CDSLocalAuthParams.cpp [plain text]
#include <string.h>
#include "buffer_unpackers.h"
#include "CDSAuthDefs.h"
#include "CDSLocalPlugin.h"
#include "CDSLocalAuthHelper.h"
#include "CDSLocalAuthParams.h"
#include "PrivateTypes.h"
#include "DSUtils.h"
#include "AuthHelperUtils.h"
CDSLocalAuthParams::CDSLocalAuthParams() : CDSAuthParams()
{
stateFilePath = NULL;
targetUserStateFilePath = NULL;
bFetchHashFiles = false;
bzero(&state, sizeof(state));
bzero(&initialState, sizeof(initialState));
bzero(&targetUserState, sizeof(targetUserState));
ZeroHashes();
}
CDSLocalAuthParams::~CDSLocalAuthParams()
{
DSFreeString( stateFilePath );
DSFreeString( targetUserStateFilePath );
}
tDirStatus
CDSLocalAuthParams::LoadDSLocalParamsForAuthMethod(
UInt32 inAuthMethod,
UInt32 inUserLevelHashList,
const char* inGUIDString,
bool inAuthedUserIsAdmin,
tDataBufferPtr inAuthData,
tDataBufferPtr inAuthStepData )
{
bFetchHashFiles = false;
tDirStatus siResult = ExtractServiceInfo( inAuthStepData );
if ( siResult != eDSNoErr )
return siResult;
DSFreeString( path );
DSFreeString( stateFilePath );
DSFreeString( targetUserStateFilePath );
switch( inAuthMethod )
{
case kAuthDIGEST_MD5:
bFetchHashFiles = true;
break;
case kAuthCRAM_MD5:
if ( (inUserLevelHashList & ePluginHashCRAM_MD5) == 0 )
return( eDSAuthFailed );
bFetchHashFiles = true;
break;
case kAuthAPOP:
if ( (inUserLevelHashList & ePluginHashRecoverable) == 0 )
return( eDSAuthFailed );
bFetchHashFiles = true;
break;
case kAuthSMB_NT_Key:
if ( (inUserLevelHashList & ePluginHashNT) == 0 )
return( eDSAuthFailed );
bFetchHashFiles = true;
break;
case kAuthSMB_LM_Key:
if ( (inUserLevelHashList & ePluginHashLM) == 0 )
return( eDSAuthFailed );
bFetchHashFiles = true;
break;
case kAuthNTLMv2:
if ( (inUserLevelHashList & ePluginHashNT) == 0 )
return( eDSAuthFailed );
bFetchHashFiles = true;
break;
case kAuthMSCHAP2:
if ( (inUserLevelHashList & ePluginHashNT) == 0 )
return( eDSAuthFailed );
if ( inAuthStepData == NULL )
return( eDSNullAuthStepData );
if ( inAuthStepData->fBufferSize < 4 + MS_AUTH_RESPONSE_LENGTH )
return( eDSBufferTooSmall );
bFetchHashFiles = true;
break;
case kAuthVPN_PPTPMasterKeys:
if ( inAuthStepData == NULL )
return( eDSNullAuthStepData );
if ( inAuthStepData->fBufferSize < (UInt32)(8 + keySize*2) )
return( eDSBufferTooSmall );
bFetchHashFiles = true;
break;
case kAuthSMBWorkstationCredentialSessionKey:
if ( inAuthStepData == NULL )
return( eDSNullAuthStepData );
if ( inAuthStepData->fBufferSize < (UInt32)(sizeof(UInt32) + 8) )
return( eDSBufferTooSmall );
bFetchHashFiles = true;
break;
case kAuthSecureHash:
if ( (inUserLevelHashList & ePluginHashSaltedSHA1) == 0 )
return( eDSAuthFailed );
bFetchHashFiles = true;
break;
case kAuthWriteSecureHash:
case kAuthReadSecureHash:
break;
case kAuthSetPasswd:
case kAuthSetPasswdAsRoot:
bFetchHashFiles = true;
break;
case kAuthSetPolicyAsRoot:
siResult = ReadStateFile(pUserName, inGUIDString, &modDateOfPassword, &path, &targetUserStateFilePath, &targetUserState,
&hashesLengthFromFile);
break;
case kAuthChangePasswd:
case kAuthSetShadowHashWindows:
case kAuthSetShadowHashSecure:
case kAuthNativeClearTextOK:
case kAuthNativeNoClearText:
case kAuthNativeRetainCredential:
bFetchHashFiles = true;
break;
case kAuthSetPasswdCheckAdmin:
{
char *pUserToChangeName = NULL;
bool modifyingSelf;
dataList = dsAuthBufferGetDataListAllocPriv(inAuthData);
if ( dataList == NULL ) return( eDSInvalidBuffFormat );
itemCount = dsDataListGetNodeCountPriv(dataList);
if ( itemCount != 4 ) return( eDSInvalidBuffFormat );
pUserName = dsDataListGetNodeStringPriv(dataList, 3);
if ( pUserName == NULL ) return( eDSInvalidBuffFormat );
if ( strlen(pUserName) < 1 ) return( eDSInvalidBuffFormat );
pOldPassword = dsDataListGetNodeStringPriv(dataList, 4);
if ( pOldPassword == NULL )
return( eDSInvalidBuffFormat );
if ( strlen(pOldPassword) < 1 )
return( eDSInvalidBuffFormat );
pUserToChangeName = dsDataListGetNodeStringPriv(dataList, 1);
if ( pUserToChangeName == NULL )
return( eDSInvalidBuffFormat );
if ( strlen(pUserToChangeName) < 1 ) {
free( pUserToChangeName );
return( eDSInvalidBuffFormat );
}
modifyingSelf = (pUserToChangeName != NULL) && (pUserName != NULL) && (strcmp(pUserToChangeName,
pUserName) == 0);
DSFreeString( pUserToChangeName );
if ( !modifyingSelf && !inAuthedUserIsAdmin )
return( eDSPermissionError );
bFetchHashFiles = true;
}
break;
case kAuthGetPolicy:
case kAuthGetEffectivePolicy:
ReadStateFile(pUserName, inGUIDString, &modDateOfPassword, &path, &stateFilePath, &state, &hashesLengthFromFile);
DSFreeString( stateFilePath ); break;
case kAuthSetPolicy:
siResult = ReadStateFile(pUserName, inGUIDString, &modDateOfPassword, &path, &targetUserStateFilePath, &targetUserState,
&hashesLengthFromFile);
break;
case kAuthGetGlobalPolicy:
if ( inAuthStepData == NULL )
return( eDSNullAuthStepData );
inAuthStepData->fBufferLength = 0;
break;
case kAuthSetGlobalPolicy:
break;
case kAuthSetLMHash:
case kAuthNTSetWorkstationPasswd:
case kAuthSMB_NTUserSessionKey:
bFetchHashFiles = true;
break;
case kAuthMSLMCHAP2ChangePasswd:
bFetchHashFiles = true;
break;
case kAuthPPS:
bFetchHashFiles = true;
break;
default:
break;
}
if ( stateFilePath != NULL )
memcpy( &initialState, &state, sizeof(initialState) );
return siResult;
}
bool
CDSLocalAuthParams::PolicyStateChanged( void )
{
return ( memcmp(&initialState, &state, sizeof(initialState)) != 0 );
}