2009-04-20 08:48:07 -07:00
# ifndef _LIBCLI_AUTH_PROTO_H__
# define _LIBCLI_AUTH_PROTO_H__
# undef _PRINTF_ATTRIBUTE
# define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
2019-10-19 23:48:19 +03:00
# include "lib/crypto/gnutls_helpers.h"
2021-08-19 11:28:37 +02:00
/* this file contains prototypes for functions that are private
* to this subsystem or library . These functions should not be
2009-04-20 08:48:07 -07:00
* used outside this particular subsystem ! */
/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/credentials.c */
2020-09-16 16:15:26 +02:00
bool netlogon_creds_is_random_challenge ( const struct netr_Credential * challenge ) ;
2020-09-16 16:04:57 +02:00
void netlogon_creds_random_challenge ( struct netr_Credential * challenge ) ;
2019-11-07 12:53:52 +01:00
NTSTATUS netlogon_creds_des_encrypt_LMKey ( struct netlogon_creds_CredentialState * creds ,
struct netr_LMSessionKey * key ) ;
NTSTATUS netlogon_creds_des_decrypt_LMKey ( struct netlogon_creds_CredentialState * creds ,
struct netr_LMSessionKey * key ) ;
2019-11-20 16:02:16 +01:00
NTSTATUS netlogon_creds_des_encrypt ( struct netlogon_creds_CredentialState * creds ,
struct samr_Password * pass ) ;
NTSTATUS netlogon_creds_des_decrypt ( struct netlogon_creds_CredentialState * creds ,
struct samr_Password * pass ) ;
2019-05-29 14:46:17 +02:00
NTSTATUS netlogon_creds_arcfour_crypt ( struct netlogon_creds_CredentialState * creds ,
uint8_t * data ,
size_t len ) ;
2019-05-29 16:38:09 +02:00
NTSTATUS netlogon_creds_aes_encrypt ( struct netlogon_creds_CredentialState * creds ,
uint8_t * data ,
size_t len ) ;
2019-08-16 12:34:28 +12:00
NTSTATUS netlogon_creds_aes_decrypt ( struct netlogon_creds_CredentialState * creds ,
uint8_t * data ,
size_t len ) ;
2009-04-20 08:48:07 -07:00
/*****************************************************************
The above functions are common to the client and server interface
next comes the client specific functions
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2021-08-19 11:28:37 +02:00
struct netlogon_creds_CredentialState * netlogon_creds_client_init ( TALLOC_CTX * mem_ctx ,
2009-04-20 08:48:07 -07:00
const char * client_account ,
2021-08-19 11:28:37 +02:00
const char * client_computer_name ,
2012-12-19 13:53:23 +01:00
uint16_t secure_channel_type ,
2009-04-20 08:48:07 -07:00
const struct netr_Credential * client_challenge ,
const struct netr_Credential * server_challenge ,
const struct samr_Password * machine_password ,
struct netr_Credential * initial_credential ,
uint32_t negotiate_flags ) ;
2021-08-19 11:28:37 +02:00
struct netlogon_creds_CredentialState * netlogon_creds_client_init_session_key ( TALLOC_CTX * mem_ctx ,
2009-04-20 08:48:07 -07:00
const uint8_t session_key [ 16 ] ) ;
2019-11-13 09:52:53 +01:00
NTSTATUS
netlogon_creds_client_authenticator ( struct netlogon_creds_CredentialState * creds ,
struct netr_Authenticator * next ) ;
2009-04-20 08:48:07 -07:00
bool netlogon_creds_client_check ( struct netlogon_creds_CredentialState * creds ,
const struct netr_Credential * received_credentials ) ;
2017-09-07 12:34:03 +02:00
struct netlogon_creds_CredentialState * netlogon_creds_copy (
TALLOC_CTX * mem_ctx ,
const struct netlogon_creds_CredentialState * creds_in ) ;
2009-04-20 08:48:07 -07:00
