Apache2-AuthenNTLM
view release on metacpan or search on metacpan
AuthenNTLM.pm view on Meta::CPAN
$r->log_error("SMB Server connection not open in state 3 for ".$r-> uri) ;return;}my$rc;STDERR"[$$] AuthenNTLM: Verify user $self->{username} via smb server\n"if($debug) ;if($self-> {basic}){$rc= Authen::Smb::Valid_User_Auth ($self-> {smbhandle},$self->{username},$self-> {password}) ;}else{$rc= Authen::Smb::Valid_User_Auth ($self-> {smbhandle},$self->{username},$self-> {usernthash}, 1,$self->{userdomain}) ;}my$errno= Authen::Smb::SMBlib_errno ;my$smberr= Authen::Smb::SMBlib_SMB_Error ;Authen::Smb::Valid_User_Disconnect ($self-> {smbhandle})if($self-> {smbhandle}) ;$self-> {smbhandle} =undef;$self-> {lock} =undef;if($rc==&Authen::Smb::NTV_LOGON_ERROR){$r->log_error("Wrong password/user (rc=$rc/$errno/$smberr): $self->{userdomain}\\$self->{username} for ".$r-> uri) ;STDERR"[$$] AuthenNTLM: rc = $rc ntlmhash = $self->{usernthash}\n"if($debug) ;return;}if($rc){$r->log_reason("SMB Server error $rc/$errno/$smberr for ".$r-> uri) ;return;}
AuthenNTLM.pm view on Meta::CPAN
return$type;}subget_basic{my($self,$r,$data) =@_;($self-> {username},$self-> {password}) =split(/:/,$data) ;my($domain,$username) =split(/\\|\//,$self-> {username}) ;if($username){$self-> {domain} =$domain;$self-> {username} =$username;}else{$self-> {domain} =$self-> {defaultdomain} ;
AuthenNTLM.pm view on Meta::CPAN
PerlSetVar ntlmdebug 1</Location>=head1 DESCRIPTIONThe purpose of this module is to perform a user authentication via Microsoft'sNTLM protocol. This protocol is supported by all versions of the InternetExplorer and is mainly useful for intranets. Depending on your preferencessetting IE will supply your windows logon credentials to the web serverwhen the server asks for NTLM authentication. This saves the user to type inhis/her password again.The NTLM protocol performs a challenge/response to exchange a random number(nonce) and get back a md4 hash, which is built from the user's passwordand the nonce. This makes sure that no password goes over the wire in plain text.The main advantage of the Perl implementation is, that it can be easily extendedto verify the user/password against other sources than a windows domain controller.The defaultf implementation is to go to the domain controller for the given domainand verify the user. If you want to verify the user against another source, youcan inherit from Apache2::AuthenNTLM and override it's methods.To support users that aren't using Internet Explorer, Apache2::AuthenNTLM canalso perform basic authentication depending on its configuration.B<IMPORTANT:> NTLM authentification works only when KeepAlive is on. (If you have set ntlmdebug 2, and see that there is no return message (type 3), check your httpd.conf file for "KeepAlive Off". If KeepAlive Off, then change it to KeepAlive On, re...
AuthenNTLM.pm view on Meta::CPAN
Setwhenwe are doing basic authentication=item $self -> {ntlm}Set when we are doing ntlm authentication=item $self -> {username}The username=item $self -> {password}The password when doing basic authentication=item $self -> {usernthash}The md4 hash when doing ntlm authentication=item $self -> {userdomain}The domain=back
OVERVIEW========The purpose of this module is to perform a user authentication via Microsoft'sNTLM protocol. This protocol is supported by all versions of the InternetExplorer and is mainly usefulforintranets. Depending on your preferencessetting, IE will supply your windows logon credentials to the web serverwhenthe server asksforNTLM authentication. This saves the user to type inhis/her password again.The NTLM protocol performs a challenge/response to exchange a random number(nonce) and get back a md4 hash, which is built form the users passwordand the nonce. This makes sure thatnopassword goes over the wire in plain text,so it's more secure than basic authentication, which doesn't mean it'sa real secure authentication scheme. ;)Some information about NTLM can be found at:More detailed implementation details are available from:A lot of ideas and information are taken from the similar Apache module mod_ntlm,which can be found at http://sourceforge.net/projects/modntlm/The main advantage of the Perl implementation is, that it can be easily extendedto verify the user/password against other sources than a windows domain controller.Thedefaultimplementation is to go to the domain controllerforthegivendomainand verify the user. If you want to verify the user against another source, youcan inherit from Apache::AuthenNTLM andoverrideits methods.To support users that aren't using Internet Explorer, Apache::AuthenNTLM canalso perform basic authentication depending on it's configuration.Apache::AuthenNTLM contains an extended version of Authen::Smb, which exposessome more functions to Perl.
