18ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/*********************************************************************** 28ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* 38ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* winbind.c 48ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* 58ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* WINBIND plugin for pppd. Performs PAP, CHAP, MS-CHAP, MS-CHAPv2 68ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* authentication using WINBIND to contact a NT-style PDC. 78ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* 88ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* Based on the structure of the radius module. 98ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* 108ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* Copyright (C) 2003 Andrew Bartlet <abartlet@samba.org> 118ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* 128ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* Copyright 1999 Paul Mackerras, Alan Curry. 138ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* (pipe read code from passpromt.c) 148ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* 158ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* Copyright (C) 2002 Roaring Penguin Software Inc. 168ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* 178ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* Based on a patch for ipppd, which is: 188ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* Copyright (C) 1996, Matjaz Godec <gody@elgo.si> 198ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* Copyright (C) 1996, Lars Fenneberg <in5y050@public.uni-hamburg.de> 208ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* Copyright (C) 1997, Miguel A.L. Paraz <map@iphil.net> 218ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* 228ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* Uses radiusclient library, which is: 238ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* Copyright (C) 1995,1996,1997,1998 Lars Fenneberg <lf@elemental.net> 248ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* Copyright (C) 2002 Roaring Penguin Software Inc. 258ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* 268ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* MPPE support is by Ralf Hofmann, <ralf.hofmann@elvido.net>, with 278ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* modification from Frank Cusack, <frank@google.com>. 288ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* 298ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* Updated on 2003-12-12 to support updated PPP plugin API from latest CVS 308ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* Copyright (C) 2003, Sean E. Millichamp <sean at bruenor dot org> 318ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* 328ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* This plugin may be distributed according to the terms of the GNU 338ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* General Public License, version 2 or (at your option) any later version. 348ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* 358ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project***********************************************************************/ 368ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 378ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include "pppd.h" 388ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include "chap-new.h" 398ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include "chap_ms.h" 408ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef MPPE 418ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include "md5.h" 428ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif 438ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include "fsm.h" 448ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include "ipcp.h" 458ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <syslog.h> 468ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <sys/types.h> 478ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <sys/stat.h> 488ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <fcntl.h> 498ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <sys/time.h> 508ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <sys/wait.h> 518ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <string.h> 528ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <unistd.h> 538ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <stdlib.h> 548ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <errno.h> 558ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#include <ctype.h> 568ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 578ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#define BUF_LEN 1024 588ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 598ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#define NOT_AUTHENTICATED 0 608ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#define AUTHENTICATED 1 618ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 628ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic char *ntlm_auth = NULL; 638ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 648ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic int set_ntlm_auth(char **argv) 658ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 668ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *p; 678ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 688ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project p = argv[0]; 698ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (p[0] != '/') { 708ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project option_error("ntlm_auth-helper argument must be full path"); 718ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return 0; 728ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 738ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project p = strdup(p); 748ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (p == NULL) { 758ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project novm("ntlm_auth-helper argument"); 768ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return 0; 778ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 788ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (ntlm_auth != NULL) 798ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project free(ntlm_auth); 808ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ntlm_auth = p; 818ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return 1; 828ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 838ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 848ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic option_t Options[] = { 858ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project { "ntlm_auth-helper", o_special, (void *) &set_ntlm_auth, 868ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project "Path to ntlm_auth executable", OPT_PRIV }, 878ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project { NULL } 888ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project}; 898ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 908ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic int 918ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectwinbind_secret_check(void); 928ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 938ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic int winbind_pap_auth(char *user, 948ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *passwd, 958ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char **msgp, 968ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project struct wordlist **paddrs, 978ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project struct wordlist **popts); 988ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic int winbind_chap_verify(char *user, char *ourname, int id, 998ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project struct chap_digest_type *digest, 1008ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project unsigned char *challenge, 1018ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project unsigned char *response, 1028ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *message, int message_space); 1038ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic int winbind_allowed_address(u_int32_t addr); 1048ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1058ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectchar pppd_version[] = VERSION; 1068ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1078ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/********************************************************************** 1088ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* %FUNCTION: plugin_init 1098ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* %ARGUMENTS: 1108ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* None 1118ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* %RETURNS: 1128ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* Nothing 1138ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* %DESCRIPTION: 1148ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* Initializes WINBIND plugin. 