/*****************************************************************
The above functions are common to the client and server interface
next comes the server specific functions
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2021-08-19 11:28:37 +02:00
struct netlogon_creds_CredentialState * netlogon_creds_server_init ( TALLOC_CTX * mem_ctx ,
2009-04-20 08:48:07 -07:00
const char * client_account ,
2021-08-19 11:28:37 +02:00
const char * client_computer_name ,
2009-04-20 08:48:07 -07:00
uint16_t secure_channel_type ,
const struct netr_Credential * client_challenge ,
const struct netr_Credential * server_challenge ,
const struct samr_Password * machine_password ,
2015-03-19 16:26:03 +01:00
const struct netr_Credential * credentials_in ,
2009-04-20 08:48:07 -07:00
struct netr_Credential * credentials_out ,
uint32_t negotiate_flags ) ;
NTSTATUS netlogon_creds_server_step_check ( struct netlogon_creds_CredentialState * creds ,
2015-03-19 16:26:03 +01:00
const struct netr_Authenticator * received_authenticator ,
2009-04-20 08:48:07 -07:00
struct netr_Authenticator * return_authenticator ) ;
2019-05-29 14:35:20 +02:00
NTSTATUS netlogon_creds_decrypt_samlogon_validation ( struct netlogon_creds_CredentialState * creds ,
uint16_t validation_level ,
union netr_Validation * validation ) ;
2019-05-29 14:25:57 +02:00
NTSTATUS netlogon_creds_encrypt_samlogon_validation ( struct netlogon_creds_CredentialState * creds ,
uint16_t validation_level ,
union netr_Validation * validation ) ;
2019-05-29 16:49:29 +02:00
NTSTATUS netlogon_creds_decrypt_samlogon_logon ( struct netlogon_creds_CredentialState * creds ,
enum netr_LogonInfoClass level ,
union netr_LogonLevel * logon ) ;
2019-05-29 16:46:36 +02:00
NTSTATUS netlogon_creds_encrypt_samlogon_logon ( struct netlogon_creds_CredentialState * creds ,
enum netr_LogonInfoClass level ,
union netr_LogonLevel * logon ) ;
2013-04-24 12:53:27 +02:00
union netr_LogonLevel * netlogon_creds_shallow_copy_logon ( TALLOC_CTX * mem_ctx ,
enum netr_LogonInfoClass level ,
const union netr_LogonLevel * in ) ;
2009-04-20 08:48:07 -07:00
/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */
2019-11-21 14:02:03 +01:00
int sess_crypt_blob ( DATA_BLOB * out , const DATA_BLOB * in , const DATA_BLOB * session_key ,
enum samba_gnutls_direction encrypt ) ;
2009-04-20 08:48:07 -07:00
DATA_BLOB sess_encrypt_string ( const char * str , const DATA_BLOB * session_key ) ;
2021-08-19 11:28:37 +02:00
char * sess_decrypt_string ( TALLOC_CTX * mem_ctx ,
2009-04-20 08:48:07 -07:00
DATA_BLOB * blob , const DATA_BLOB * session_key ) ;
DATA_BLOB sess_encrypt_blob ( TALLOC_CTX * mem_ctx , DATA_BLOB * blob_in , const DATA_BLOB * session_key ) ;
2021-08-19 11:28:37 +02:00
NTSTATUS sess_decrypt_blob ( TALLOC_CTX * mem_ctx , const DATA_BLOB * blob , const DATA_BLOB * session_key ,
2009-04-20 08:48:07 -07:00
DATA_BLOB * ret ) ;
/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/smbencrypt.c */
2019-11-08 15:40:01 +01:00
int SMBencrypt_hash ( const uint8_t lm_hash [ 16 ] , const uint8_t * c8 , uint8_t p24 [ 24 ] ) ;
2009-04-20 08:48:07 -07:00
bool SMBencrypt ( const char * passwd , const uint8_t * c8 , uint8_t p24 [ 24 ] ) ;
/**
* Creates the MD4 Hash of the users password in NT UNICODE .