smb/Changes view on Meta::CPAN
0.7 Mon Apr 19 19:22:13 1999- Resolved some segfault problems on various platforms by reducingthe optimization during the smbval compile.0.8 Mon Apr 19 19:37:13 1999- Shot another smbval bug.0.81 Sun Jun 6 10:2:09 1999- Updated to the latest smbval library, hopefully resolving somesegfaults and authentication problemsforusernames and passwordswithweird characters in them.- Cleaned up Smb.xs- Unreleased version0.9 Sun Jun 6 18:50:23 1999- While toyingaroundwithsmbval, discovered some buffer overflowsin the library. Workedaroundthem in the perl portion of themodulefornow, but will get in touchwithauthor totryandmerge some patches to resolve the overflows in the library itself.Because of these overflows, it is _critical_ that anyone using
subauthen {my@args=@_;# Truncate everything to length 80 to avoid poor coding practices in the# smbvalid.a (buffer overflows) PMK--fixme in smbvalid.a when possible.formy$i( 0..$#args) {$args[$i] =substr($args[$i], 0, 80);}my($username,$password,$server,$backup,$domain) =@args;my$res= Valid_User($username,$password,$server,$backup,$domain);$res}subAUTOLOAD {# This AUTOLOAD is used to 'autoload' constants from the constant()# XS function. If a constant is not found then control is passed# to the AUTOLOAD in AutoLoader.my$constname;
MODULE = Authen::Smb PACKAGE = Authen::Smbdoubleconstant(name,arg)char * nameintargintValid_User(username, password, server, backup, domain)char * usernamechar * passwordchar * serverchar * backupchar * domainOUTPUT:RETVALvoid *Valid_User_Connect(server,backup,domain,nonce)
if(!SvPOK (ST(3)) || SvCUR(ST(3)) < 8)croak ("nonce muist be preallocated with an 8 character string") ;RETVAL = Valid_User_Connect(server, backup, domain, nonce);OUTPUT:RETVALintValid_User_Auth(handle,username,password,precrypt=0,domain="")void*handlechar*usernamechar*passwordintprecryptchar*domainvoidValid_User_Disconnect(handle)void*handleint
smb/smbval/smbencrypt.c view on Meta::CPAN
externintDEBUGLEVEL;#include "byteorder.h"char*StrnCpy(char*dest,char*src,intn);void strupper(char*s);void E_P16(unsigned char*p14,unsigned char*p16);void E_P24(unsigned char*p21, unsigned char*c8, unsigned char*p24);void mdfour(unsigned char*out, unsigned char*in,intn);/*This implements the X/Open SMB password encryptionIt takes a password, a 8 byte"crypt key"and puts 24 bytes ofencrypted password into p24 */void SMBencrypt(uchar*passwd, uchar*c8, uchar*p24){uchar p14[15], p21[21];memset(p21,'\0',21);memset(p14,'\0',14);StrnCpy((char *)p14,(char *)passwd,14);strupper((char *)p14);E_P16(p14, p21);
smb/smbval/smbencrypt.c view on Meta::CPAN
SSVAL(dst,0,val);dst++;src++;if(val == 0)break;}returni;}/** Creates the MD4 Hash of the users password in NT UNICODE.*/void E_md4hash(uchar*passwd, uchar*p16){intlen;int16 wpwd[129];/* Password cannot be longer than 128 characters */len = strlen((char *)passwd);if(len > 128)
smb/smbval/smbencrypt.c view on Meta::CPAN
void SMBNTencrypt(uchar*passwd, uchar*c8, uchar*p24){uchar p21[21];memset(p21,'\0',21);E_md4hash(passwd, p21);E_P24(p21, c8, p24);}/* Does both the NT and LM owfs of a user's password */void nt_lm_owf_gen(char*pwd, char*nt_p16, char*p16){char passwd[130];StrnCpy(passwd, pwd, sizeof(passwd)-1);/* Calculate the MD4 hash (NT compatible) of the password */memset(nt_p16,'\0', 16);E_md4hash((uchar *)passwd, (uchar *)nt_p16);/* Mangle the passwords into Lanmanformat*/passwd[14] ='\0';strupper(passwd);/* Calculate the SMB (lanman) hash functions of the password */memset(p16,'\0', 16);E_P16((uchar *) passwd, (uchar *)p16);/* clear outlocalcopy of user's password (just being paranoid). */bzero(passwd, sizeof(passwd));}/****************************************************************************line strncpy but always null terminates. Make sure there is room!****************************************************************************/char*StrnCpy(char*dest,char*src,intn){char*d= dest;if(!dest)return(NULL);