1158ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project***********************************************************************/ 1168ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectvoid 1178ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectplugin_init(void) 1188ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 1198ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project pap_check_hook = winbind_secret_check; 1208ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project pap_auth_hook = winbind_pap_auth; 1218ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1228ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project chap_check_hook = winbind_secret_check; 1238ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project chap_verify_hook = winbind_chap_verify; 1248ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1258ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project allowed_address_hook = winbind_allowed_address; 1268ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1278ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Don't ask the peer for anything other than MS-CHAP or MS-CHAP V2 */ 1288ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project chap_mdtype_all &= (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT); 1298ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1308ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project add_options(Options); 1318ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1328ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project info("WINBIND plugin initialized."); 1338ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 1348ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1358ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/** 1368ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project Routine to get hex characters and turn them into a 16 byte array. 1378ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project the array can be variable length, and any non-hex-numeric 1388ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project characters are skipped. "0xnn" or "0Xnn" is specially catered 1398ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project for. 1408ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1418ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project valid examples: "0A5D15"; "0x15, 0x49, 0xa2"; "59\ta9\te3\n" 1428ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1438ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project**/ 1448ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1458ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/* 1468ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project Unix SMB/CIFS implementation. 1478ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project Samba utility functions 1488ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1498ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project Copyright (C) Andrew Tridgell 1992-2001 1508ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project Copyright (C) Simo Sorce 2001-2002 1518ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project Copyright (C) Martin Pool 2003 1528ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1538ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project This program is free software; you can redistribute it and/or modify 1548ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project it under the terms of the GNU General Public License as published by 1558ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project the Free Software Foundation; either version 2 of the License, or 1568ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project (at your option) any later version. 1578ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1588ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project This program is distributed in the hope that it will be useful, 1598ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project but WITHOUT ANY WARRANTY; without even the implied warranty of 1608ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 1618ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project GNU General Public License for more details. 1628ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1638ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project You should have received a copy of the GNU General Public License 1648ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project along with this program; if not, write to the Free Software 1658ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 1668ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project*/ 1678ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1688ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectsize_t strhex_to_str(char *p, size_t len, const char *strhex) 1698ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 1708ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project size_t i; 1718ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project size_t num_chars = 0; 1728ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project unsigned char lonybble, hinybble; 1738ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project const char *hexchars = "0123456789ABCDEF"; 1748ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *p1 = NULL, *p2 = NULL; 1758ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1768ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project for (i = 0; i < len && strhex[i] != 0; i++) { 1778ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (strncmp(hexchars, "0x", 2) == 0) { 1788ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project i++; /* skip two chars */ 1798ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project continue; 1808ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 1818ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1828ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (!(p1 = strchr(hexchars, toupper(strhex[i])))) 1838ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project break; 1848ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1858ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project i++; /* next hex digit */ 1868ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1878ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (!(p2 = strchr(hexchars, toupper(strhex[i])))) 1888ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project break; 1898ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1908ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* get the two nybbles */ 1918ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project hinybble = (p1 - hexchars); 1928ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project lonybble = (p2 - hexchars); 1938ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1948ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project p[num_chars] = (hinybble << 4) | lonybble; 1958ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project num_chars++; 1968ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 1978ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project p1 = NULL; 1988ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project p2 = NULL; 1998ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 2008ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return num_chars; 2018ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 2028ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2038ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic const char *b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; 2048ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2058ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/** 2068ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * Encode a base64 string into a malloc()ed string caller to free. 2078ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project * 2088ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project *From SQUID: adopted from http://ftp.sunet.se/pub2/gnu/vm/base64-encode.c with adjustments 2098ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project **/ 2108ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectchar * base64_encode(const char *data) 2118ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 2128ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int bits = 0; 2138ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int char_count = 0; 2148ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project size_t out_cnt = 0; 2158ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project size_t len = strlen(data); 2168ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project size_t output_len = strlen(data) * 2; 2178ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *result = malloc(output_len); /* get us plenty of space */ 2188ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2198ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project while (len-- && out_cnt < (output_len) - 5) { 2208ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int c = (unsigned char) *(data++); 2218ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project bits += c; 2228ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char_count++; 2238ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (char_count == 3) { 2248ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project result[out_cnt++] = b64[bits >> 18]; 2258ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project result[out_cnt++] = b64[(bits >> 12) & 0x3f]; 2268ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project