* @ param passwd password in ' unix ' charset .
* @ param p16 return password hashed with md4 , caller allocated 16 byte buffer
*/
bool E_md4hash ( const char * passwd , uint8_t p16 [ 16 ] ) ;
/**
* Creates the DES forward - only Hash of the users password in DOS ASCII charset
* @ param passwd password in ' unix ' charset .
* @ param p16 return password hashed with DES , caller allocated 16 byte buffer
* @ return false if password was > 14 characters , and therefore may be incorrect , otherwise true
* @ note p16 is filled in regardless
*/
bool E_deshash ( const char * passwd , uint8_t p16 [ 16 ] ) ;
/**
2021-08-19 11:28:37 +02:00
* Creates the MD4 and DES ( LM ) Hash of the users password .
2009-04-20 08:48:07 -07:00
* MD4 is of the NT Unicode , DES is of the DOS UPPERCASE password .
* @ param passwd password in ' unix ' charset .
* @ param nt_p16 return password hashed with md4 , caller allocated 16 byte buffer
* @ param p16 return password hashed with des , caller allocated 16 byte buffer
*/
void nt_lm_owf_gen ( const char * pwd , uint8_t nt_p16 [ 16 ] , uint8_t p16 [ 16 ] ) ;
bool ntv2_owf_gen ( const uint8_t owf [ 16 ] ,
const char * user_in , const char * domain_in ,
uint8_t kr_buf [ 16 ] ) ;
2019-11-08 15:40:01 +01:00
int SMBOWFencrypt ( const uint8_t passwd [ 16 ] , const uint8_t * c8 , uint8_t p24 [ 24 ] ) ;
int SMBNTencrypt_hash ( const uint8_t nt_hash [ 16 ] , const uint8_t * c8 , uint8_t * p24 ) ;
int SMBNTencrypt ( const char * passwd , const uint8_t * c8 , uint8_t * p24 ) ;
2019-11-13 12:48:18 +01:00
NTSTATUS SMBOWFencrypt_ntv2 ( const uint8_t kr [ 16 ] ,
const DATA_BLOB * srv_chal ,
const DATA_BLOB * smbcli_chal ,
uint8_t resp_buf [ 16 ] ) ;
2019-11-13 12:40:02 +01:00
NTSTATUS SMBsesskeygen_ntv2 ( const uint8_t kr [ 16 ] ,
const uint8_t * nt_resp ,
uint8_t sess_key [ 16 ] ) ;
2009-04-20 08:48:07 -07:00
void SMBsesskeygen_ntv1 ( const uint8_t kr [ 16 ] , uint8_t sess_key [ 16 ] ) ;
2019-11-07 13:39:20 +01:00
NTSTATUS SMBsesskeygen_lm_sess_key ( const uint8_t lm_hash [ 16 ] ,
const uint8_t lm_resp [ 24 ] , /* only uses 8 */
uint8_t sess_key [ 16 ] ) ;
2021-08-19 11:28:37 +02:00
DATA_BLOB NTLMv2_generate_names_blob ( TALLOC_CTX * mem_ctx ,
const char * hostname ,
2009-04-20 08:48:07 -07:00
const char * domain ) ;
2021-08-19 11:28:37 +02:00
bool SMBNTLMv2encrypt_hash ( TALLOC_CTX * mem_ctx ,
2009-04-20 08:48:07 -07:00
const char * user , const char * domain , const uint8_t nt_hash [ 16 ] ,
2021-08-19 11:28:37 +02:00
const DATA_BLOB * server_chal ,
2015-11-20 09:31:35 +01:00
const NTTIME * server_timestamp ,
2009-04-20 08:48:07 -07:00
const DATA_BLOB * names_blob ,
2021-08-19 11:28:37 +02:00
DATA_BLOB * lm_response , DATA_BLOB * nt_response ,
2009-04-20 08:48:07 -07:00
DATA_BLOB * lm_session_key , DATA_BLOB * user_session_key ) ;
2021-08-19 11:28:37 +02:00
bool SMBNTLMv2encrypt ( TALLOC_CTX * mem_ctx ,
const char * user , const char * domain ,
const char * password ,
const DATA_BLOB * server_chal ,
2009-04-20 08:48:07 -07:00
const DATA_BLOB * names_blob ,
2021-08-19 11:28:37 +02:00
DATA_BLOB * lm_response , DATA_BLOB * nt_response ,
2009-04-20 08:48:07 -07:00
