diff options
author | bp <bp@FreeBSD.org> | 2001-03-22 10:38:16 +0000 |
---|---|---|
committer | bp <bp@FreeBSD.org> | 2001-03-22 10:38:16 +0000 |
commit | 6d0dd9119c5e23240326fb7d9ceca42689c0ef36 (patch) | |
tree | 18a884675140a5b5d13d5eaab8f7f8f8f80dc968 /sys/netncp/ncp_login.c | |
parent | 8da937dc1c3df023b9362ec91fdefe30b23c882b (diff) | |
download | FreeBSD-src-6d0dd9119c5e23240326fb7d9ceca42689c0ef36.zip FreeBSD-src-6d0dd9119c5e23240326fb7d9ceca42689c0ef36.tar.gz |
Move bindery authentication ncps to ncp_ncp.c file. ncp_login.c will stay
empty for a while.
Diffstat (limited to 'sys/netncp/ncp_login.c')
-rw-r--r-- | sys/netncp/ncp_login.c | 160 |
1 files changed, 0 insertions, 160 deletions
diff --git a/sys/netncp/ncp_login.c b/sys/netncp/ncp_login.c index b7e76c7..8cd347b 100644 --- a/sys/netncp/ncp_login.c +++ b/sys/netncp/ncp_login.c @@ -46,163 +46,3 @@ #include <netncp/ncp_nls.h> #include <netncp/nwerror.h> -static int ncp_login_encrypted(struct ncp_conn *conn, struct ncp_bindery_object *object, - unsigned char *key, unsigned char *passwd, - struct proc *p, struct ucred *cred); -static int ncp_login_unencrypted(struct ncp_conn *conn, u_int16_t object_type, - char *object_name, unsigned char *passwd, - struct proc *p, struct ucred *cred); -static int ncp_sign_start(struct ncp_conn *conn, char *logindata); -static int ncp_get_encryption_key(struct ncp_conn *conn, char *target); - -/* - * Initialize packet signatures. They a slightly modified MD4. - * The first 16 bytes of logindata are the shuffled password, - * the last 8 bytes the encryption key as received from the server. - */ -int -ncp_sign_start(struct ncp_conn *conn, char *logindata) { - char msg[64]; - u_int32_t state[4]; - - memcpy(msg, logindata, 24); - memcpy(msg + 24, "Authorized NetWare Client", 25); - bzero(msg + 24 + 25, sizeof(msg) - 24 - 25); - - conn->sign_state[0] = 0x67452301; - conn->sign_state[1] = 0xefcdab89; - conn->sign_state[2] = 0x98badcfe; - conn->sign_state[3] = 0x10325476; - ncp_sign(conn->sign_state, msg, state); - conn->sign_root[0] = state[0]; - conn->sign_root[1] = state[1]; - conn->flags |= NCPFL_SIGNACTIVE; - return 0; -} - -/* - * target is a 8-byte buffer - */ -int -ncp_get_encryption_key(struct ncp_conn *conn, char *target) -{ - struct ncp_rq *rqp; - int error; - - error = ncp_rq_alloc_subfn(23, 23, conn, conn->procp, conn->ucred, &rqp); - if (error) - return error; - rqp->nr_minrplen = 8; - error = ncp_request(rqp); - if (error) - return error; - md_get_mem(&rqp->rp, target, 8, MB_MSYSTEM); - ncp_rq_done(rqp); - return error; -} - -int -ncp_login_object(struct ncp_conn *conn, unsigned char *username, - int login_type, unsigned char *password, - struct proc *p,struct ucred *cred) -{ - int error; - unsigned char ncp_key[8]; - struct ncp_bindery_object user; - - if ((error = ncp_get_encryption_key(conn, ncp_key)) != 0) { - printf("%s: Warning: use unencrypted login\n", __FUNCTION__); - return ncp_login_unencrypted(conn, login_type, username, password,p,cred); - } - if ((error = ncp_get_bindery_object_id(conn, login_type, username, &user,p,cred)) != 0) { - return error; - } - error = ncp_login_encrypted(conn, &user, ncp_key, password,p,cred); - return error; -} - -int -ncp_login_encrypted(struct ncp_conn *conn, struct ncp_bindery_object *object, - unsigned char *key, unsigned char *passwd, - struct proc *p,struct ucred *cred) -{ - struct ncp_rq *rqp; - struct mbchain *mbp; - u_int32_t tmpID = htonl(object->object_id); - u_char buf[16 + 8]; - u_char encrypted[8]; - int error; - - nw_keyhash((u_char*)&tmpID, passwd, strlen(passwd), buf); - nw_encrypt(key, buf, encrypted); - - error = ncp_rq_alloc_subfn(23, 24, conn, p, cred, &rqp); - if (error) - return error; - mbp = &rqp->rq; - mb_put_mem(mbp, encrypted, 8, MB_MSYSTEM); - mb_put_uint16be(mbp, object->object_type); - ncp_rq_pstring(rqp, object->object_name); - error = ncp_request(rqp); - if (!error) - ncp_rq_done(rqp); - if ((conn->flags & NCPFL_SIGNWANTED) && - (error == 0 || error == NWE_PASSWORD_EXPIRED)) { - bcopy(key, buf + 16, 8); - error = ncp_sign_start(conn, buf); - } - return error; -} - -int -ncp_login_unencrypted(struct ncp_conn *conn, u_int16_t object_type, - char *object_name, unsigned char *passwd, - struct proc *p, struct ucred *cred) -{ - struct ncp_rq *rqp; - int error; - - error = ncp_rq_alloc_subfn(23, 20, conn, p, cred, &rqp); - if (error) - return error; - mb_put_uint16be(&rqp->rq, object_type); - ncp_rq_pstring(rqp, object_name); - ncp_rq_pstring(rqp, passwd); - error = ncp_request(rqp); - if (!error) - ncp_rq_done(rqp); - return error; -} - -/* - * Login to specified server with username and password. - * conn should be locked. - */ -int -ncp_login(struct ncp_conn *conn, char *user, int objtype, char *password, - struct proc *p, struct ucred *cred) { - int error; - - if (ncp_suser(cred) != 0 && cred->cr_uid != conn->nc_owner->cr_uid) - return EACCES; - if (conn->flags & NCPFL_LOGGED) return EALREADY; - if ((conn->flags & NCPFL_ATTACHED) == 0) return ENOTCONN; - conn->li.user = ncp_str_dup(user); - conn->li.password = ncp_str_dup(password); - if (conn->li.user == NULL || conn->li.password == NULL) { - error = EINVAL; - goto bad; - } - ncp_str_upper(conn->li.user); - if ((conn->li.opt & NCP_OPT_NOUPCASEPASS) == 0) - ncp_str_upper(conn->li.password); - checkbad(ncp_login_object(conn, conn->li.user, objtype, conn->li.password,p,cred)); - conn->li.objtype = objtype; - conn->flags |= NCPFL_LOGGED | NCPFL_WASLOGGED; - return 0; -bad: - if (conn->li.user) free(conn->li.user, M_NCPDATA); - if (conn->li.password) free(conn->li.password, M_NCPDATA); - conn->li.user = conn->li.password = NULL; - return error; -} |