smb/smbval/smblib-priv.h view on Meta::CPAN
#define SMB_delet_bcc_offset 35 /* bcc */#define SMB_delet_buf_offset 37#define SMB_delet_len 37/* OffsetsforSESSION_SETUP_ANDXforboth LM and NT LM protocols */#define SMB_ssetpLM_mbs_offset 37 /* Max buffer Size, allow for AndX */#define SMB_ssetpLM_mmc_offset 39 /* max multiplex count */#define SMB_ssetpLM_vcn_offset 41 /* VC number if new VC */#define SMB_ssetpLM_snk_offset 43 /* Session Key */#define SMB_ssetpLM_pwl_offset 47 /* password length */#define SMB_ssetpLM_res_offset 49 /* reserved */#define SMB_ssetpLM_bcc_offset 53 /* bcc */#define SMB_ssetpLM_len 55 /* before data ... */#define SMB_ssetpLM_buf_offset 55#define SMB_ssetpNTLM_mbs_offset 37 /* Max Buffer Size for NT LM 0.12 *//* and above */#define SMB_ssetpNTLM_mmc_offset 39 /* Max Multiplex count */#define SMB_ssetpNTLM_vcn_offset 41 /* VC Number */#define SMB_ssetpNTLM_snk_offset 43 /* Session key */
smb/smbval/smblib-priv.h view on Meta::CPAN
struct SMB_Connect_Def {SMB_Handle_Type Next_Con, Prev_Con; /* Next and previous conn */intprotocol; /* What is the protocol */intprot_IDX; /* And what is theindex*/void*Trans_Connect; /* The connection *//* All these strings should be malloc'd */char service[80], username[80], password[80], desthost[80], sock_options[80];char address[80], myname[80];SMB_Tree_Handle first_tree, last_tree; /* List of trees on this server */intgid; /* Group ID,dowe need it? */intmid; /* Multiplex ID? We might need one per con */intpid; /* Process ID */intuid; /* Authenticated user id. *//* It is pretty clear that we need to bust some of *//* these out into a per TCon record, as there may *//* be multiple TCon's per server, etc ... later */intmax_xmit; /* Max xmit permitted by server */intSecurity; /* 0 = share, 1 = user */intRaw_Support; /* bit 0 = 1 = Read Raw supported, 1 = 1 Write raw */BOOL encrypt_passwords; /* FALSE = don't */intMaxMPX, MaxVC, MaxRaw;unsignedintSessionKey, Capabilities;intSvrTZ; /* Server Time Zone */intEncrypt_Key_Len;char Encrypt_Key[80], Domain[80], PDomain[80], OSName[80], LMType[40];char Svr_OS[80], Svr_LMType[80], Svr_PDom[80];};#define SMBLIB_DEFAULT_DOMAIN "STAFF"
smb/smbval/smblib-priv.h view on Meta::CPAN
/* global Variablesforthe library */extern SMB_State_Types SMBlib_State;#ifndef SMBLIB_ERRNOexternintSMBlib_errno;externintSMBlib_SMB_Error; /*lastError */#endifSMB_Tree_Handle SMB_TreeConnect(SMB_Handle_Type con, SMB_Tree_Handle tree,char*path, char*password, char*dev);
smb/smbval/smblib-util.c view on Meta::CPAN
switch (CVAL(SMB_Hdr(pkt), SMB_hdr_wct_offset)) {case 0x01: /* No more info ... */break;case 13: /* Up to and including LanMan 2.1 */Con_Handle -> Security = SVAL(SMB_Hdr(pkt), SMB_negrLM_sec_offset);Con_Handle -> encrypt_passwords = ((Con_Handle -> Security & SMB_sec_encrypt_mask) != 0x00);Con_Handle -> Security = Con_Handle -> Security & SMB_sec_user_mask;Con_Handle -> max_xmit = SVAL(SMB_Hdr(pkt), SMB_negrLM_mbs_offset);Con_Handle -> MaxMPX = SVAL(SMB_Hdr(pkt), SMB_negrLM_mmc_offset);Con_Handle -> MaxVC = SVAL(SMB_Hdr(pkt), SMB_negrLM_mnv_offset);Con_Handle -> Raw_Support = SVAL(SMB_Hdr(pkt), SMB_negrLM_rm_offset);Con_Handle -> SessionKey = IVAL(SMB_Hdr(pkt), SMB_negrLM_sk_offset);Con_Handle -> SvrTZ = SVAL(SMB_Hdr(pkt), SMB_negrLM_stz_offset);Con_Handle -> Encrypt_Key_Len = SVAL(SMB_Hdr(pkt), SMB_negrLM_ekl_offset);