result[out_cnt++] = b64[(bits >> 6) & 0x3f]; 2278ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project result[out_cnt++] = b64[bits & 0x3f]; 2288ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project bits = 0; 2298ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char_count = 0; 2308ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } else { 2318ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project bits <<= 8; 2328ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 2338ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 2348ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (char_count != 0) { 2358ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project bits <<= 16 - (8 * char_count); 2368ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project result[out_cnt++] = b64[bits >> 18]; 2378ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project result[out_cnt++] = b64[(bits >> 12) & 0x3f]; 2388ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (char_count == 1) { 2398ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project result[out_cnt++] = '='; 2408ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project result[out_cnt++] = '='; 2418ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } else { 2428ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project result[out_cnt++] = b64[(bits >> 6) & 0x3f]; 2438ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project result[out_cnt++] = '='; 2448ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 2458ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 2468ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project result[out_cnt] = '\0'; /* terminate */ 2478ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return result; 2488ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 2498ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2508ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectunsigned int run_ntlm_auth(const char *username, 2518ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project const char *domain, 2528ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project const char *full_username, 2538ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project const char *plaintext_password, 2548ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project const u_char *challenge, 2558ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project size_t challenge_length, 2568ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project const u_char *lm_response, 2578ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project size_t lm_response_length, 2588ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project const u_char *nt_response, 2598ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project size_t nt_response_length, 2608ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char nt_key[16], 2618ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char **error_string) 2628ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 2638ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2648ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project pid_t forkret; 2658ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int child_in[2]; 2668ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int child_out[2]; 2678ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int status; 2688ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2698ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int authenticated = NOT_AUTHENTICATED; /* not auth */ 2708ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int got_user_session_key = 0; /* not got key */ 2718ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2728ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char buffer[1024]; 2738ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2748ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project FILE *pipe_in; 2758ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project FILE *pipe_out; 2768ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2778ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int i; 2788ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *challenge_hex; 2798ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *lm_hex_hash; 2808ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *nt_hex_hash; 2818ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2828ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* First see if we have a program to run... */ 2838ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (ntlm_auth == NULL) 2848ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return NOT_AUTHENTICATED; 2858ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2868ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Make first child */ 2878ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (pipe(child_out) == -1) { 2888ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project error("pipe creation failed for child OUT!"); 2898ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return NOT_AUTHENTICATED; 2908ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 2918ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2928ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (pipe(child_in) == -1) { 2938ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project error("pipe creation failed for child IN!"); 2948ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return NOT_AUTHENTICATED; 2958ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 2968ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 2978ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project forkret = safe_fork(child_in[0], child_out[1], 2); 2988ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (forkret == -1) { 2998ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (error_string) { 3008ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project *error_string = strdup("fork failed!"); 3018ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 3028ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3038ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return NOT_AUTHENTICATED; 3048ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 3058ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3068ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (forkret == 0) { 3078ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* child process */ 3088ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project close(child_out[0]); 3098ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project close(child_in[1]); 3108ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3118ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* run winbind as the user that invoked pppd */ 3128ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project setgid(getgid()); 3138ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project setuid(getuid()); 3148ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project execl("/bin/sh", "sh", "-c", ntlm_auth, NULL); 3158ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project perror("pppd/winbind: could not exec /bin/sh"); 3168ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project exit(1); 3178ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 3188ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3198ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* parent */ 3208ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project close(child_out[1]); 3218ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project close(child_in[0]); 3228ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3238ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Need to write the User's info onto the pipe */ 3248ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3258ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project pipe_in = fdopen(child_in[1], "w"); 3268ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3278ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project pipe_out = fdopen(child_out[0], "r"); 3288ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3298ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* look for session key coming back */ 3308ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3318ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (username) { 3328ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *b64_username = base64_encode(username); 3338ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project fprintf(pipe_in, "Username:: %s\n", b64_username); 3348ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project free(b64_username); 3358ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 3368ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3378ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (domain) { 3388ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *b64_domain = base64_encode(domain); 3398ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project fprintf(pipe_in, "NT-Domain:: %s\n", b64_domain); 3408ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project free(b64_domain); 3418ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 3428ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3438ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (full_username) { 3448ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *b64_full_username = base64_encode(full_username); 3458ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project