proc->thread stage 4: rework the VFS and DEVICE subsystems to take thread
[dragonfly.git] / sys / netproto / ncp / ncp_login.c
CommitLineData
984263bc
MD
1/*
2 * Copyright (c) 1999, Boris Popov
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by Boris Popov.
16 * 4. Neither the name of the author nor the names of any co-contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 * $FreeBSD: src/sys/netncp/ncp_login.c,v 1.2 1999/10/12 10:36:59 bp Exp $
dadab5e9 33 * $DragonFly: src/sys/netproto/ncp/ncp_login.c,v 1.3 2003/06/25 03:56:05 dillon Exp $
984263bc
MD
34 */
35#include <sys/param.h>
36#include <sys/errno.h>
37#include <sys/malloc.h>
38#include <sys/systm.h>
39#include <sys/proc.h>
40#include <sys/socket.h>
41
42#include <netncp/ncp.h>
43#include <netncp/ncp_conn.h>
44#include <netncp/ncp_subr.h>
45#include <netncp/ncp_ncp.h>
46#include <netncp/ncp_rq.h>
47#include <netncp/ncp_nls.h>
48#include <netncp/nwerror.h>
49
50static int ncp_login_encrypted(struct ncp_conn *conn, struct ncp_bindery_object *object,
51 unsigned char *key, unsigned char *passwd,
dadab5e9 52 struct thread *td, struct ucred *cred);
984263bc
MD
53static int ncp_login_unencrypted(struct ncp_conn *conn, u_int16_t object_type,
54 char *object_name, unsigned char *passwd,
dadab5e9 55 struct thread *td, struct ucred *cred);
984263bc
MD
56static int ncp_sign_start(struct ncp_conn *conn, char *logindata);
57static int ncp_get_encryption_key(struct ncp_conn *conn, char *target);
58
59/*
60 * Initialize packet signatures. They a slightly modified MD4.
61 * The first 16 bytes of logindata are the shuffled password,
62 * the last 8 bytes the encryption key as received from the server.
63 */
64int
65ncp_sign_start(struct ncp_conn *conn, char *logindata) {
66 char msg[64];
67 u_int32_t state[4];
68
69 memcpy(msg, logindata, 24);
70 memcpy(msg + 24, "Authorized NetWare Client", 25);
71 bzero(msg + 24 + 25, sizeof(msg) - 24 - 25);
72
73 conn->sign_state[0] = 0x67452301;
74 conn->sign_state[1] = 0xefcdab89;
75 conn->sign_state[2] = 0x98badcfe;
76 conn->sign_state[3] = 0x10325476;
77 ncp_sign(conn->sign_state, msg, state);
78 conn->sign_root[0] = state[0];
79 conn->sign_root[1] = state[1];
80 conn->flags |= NCPFL_SIGNACTIVE;
81 return 0;
82}
83
84/*
85 * target is a 8-byte buffer
86 */
87int
88ncp_get_encryption_key(struct ncp_conn *conn, char *target) {
89 int error;
90 DECLARE_RQ;
91
dadab5e9 92 NCP_RQ_HEAD_S(23, 23, conn->td, conn->ucred);
984263bc
MD
93 checkbad(ncp_request(conn,rqp));
94 if (rqp->rpsize < 8) {
95 NCPFATAL("rpsize=%d < 8\n", rqp->rpsize);
96 return EIO;
97 }
98 ncp_rp_mem(rqp, target, 8);
99 NCP_RQ_EXIT;
100 return error;
101}
102
103int
104ncp_login_object(struct ncp_conn *conn, unsigned char *username,
105 int login_type, unsigned char *password,
dadab5e9 106 struct thread *td,struct ucred *cred)
984263bc
MD
107{
108 int error;
109 unsigned char ncp_key[8];
110 struct ncp_bindery_object user;
111
112 if ((error = ncp_get_encryption_key(conn, ncp_key)) != 0) {