smb/smbval/smblib-util.c view on Meta::CPAN
p = (SMB_Hdr(pkt) + SMB_negrLM_buf_offset + Con_Handle -> Encrypt_Key_Len);strncpy(p, Con_Handle -> Svr_PDom, sizeof(Con_Handle -> Svr_PDom) - 1);break;case 17: /* NT LM 0.12 and LN LM 1.0 */Con_Handle -> Security = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_sec_offset);Con_Handle -> encrypt_passwords = ((Con_Handle -> Security & SMB_sec_encrypt_mask) != 0x00);Con_Handle -> Security = Con_Handle -> Security & SMB_sec_user_mask;Con_Handle -> max_xmit = IVAL(SMB_Hdr(pkt), SMB_negrNTLM_mbs_offset);Con_Handle -> MaxMPX = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_mmc_offset);Con_Handle -> MaxVC = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_mnv_offset);Con_Handle -> MaxRaw = IVAL(SMB_Hdr(pkt), SMB_negrNTLM_mrs_offset);Con_Handle -> SessionKey = IVAL(SMB_Hdr(pkt), SMB_negrNTLM_sk_offset);Con_Handle -> SvrTZ = SVAL(SMB_Hdr(pkt), SMB_negrNTLM_stz_offset);Con_Handle -> Encrypt_Key_Len = CVAL(SMB_Hdr(pkt), SMB_negrNTLM_ekl_offset);
smb/smbval/smblib-util.c view on Meta::CPAN
/* only keep the portion up to the first"."*/}/* Send a TCON to the remote server ... */SMB_Tree_Handle SMB_TreeConnect(SMB_Handle_Type Con_Handle,SMB_Tree_Handle Tree_Handle,char*path,char*password,char*device){ struct RFCNB_Pkt*pkt;intparam_len, i, pkt_len;char*p;SMB_Tree_Handle tree;/* Figure out how much space is neededforpath, password, dev ... */if(path == NULL || password == NULL || device == NULL) {#ifdef DEBUGfprintf(stderr,"Bad parameter passed to SMB_TreeConnect\n");#endifSMBlib_errno = SMBlibE_BadParam;return(NULL);}/* The + 2 is because of the \0 and the marker ... */param_len = strlen(path) + 2 + strlen(password) + 2 + strlen(device) + 2;/* The -1 accountsforthe one byte smb_buf we have because some systems *//* don't like char msg_buf[] */pkt_len = SMB_tcon_len + param_len;pkt = (struct RFCNB_Pkt *)RFCNB_Alloc_Pkt(pkt_len);if(pkt == NULL) {
smb/smbval/smblib-util.c view on Meta::CPAN
SSVAL(SMB_Hdr(pkt), SMB_tcon_bcc_offset, param_len);/* Now copy the param strings inwiththe right stuff */p = (char *)(SMB_Hdr(pkt) + SMB_tcon_buf_offset);*p= SMBasciiID;strcpy(p + 1, path);p = p + strlen(path) + 2;*p= SMBasciiID;strcpy(p + 1, password);p = p + strlen(password) + 2;*p= SMBasciiID;strcpy(p + 1, device);/* Nowsendthe packet and sit back ... */if(RFCNB_Send(Con_Handle -> Trans_Connect, pkt, pkt_len) < 0){#ifdef DEBUGfprintf(stderr,"Error sending TCon request\n");#endif
smb/smbval/smblib.c view on Meta::CPAN
SMBlib_errno = SMBlibE_NoSpace;returnNULL;}}/* Init some things ... */strcpy(con -> service,"");strcpy(con -> username,"");strcpy(con -> password,"");strcpy(con -> sock_options,"");strcpy(con -> address,"");strcpy(con -> desthost, server);strcpy(con -> PDomain, NTdomain);strcpy(con -> OSName, SMBLIB_DEFAULT_OSNAME);strcpy(con -> LMType, SMBLIB_DEFAULT_LMTYPE);con -> first_tree = con -> last_tree = NULL;SMB_Get_My_Name(con -> myname, sizeof(con -> myname));
smb/smbval/smblib.c view on Meta::CPAN
char*SMB_Prots_Restrict[] = {"PC NETWORK PROGRAM 1.0",NULL};SMB_Handle_Type SMB_Connect(SMB_Handle_Type Con_Handle,SMB_Tree_Handle*tree,char*service,char*username,char*password){ SMB_Handle_Type con;char*host,*address;char temp[80], called[80], calling[80];inti;/* Get a connection structureifone does not exist */con = Con_Handle;
smb/smbval/smblib.c view on Meta::CPAN