fprintf(pipe_in, "Full-Username:: %s\n", b64_full_username); 3468ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project free(b64_full_username); 3478ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 3488ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3498ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (plaintext_password) { 3508ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *b64_plaintext_password = base64_encode(plaintext_password); 3518ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project fprintf(pipe_in, "Password:: %s\n", b64_plaintext_password); 3528ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project free(b64_plaintext_password); 3538ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 3548ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3558ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (challenge_length) { 3568ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project fprintf(pipe_in, "Request-User-Session-Key: yes\n"); 3578ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3588ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project challenge_hex = malloc(challenge_length*2+1); 3598ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3608ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project for (i = 0; i < challenge_length; i++) 3618ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project sprintf(challenge_hex + i * 2, "%02X", challenge[i]); 3628ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3638ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project fprintf(pipe_in, "LANMAN-Challenge: %s\n", challenge_hex); 3648ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project free(challenge_hex); 3658ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 3668ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3678ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (lm_response_length) { 3688ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project lm_hex_hash = malloc(lm_response_length*2+1); 3698ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3708ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project for (i = 0; i < lm_response_length; i++) 3718ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project sprintf(lm_hex_hash + i * 2, "%02X", lm_response[i]); 3728ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3738ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project fprintf(pipe_in, "LANMAN-response: %s\n", lm_hex_hash); 3748ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project free(lm_hex_hash); 3758ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 3768ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3778ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (nt_response_length) { 3788ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project nt_hex_hash = malloc(nt_response_length*2+1); 3798ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3808ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project for (i = 0; i < nt_response_length; i++) 3818ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project sprintf(nt_hex_hash + i * 2, "%02X", nt_response[i]); 3828ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3838ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project fprintf(pipe_in, "NT-response: %s\n", nt_hex_hash); 3848ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project free(nt_hex_hash); 3858ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 3868ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3878ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project fprintf(pipe_in, ".\n"); 3888ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project fflush(pipe_in); 3898ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3908ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project while (fgets(buffer, sizeof(buffer)-1, pipe_out) != NULL) { 3918ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *message, *parameter; 3928ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (buffer[strlen(buffer)-1] != '\n') { 3938ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project break; 3948ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 3958ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project buffer[strlen(buffer)-1] = '\0'; 3968ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project message = buffer; 3978ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 3988ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (!(parameter = strstr(buffer, ": "))) { 3998ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project break; 4008ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 4018ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4028ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project parameter[0] = '\0'; 4038ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project parameter++; 4048ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project parameter[0] = '\0'; 4058ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project parameter++; 4068ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4078ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (strcmp(message, ".") == 0) { 4088ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* end of sequence */ 4098ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project break; 4108ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } else if (strcasecmp(message, "Authenticated") == 0) { 4118ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (strcasecmp(parameter, "Yes") == 0) { 4128ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project authenticated = AUTHENTICATED; 4138ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } else { 4148ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project notice("Winbind has declined authentication for user!"); 4158ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project authenticated = NOT_AUTHENTICATED; 4168ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 4178ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } else if (strcasecmp(message, "User-session-key") == 0) { 4188ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* length is the number of characters to parse */ 4198ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (nt_key) { 4208ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (strhex_to_str(nt_key, 32, parameter) == 16) { 4218ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project got_user_session_key = 1; 4228ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } else { 4238ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project notice("NT session key for user was not 16 bytes!"); 4248ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 4258ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 4268ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } else if (strcasecmp(message, "Error") == 0) { 4278ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project authenticated = NOT_AUTHENTICATED; 4288ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (error_string) 4298ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project *error_string = strdup(parameter); 4308ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } else if (strcasecmp(message, "Authentication-Error") == 0) { 4318ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project authenticated = NOT_AUTHENTICATED; 4328ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (error_string) 4338ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project *error_string = strdup(parameter); 4348ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } else { 4358ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project notice("unrecognised input from ntlm_auth helper - %s: %s", message, parameter); 4368ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 4378ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 4388ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4398ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* parent */ 4408ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (close(child_out[0]) == -1) { 4418ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project notice("error closing pipe?!? for child OUT[0]"); 4428ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return NOT_AUTHENTICATED; 4438ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 4448ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4458ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* parent */ 4468ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (close(child_in[1]) == -1) { 4478ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project notice("error closing pipe?!? for child IN[1]"); 4488ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return NOT_AUTHENTICATED; 4498ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 4508ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4518ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project while ((wait(&status) == -1) && errno == EINTR) 4528ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ; 4538ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4548ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if ((authenticated == AUTHENTICATED) && nt_key && !got_user_session_key) { 4558ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project notice("Did not get user session key, despite being authenticated!"); 4568ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return NOT_AUTHENTICATED; 4578ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 4588ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return authenticated; 4598ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 4608ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4618ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/********************************************************************** 4628ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* %FUNCTION: winbind_secret_check 4638ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* %ARGUMENTS: 4648ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* None 4658ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* %RETURNS: 4668ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* 0 if we don't have an ntlm_auth program to run, otherwise 1. 