diff -ur -N ppp-2.4.0/pppd/Makefile.linux ppp-2.4.0.test/pppd/Makefile.linux --- ppp-2.4.0/pppd/Makefile.linux Tue Mar 20 17:23:18 2001 +++ ppp-2.4.0.test/pppd/Makefile.linux Tue Mar 20 17:46:02 2001 @@ -28,9 +28,9 @@ # CC = gcc # -COPTS = -O2 -pipe -Wall -g -LIBS = -DEBUGFLAGS = -DDEBUGALL +COPTS = -O2 -pipe -Wall -g -DJES +LIBS = -lpam -lsmbpw +DEBUGFLAGS = -DDEBUGALL -DUSE_PAM ifneq ($(wildcard /usr/lib/libcrypt.*),) LIBS += -lcrypt diff -ur -N ppp-2.4.0/pppd/auth.c ppp-2.4.0.test/pppd/auth.c --- ppp-2.4.0/pppd/auth.c Tue Mar 20 17:40:27 2001 +++ ppp-2.4.0.test/pppd/auth.c Tue Mar 20 17:46:02 2001 @@ -78,6 +78,10 @@ #include "chap_ms.h" #endif #include "pathnames.h" +#ifdef JES +#include "smbpwd.h" +#define NTPASS 32 +#endif #ifdef DYNAMIC #define _PATH_DYNAMIC "/etc/ppp/getaddr" @@ -1756,6 +1760,22 @@ } } +#ifdef JES +/* From libsmb - from SAMBA */ +/************************************************************* +* Routine to set 32 hex password characters from a 16 byte array. +* **************************************************************/ + +void sethexpwd(char *p, unsigned char *pwd) +{ + if (pwd != NULL) { + int i; + for (i = 0; i < 16; i++) { + snprintf(&p[i * 2], 33, "%02X", pwd[i]); + } + } +} +#endif /* * scan_authfile - Scan an authorization file for a secret suitable @@ -1862,6 +1882,28 @@ } fclose(sf); } +#ifdef JES + else if (word[0] == '&') { + struct smb_passwd *smb; + char smbname[MAXWORDLEN]; + strlcpy(atfile, word+1, sizeof(atfile)); + setsmbfilepath(atfile); + setsmbpwent(); + while ((smb = getsmbpwent())!= NULL && + (client != NULL ? strcmp(client, smb->smb_name) != 0 : 1) && + (server != NULL ? strcmp(server, smb->smb_name) != 0 : 1)); + if (smb != NULL) { + sethexpwd(smbname, smb->smb_nt_passwd); + memcpy(word, smbname, NTPASS); + word[NTPASS]='\000'; + endsmbpwent(); + } else { + endsmbpwent(); + warn("no secret in samba secret file %s", atfile); + continue; + } + } +#endif strlcpy(lsecret, word, sizeof(lsecret)); } diff -ur -N ppp-2.4.0/pppd/extra_crypto.c ppp-2.4.0.test/pppd/extra_crypto.c --- ppp-2.4.0/pppd/extra_crypto.c Tue Mar 20 17:23:18 2001 +++ ppp-2.4.0.test/pppd/extra_crypto.c Tue Mar 20 17:46:02 2001 @@ -48,6 +48,40 @@ DesEncrypt(MSStdText, up_pass + 7, hash + 8); } +#ifdef JES +/* From libsmb - From SAMBA */ +/************************************************************* + Routine to get the 32 hex characters and turn them + into a 16 byte array. +**************************************************************/ + +int gethexpwd(unsigned char *p, unsigned char *pwd) +{ + int i; + unsigned char lonybble, hinybble; + char *hexchars = "0123456789ABCDEF"; + char *p1, *p2; + + for (i = 0; i < 32; i += 2) { + hinybble = toupper(p[i]); + lonybble = toupper(p[i + 1]); + + p1 = strchr(hexchars, hinybble); + p2 = strchr(hexchars, lonybble); + + if (!p1 || !p2) { + return (0); + } + hinybble = (p1 - hexchars); + lonybble = (p2 - hexchars); + + pwd[i / 2] = (hinybble << 4) | lonybble; + } + return (1); +} + +#endif + void NtPasswordHash(char *secret, int secret_len, unsigned char *hash) { @@ -56,12 +90,20 @@ /* Initialize the Unicode version of the secret (== password). */ /* This implicitly supports 8-bit ISO8859/1 characters. */ +#ifdef JES + if(secret_len != 32) { +#endif BZERO(unicodePassword, sizeof(unicodePassword)); for (i = 0; i < secret_len; i++) unicodePassword[i * 2] = (u_char)secret[i]; /* Unicode is 2 bytes per char */ md4(unicodePassword, secret_len * 2, hash); +#ifdef JES + } else { + gethexpwd(secret, hash); + } +#endif } diff -ur -N ppp-2.4.0/pppd/smbpwd.h ppp-2.4.0.test/pppd/smbpwd.h --- ppp-2.4.0/pppd/smbpwd.h Thu Jan 1 12:00:00 1970 +++ ppp-2.4.0.test/pppd/smbpwd.h Tue Mar 20 17:46:02 2001 @@ -0,0 +1,79 @@ +/* SMB password reading library atp 1999, based on code from samba 2.0.5a */ +/* This code is licensed under the GPL Version 2 or later (at your option), + * and constitutes a derived work of the original samba code. + * + * oct 12 1999 - initial revision. atp. + * + * Include this file in your program to use this library. + * + */ + +#ifndef _SMBPWD_H +#define _SMBPWD_H 1 + +/* C++ needs to know that types and declarations are C, not C++. */ +#ifdef __cplusplus +# define __BEGIN_DECLS extern "C" { +# define __END_DECLS +} +#else +# define __BEGIN_DECLS +# define __END_DECLS +#endif + +#ifndef _SYS_TYPES_H +#include +#endif + +__BEGIN_DECLS + +/* Allowable account control bits */ +#define ACB_DISABLED 0x0001 /* 1 = User account disabled */ +#define ACB_HOMDIRREQ 0x0002 /* 1 = Home directory required */ +#define ACB_PWNOTREQ 0x0004 /* 1 = User password not required */ +#define ACB_TEMPDUP 0x0008 /* 1 = Temporary duplicate account */ +#define ACB_NORMAL 0x0010 /* 1 = Normal user account */ +#define ACB_MNS 0x0020 /* 1 = MNS logon user account */ +#define ACB_DOMTRUST 0x0040 /* 1 = Interdomain trust account */ +#define ACB_WSTRUST 0x0080 /* 1 = Workstation trust account */ +#define ACB_SVRTRUST 0x0100 /* 1 = Server trust account */ +#define ACB_PWNOEXP 0x0200 /* 1 = User password does not expire */ +#define ACB_AUTOLOCK 0x0400 /* 1 = Account auto locked */ + +#define MAX_HOURS_LEN 32 + +struct smb_passwd +{ + uid_t smb_userid; /* this is actually the unix uid_t */ + char *smb_name; /* username string */ + + unsigned char *smb_passwd; /* Null if no password */ + unsigned char *smb_nt_passwd; /* Null if no password */ + + unsigned short int smb_acct_ctrl; /* account info (ACB_xxxx bit-mask) */ + time_t smb_pwlst; /* password last set time */ + char *smb_gecos; /* realname */ +}; + +/* prototypes and forward declarations */ +struct smb_passwd *getsmbpwent(void); +void setsmbpwent(void); +void endsmbpwent(void); +#if 0 +int putpwent(const struct smb_passwd *p, FILE *stream); +#endif + +/* Function to explicity set the path to the smbpasswd file */ +int setsmbfilepath(char *path); + +/* Encryption stubs */ + +void smbcrypt (unsigned char *plain, unsigned char nt_pass[16], unsigned char smb_pass[16]); + +/* redhat */ +#define SMB_PASSWORD_FILE "/etc/smbpasswd" + + +__END_DECLS + +#endif /* smbpwd.h */