113 printf("%s: Warning: use unencrypted login\n", __FUNCTION__);
dadab5e9 114 return ncp_login_unencrypted(conn, login_type, username, password,td,cred);
984263bc 115 }
dadab5e9 116 if ((error = ncp_get_bindery_object_id(conn, login_type, username, &user,td,cred)) != 0) {
984263bc
MD
117 return error;
118 }
dadab5e9 119 error = ncp_login_encrypted(conn, &user, ncp_key, password,td,cred);
984263bc
MD
120 return error;
121}
122
123int
124ncp_login_encrypted(struct ncp_conn *conn, struct ncp_bindery_object *object,
125 unsigned char *key, unsigned char *passwd,
dadab5e9 126 struct thread *td,struct ucred *cred) {
984263bc
MD
127 u_int32_t tmpID = htonl(object->object_id);
128 u_char buf[16 + 8];
129 u_char encrypted[8];
130 int error;
131 DECLARE_RQ;
132
133 nw_keyhash((u_char*)&tmpID, passwd, strlen(passwd), buf);
134 nw_encrypt(key, buf, encrypted);
135
dadab5e9 136 NCP_RQ_HEAD_S(23,24,td,cred);
984263bc
MD
137 ncp_rq_mem(rqp, encrypted, 8);
138 ncp_rq_word_hl(rqp, object->object_type);
139 ncp_rq_pstring(rqp, object->object_name);
140 error = ncp_request(conn, rqp);
141 NCP_RQ_EXIT_NB;
142 if (conn->flags & NCPFL_SIGNWANTED) {
143 if (error == 0 || error == NWE_PASSWORD_EXPIRED) {
144 memcpy(buf + 16, key, 8);
145 error = ncp_sign_start(conn, buf);
146 }
147 }
148 return error;
149}
150
151int
152ncp_login_unencrypted(struct ncp_conn *conn, u_int16_t object_type,
153 char *object_name, unsigned char *passwd,
dadab5e9 154 struct thread *td, struct ucred *cred)
984263bc
MD
155{
156 int error;
157 DECLARE_RQ;
158
dadab5e9 159 NCP_RQ_HEAD_S(23, 20, conn->td, conn->ucred);
984263bc
MD
160 ncp_rq_word_hl(rqp, object_type);
161 ncp_rq_pstring(rqp, object_name);
162 ncp_rq_pstring(rqp, passwd);
163 error = ncp_request(conn,rqp);
164 NCP_RQ_EXIT_NB;
165 return error;
166}
167
168/*
169 * Login to specified server with username and password.
170 * conn should be locked.
171 */
172int
173ncp_login(struct ncp_conn *conn, char *user, int objtype, char *password,
dadab5e9 174 struct thread *td, struct ucred *cred) {
984263bc
MD
175 int error;
176
177 if (ncp_suser(cred) != 0 && cred->cr_uid != conn->nc_owner->cr_uid)
178 return EACCES;
179 if (conn->flags & NCPFL_LOGGED) return EALREADY;
180 if ((conn->flags & NCPFL_ATTACHED) == 0) return ENOTCONN;
181 conn->li.user = ncp_str_dup(user);
182 conn->li.password = ncp_str_dup(password);
183 if (conn->li.user == NULL || conn->li.password == NULL) {
184 error = EINVAL;
185 goto bad;
186 }
187 ncp_str_upper(conn->li.user);
188 if ((conn->li.opt & NCP_OPT_NOUPCASEPASS) == 0)
189 ncp_str_upper(conn->li.password);
dadab5e9 190 checkbad(ncp_login_object(conn, conn->li.user, objtype, conn->li.password,td,cred));
984263bc
MD
191 conn->li.objtype = objtype;
192 conn->flags |= NCPFL_LOGGED;
193 return 0;
194bad:
195 if (conn->li.user) free(conn->li.user, M_NCPDATA);
196 if (conn->li.password) free(conn->li.password, M_NCPDATA);
197 conn->li.user = conn->li.password = NULL;
198 return error;
199}