4678ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* %DESCRIPTION: 4688ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* Tells pppd that we will try to authenticate the peer, and not to 4698ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* worry about looking in /etc/ppp/ *-secrets 4708ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project***********************************************************************/ 4718ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic int 4728ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectwinbind_secret_check(void) 4738ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 4748ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return ntlm_auth != NULL; 4758ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 4768ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 4778ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/********************************************************************** 4788ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* %FUNCTION: winbind_pap_auth 4798ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* %ARGUMENTS: 4808ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* user -- user-name of peer 4818ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* passwd -- password supplied by peer 4828ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* msgp -- Message which will be sent in PAP response 4838ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* paddrs -- set to a list of possible peer IP addresses 4848ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* popts -- set to a list of additional pppd options 4858ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* %RETURNS: 4868ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* 1 if we can authenticate, -1 if we cannot. 4878ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* %DESCRIPTION: 4888ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* Performs PAP authentication using WINBIND 4898ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project***********************************************************************/ 4908ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic int 4918ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectwinbind_pap_auth(char *user, 4928ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *password, 4938ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char **msgp, 4948ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project struct wordlist **paddrs, 4958ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project struct wordlist **popts) 4968ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 4978ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (run_ntlm_auth(NULL, NULL, user, password, NULL, 0, NULL, 0, NULL, 0, NULL, msgp) == AUTHENTICATED) { 4988ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return 1; 4998ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 5008ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return -1; 5018ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 5028ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5038ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project/********************************************************************** 5048ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* %FUNCTION: winbind_chap_auth 5058ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* %ARGUMENTS: 5068ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* user -- user-name of peer 5078ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* remmd -- hash received from peer 5088ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* remmd_len -- length of remmd 5098ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* cstate -- pppd's chap_state structure 5108ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* %RETURNS: 5118ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* AUTHENTICATED (1) if we can authenticate, NOT_AUTHENTICATED (0) if we cannot. 5128ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* %DESCRIPTION: 5138ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project* Performs MS-CHAP and MS-CHAPv2 authentication using WINBIND. 5148ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project***********************************************************************/ 5158ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5168ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic int 5178ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectwinbind_chap_verify(char *user, char *ourname, int id, 5188ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project struct chap_digest_type *digest, 5198ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project unsigned char *challenge, 5208ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project unsigned char *response, 5218ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *message, int message_space) 5228ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 5238ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int challenge_len, response_len; 5248ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char domainname[256]; 5258ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *domain; 5268ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *username; 5278ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *p; 5288ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char saresponse[MS_AUTH_RESPONSE_LENGTH+1]; 5298ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5308ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* The first byte of each of these strings contains their length */ 5318ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project challenge_len = *challenge++; 5328ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project response_len = *response++; 5338ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5348ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* remove domain from "domain\username" */ 5358ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if ((username = strrchr(user, '\\')) != NULL) 5368ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ++username; 5378ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project else 5388ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project username = user; 5398ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5408ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project strlcpy(domainname, user, sizeof(domainname)); 5418ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5428ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* remove domain from "domain\username" */ 5438ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if ((p = strrchr(domainname, '\\')) != NULL) { 5448ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project *p = '\0'; 5458ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project domain = domainname; 5468ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } else { 5478ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project domain = NULL; 5488ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 5498ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5508ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* generate MD based on negotiated type */ 5518ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project switch (digest->code) { 5528ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5538ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project case CHAP_MICROSOFT: 5548ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project { 5558ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *error_string = NULL; 5568ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char *nt_response = NULL; 5578ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char *lm_response = NULL; 5588ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int nt_response_size = 0; 5598ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project int lm_response_size = 0; 5608ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project MS_ChapResponse *rmd = (MS_ChapResponse *) response; 5618ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char session_key[16]; 5628ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5638ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (response_len != MS_CHAP_RESPONSE_LEN) 5648ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project break; /* not even the right length */ 5658ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5668ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Determine which part of response to verify against */ 5678ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (rmd->UseNT[0]) { 5688ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project nt_response = rmd->NTResp; 5698ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project nt_response_size = sizeof(rmd->NTResp); 5708ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } else { 5718ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#ifdef MSLANMAN 5728ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project lm_response = rmd->LANManResp; 5738ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project lm_response_size = sizeof(rmd->LANManResp); 5748ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#else 5758ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* Should really propagate this into the error packet. */ 5768ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project notice("Peer request for LANMAN auth not supported"); 5778ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return NOT_AUTHENTICATED; 5788ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project#endif /* MSLANMAN */ 5798ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 5808ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5818ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* ship off to winbind, and check */ 5828ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5838ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (run_ntlm_auth(username, 5848ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project domain, 5858ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project NULL, 5868ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project NULL, 5878ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project challenge, 5888ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project challenge_len, 5898ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project lm_response, 5908ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project lm_response ? lm_response_size: 0, 5918ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project nt_response, 5928ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project nt_response ? nt_response_size: 0, 5938ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project session_key, 5948ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project &error_string) == AUTHENTICATED) { 5958ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project mppe_set_keys(challenge, session_key); 5968ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project slprintf(message, message_space, "Access granted"); 5978ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return AUTHENTICATED; 5988ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 5998ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } else { 6008ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (error_string) { 6018ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project notice(error_string); 6028ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project free(error_string); 6038ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 6048ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project slprintf(message, message_space, "E=691 R=1 C=%0.*B V=0", 6058ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project challenge_len, challenge); 6068ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return NOT_AUTHENTICATED; 6078ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 6088ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project break; 6098ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 6108ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6118ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project case CHAP_MICROSOFT_V2: 6128ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project { 6138ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project MS_Chap2Response *rmd = (MS_Chap2Response *) response; 6148ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char Challenge[8]; 6158ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project u_char session_key[MD4_SIGNATURE_SIZE]; 6168ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project char *error_string = NULL; 6178ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6188ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (response_len != MS_CHAP2_RESPONSE_LEN) 6198ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project break; /* not even the right length */ 6208ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6218ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ChallengeHash(rmd->PeerChallenge, challenge, user, Challenge); 6228ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6238ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project /* ship off to winbind, and check */ 6248ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6258ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (run_ntlm_auth(username, 6268ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project domain, 6278ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project NULL, 6288ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project NULL, 6298ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project Challenge, 6308ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 8, 6318ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project NULL, 6328ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 0, 6338ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project rmd->NTResp, 6348ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project sizeof(rmd->NTResp), 6358ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6368ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project session_key, 6378ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project &error_string) == AUTHENTICATED) { 6388ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6398ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project GenerateAuthenticatorResponse(session_key, 6408ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project rmd->NTResp, rmd->PeerChallenge, 6418ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project challenge, user, 6428ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project saresponse); 6438ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project mppe_set_keys2(session_key, rmd->NTResp, MS_CHAP2_AUTHENTICATOR); 6448ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (rmd->Flags[0]) { 6458ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project slprintf(message, message_space, "S=%s", saresponse); 6468ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } else { 6478ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project slprintf(message, message_space, "S=%s M=%s", 6488ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project saresponse, "Access granted"); 6498ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 6508ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return AUTHENTICATED; 6518ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6528ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } else { 6538ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (error_string) { 6548ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project notice(error_string); 6558ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project slprintf(message, message_space, "E=691 R=1 C=%0.*B V=0 M=%s", 6568ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project challenge_len, challenge, error_string); 6578ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project free(error_string); 6588ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } else { 6598ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project slprintf(message, message_space, "E=691 R=1 C=%0.*B V=0 M=%s", 6608ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project challenge_len, challenge, "Access denied"); 6618ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 6628ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return NOT_AUTHENTICATED; 6638ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 6648ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project break; 6658ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 6668ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6678ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project default: 6688ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project error("WINBIND: Challenge type %u unsupported", digest->code); 6698ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 6708ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return NOT_AUTHENTICATED; 6718ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 6728ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 6738ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectstatic int 6748ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectwinbind_allowed_address(u_int32_t addr) 6758ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project{ 6768ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project ipcp_options *wo = &ipcp_wantoptions[0]; 6778ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project if (wo->hisaddr !=0 && wo->hisaddr == addr) { 6788ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return 1; 6798ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project } 6808ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project return -1; 6818ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project} 682