

00602 {
00603         pstring pass2;
00604         int level = lp_passwordlevel();
00605 
00606         NTSTATUS nt_status;
00607 
00608 #ifdef DEBUG_PASSWORD
00609         DEBUG(100, ("checking user=[%s] pass=[%s]\n", user, password));
00610 #endif
00611 
00612         if (!password)
00613                 return NT_STATUS_LOGON_FAILURE;
00614 
00615         if (((!*password) || (!pwlen)) && !lp_null_passwords())
00616                 return NT_STATUS_LOGON_FAILURE;
00617 
00618 #if defined(WITH_PAM) 
00619 
00620         /*
00621          * If we're using PAM we want to short-circuit all the 
00622          * checks below and dive straight into the PAM code.
00623          */
00624 
00625         fstrcpy(this_user, user);
00626 
00627         DEBUG(4, ("pass_check: Checking (PAM) password for user %s (l=%d)\n", user, pwlen));
00628 
00629 #else /* Not using PAM */
00630 
00631         DEBUG(4, ("pass_check: Checking password for user %s (l=%d)\n", user, pwlen));
00632 
00633         if (!pass) {
00634                 DEBUG(3, ("Couldn't find user %s\n", user));
00635                 return NT_STATUS_NO_SUCH_USER;
00636         }
00637 
00638 
00639         /* Copy into global for the convenience of looping code */
00640         /* Also the place to keep the 'password' no matter what
00641            crazy struct it started in... */
00642         fstrcpy(this_crypted, pass->pw_passwd);
00643         fstrcpy(this_salt, pass->pw_passwd);
00644 
00645 #ifdef HAVE_GETSPNAM
00646         {
00647                 struct spwd *spass;
00648 
00649                 /* many shadow systems require you to be root to get
00650                    the password, in most cases this should already be
00651                    the case when this function is called, except
00652                    perhaps for IPC password changing requests */
00653 
00654                 spass = getspnam(pass->pw_name);
00655                 if (spass && spass->sp_pwdp) {
00656                         fstrcpy(this_crypted, spass->sp_pwdp);
00657                         fstrcpy(this_salt, spass->sp_pwdp);
00658                 }
00659         }
00660 #elif defined(IA_UINFO)
00661         {
00662                 /* Need to get password with SVR4.2's ia_ functions
00663                    instead of get{sp,pw}ent functions. Required by
00664                    UnixWare 2.x, tested on version
00665                    2.1. (tangent@cyberport.com) */
00666                 uinfo_t uinfo;
00667                 if (ia_openinfo(pass->pw_name, &uinfo) != -1)
00668                         ia_get_logpwd(uinfo, &(pass->pw_passwd));
00669         }
00670 #endif
00671 
00672 #ifdef HAVE_GETPRPWNAM
00673         {
00674                 struct pr_passwd *pr_pw = getprpwnam(pass->pw_name);
00675                 if (pr_pw && pr_pw->ufld.fd_encrypt)
00676                         fstrcpy(this_crypted, pr_pw->ufld.fd_encrypt);
00677         }
00678 #endif
00679 
00680 #ifdef HAVE_GETPWANAM
00681         {
00682                 struct passwd_adjunct *pwret;
00683                 pwret = getpwanam(s);
00684                 if (pwret && pwret->pwa_passwd)
00685                         fstrcpy(this_crypted, pwret->pwa_passwd);
00686         }
00687 #endif
00688 
00689 #ifdef OSF1_ENH_SEC
00690         {
00691                 struct pr_passwd *mypasswd;
00692                 DEBUG(5, ("Checking password for user %s in OSF1_ENH_SEC\n",
00693                           user));
00694                 mypasswd = getprpwnam(user);
00695                 if (mypasswd) {
00696                         fstrcpy(this_user, mypasswd->ufld.fd_name);
00697                         fstrcpy(this_crypted, mypasswd->ufld.fd_encrypt);
00698                 } else {
00699                         DEBUG(5,
00700                               ("OSF1_ENH_SEC: No entry for user %s in protected database !\n",
00701                                user));
00702                 }
00703         }
00704 #endif
00705 
00706 #ifdef ULTRIX_AUTH
00707         {
00708                 AUTHORIZATION *ap = getauthuid(pass->pw_uid);
00709                 if (ap) {
00710                         fstrcpy(this_crypted, ap->a_password);
00711                         endauthent();
00712                 }
00713         }
00714 #endif
00715 
00716 #if defined(HAVE_TRUNCATED_SALT)
00717         /* crypt on some platforms (HPUX in particular)
00718            won't work with more than 2 salt characters. */
00719         this_salt[2] = 0;
00720 #endif
00721 
00722         if (!*this_crypted) {
00723                 if (!lp_null_passwords()) {
00724                         DEBUG(2, ("Disallowing %s with null password\n",
00725                                   this_user));
00726                         return NT_STATUS_LOGON_FAILURE;
00727                 }
00728                 if (!*password) {
00729                         DEBUG(3,
00730                               ("Allowing access to %s with null password\n",
00731                                this_user));
00732                         return NT_STATUS_OK;
00733                 }
00734         }
00735 
00736 #endif /* defined(WITH_PAM) */
00737 
00738         /* try it as it came to us */
00739         nt_status = password_check(password);
00740         if NT_STATUS_IS_OK(nt_status) {
00741                 if (fn) {
00742                         fn(user, password);
00743                 }
00744                 return (nt_status);
00745         } else if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) {
00746                 /* No point continuing if its not the password thats to blame (ie PAM disabled). */
00747                 return (nt_status);
00748         }
00749 
00750         if (!run_cracker) {
00751                 return (nt_status);
00752         }
00753 
00754         /* if the password was given to us with mixed case then we don't
00755          * need to proceed as we know it hasn't been case modified by the
00756          * client */
00757         if (strhasupper(password) && strhaslower(password)) {
00758                 return nt_status;
00759         }
00760 
00761         /* make a copy of it */
00762         pstrcpy(pass2, password);
00763 
00764         /* try all lowercase if it's currently all uppercase */
00765         if (strhasupper(pass2)) {
00766                 strlower_m(pass2);
00767                 if NT_STATUS_IS_OK(nt_status = password_check(pass2)) {
00768                         if (fn)
00769                                 fn(user, pass2);
00770                         return (nt_status);
00771                 }
00772         }
00773 
00774         /* give up? */
00775         if (level < 1) {
00776                 return NT_STATUS_WRONG_PASSWORD;
00777         }
00778 
00779         /* last chance - all combinations of up to level chars upper! */
00780         strlower_m(pass2);
00781  
00782         if (NT_STATUS_IS_OK(nt_status = string_combinations(pass2, password_check, level))) {
00783                 if (fn)
00784                         fn(user, pass2);
00785                 return nt_status;
00786         }
00787         
00788         return NT_STATUS_WRONG_PASSWORD;
00789 }


変数

fstring this_user [static]

pass_check.c30 行で定義されています。

参照元 pass_check()password_check().

fstring this_salt [static]

pass_check.c32 行で定義されています。

参照元 dfs_auth()pass_check()password_check().

fstring this_crypted [static]

pass_check.c33 行で定義されています。

参照元 dfs_auth()pass_check()password_check().

sec_login_handle_t my_dce_sec_context

pass_check.c87 行で定義されています。

参照元 dfs_auth()dfs_unlogin().

int dcelogin_atmost_once = 0

pass_check.c88 行で定義されています。

参照元 dfs_auth()exit_server_common().


Sambaに対してSat Aug 29 21:23:31 2009に生成されました。  doxygen 1.4.7