SMBlib_errno = SMBlibE_NoSpace;returnNULL;}}/* Init some things ... */strcpy(con -> service, service);strcpy(con -> username, username);strcpy(con -> password, password);strcpy(con -> sock_options,"");strcpy(con -> address,"");strcpy(con -> PDomain, SMBLIB_DEFAULT_DOMAIN);strcpy(con -> OSName, SMBLIB_DEFAULT_OSNAME);strcpy(con -> LMType, SMBLIB_DEFAULT_LMTYPE);con -> first_tree = con -> last_tree = NULL;SMB_Get_My_Name(con -> myname, sizeof(con -> myname));con -> port = 0; /* No port selected */
smb/smbval/smblib.c view on Meta::CPAN
/* Hmmm what should wedohere ... We have a connection, but could notnegotiate ... */returnNULL;}/* Nowconnectto the service ... */if((*tree= SMB_TreeConnect(con, NULL, service, password,"A:")) == NULL) {returnNULL;}return(con);}/* Logon to the server. That is,doa session setupifwe can. Wedonotdo*/
smb/smbval/smblib.c view on Meta::CPAN
SMBlib_errno = SMBlibE_ProtLow;return(SMBlibE_BAD);}strcpy(pword, PassWord);if(precrypted) {pass_len=24;memcpy(pword, PassWord, 24);}elseif(Con_Handle -> encrypt_passwords){pass_len=24;SMBencrypt((uchar *) PassWord, (uchar *)Con_Handle -> Encrypt_Key,(uchar *)pword);}elsepass_len=strlen(pword);/* Now build the correct structure */
smb/smbval/smblib.c view on Meta::CPAN
SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_vcn_offset, 1); /* must be one, otherwise server willcloseall other connections!!! */SIVAL(SMB_Hdr(pkt), SMB_ssetpLM_snk_offset, 0);SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_pwl_offset, pass_len + 1);SIVAL(SMB_Hdr(pkt), SMB_ssetpLM_res_offset, 0);SSVAL(SMB_Hdr(pkt), SMB_ssetpLM_bcc_offset, param_len);/* Now copy the param strings inwiththe right stuff */p = (char *)(SMB_Hdr(pkt) + SMB_ssetpLM_buf_offset);/* Copy in password, then the rest. Passwordhasa null at end */memcpy(p, pword, pass_len);p = p + pass_len + 1;strcpy(p, UserName);p = p + strlen(UserName);*p= 0;p = p + 1;
smb/smbval/smblib.c view on Meta::CPAN
SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_cipl_offset, pass_len);SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_cspl_offset, 0);SIVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_res_offset, 0);SIVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_cap_offset, 0);SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_bcc_offset, param_len);/* Now copy the param strings inwiththe right stuff */p = (char *)(SMB_Hdr(pkt) + SMB_ssetpNTLM_buf_offset);/* Copy in password, then the rest. Passwordhasnonull at end */memcpy(p, pword, pass_len);p = p + pass_len;strcpy(p, UserName);p = p + strlen(UserName);*p= 0;p = p + 1;
smb/smbval/smblib.h view on Meta::CPAN
void*SMB_Connect(void*Con, void **tree,char*name, char*User, char*Password);/* Negotiate a protocol */intSMB_Negotiate(void*Con_Handle, char*Prots[]);/* Connect to a tree ... */void*SMB_TreeConnect(void*con_handle, void*tree_handle,char*path, char*password, char*dev);/* Disconnect a tree ... */intSMB_TreeDisconect(void*tree_handle);/* Open a file */void*SMB_Open(void*tree_handle,void*file_handle,char*file_name,
smb/smbval/valid.h view on Meta::CPAN
#ifndef _VALID_H_#define _VALID_H_/* SMB User verification function */#define NTV_NO_ERROR 0#define NTV_SERVER_ERROR 1#define NTV_PROTOCOL_ERROR 2#define NTV_LOGON_ERROR 3intValid_User(char*username,char*password,char*server, char*backup, char*domain);void*Valid_User_Connect(char*server,char*backup, char*domain, char*nonce) ;intValid_User_Auth(void*handle, char*username,char*password,intprecrypt, char * domain) ;void Valid_User_Disconnect(void*handle) ;#endif
( run in 0.416 second using v1.01-cache-2.11-cpan-3cd7ad12f66 )