DATA_BLOB * lm_session_key , DATA_BLOB * user_session_key ) ;
2016-02-23 19:08:31 +01:00
NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds ( const char * account_name ,
const char * account_domain ,
const DATA_BLOB response ,
const struct netlogon_creds_CredentialState * creds ,
const char * workgroup ) ;
2009-04-20 08:48:07 -07:00
/***********************************************************
encode a password buffer with a unicode password . The buffer
is filled with random data to make it harder to attack .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
bool encode_pw_buffer ( uint8_t buffer [ 516 ] , const char * password , int string_flags ) ;
/***********************************************************
decode a password buffer
* new_pw_len is the length in bytes of the possibly mulitbyte
returned password including termination .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
bool decode_pw_buffer ( TALLOC_CTX * ctx ,
uint8_t in_buffer [ 516 ] ,
char * * pp_new_pwrd ,
size_t * new_pw_len ,
charset_t string_charset ) ;
2021-08-19 11:29:04 +02:00
/**
* @ brief Encode an password buffer before we encrypt it .
*
* @ param buffer [ 514 ] The buffer to encode into .
*
* @ param password The password we want to encode into the buffer .
*
* @ param string_flags String flags for encoding ( e . g . STR_UNICODE ) .
*
* @ return true on success , false otherwise .
*/
bool encode_pwd_buffer514_from_str ( uint8_t buffer [ 514 ] ,
const char * password ,
uint32_t string_flags ) ;
2021-08-20 09:45:27 +02:00
/**
* @ brief Extract AES password blob from buffer .
*
* This extracts the password from the in_buffer as a data blob . It should
* then contain an UTF - 16 encoded password .
*
* @ param mem_ctx The memory context to allowcate the password on .
*
* @ param in_buffer [ 514 ] The input buffer to extract the password from .
*
* @ param new_password A pointer to the store the extracted password blob .
*
* @ return true on success , false otherwise .
*/
bool extract_pwd_blob_from_buffer514 ( TALLOC_CTX * mem_ctx ,
const uint8_t in_buffer [ 514 ] ,
DATA_BLOB * new_password ) ;
2021-08-23 15:03:19 +02:00
/**
* @ brief Decode AES password buffer to password in the given charset .
*
* @ param mem_ctx The memory context to allocate the deocded passwrod on .
*
* @ param in_buffer [ 514 ] The in buffer with the decrypted password data .
*
* @ param string_charset The charset to decode to .
*
* @ param decoded_password A pointer to store the blob for the decoded password .
* It ensures that the password is NULL terminated .
*
* @ return true on success , false otherwise .
*/
bool decode_pwd_string_from_buffer514 ( TALLOC_CTX * mem_ctx ,
const uint8_t in_buffer [ 514 ] ,
charset_t string_charset ,
DATA_BLOB * decoded_password ) ;
2019-07-09 13:01:10 +02:00
/***********************************************************
Encode an arc4 password change buffer .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
NTSTATUS encode_rc4_passwd_buffer ( const char * passwd ,
const DATA_BLOB * session_key ,
struct samr_CryptPasswordEx * out_crypt_pwd ) ;
2009-04-20 08:48:07 -07:00
/***********************************************************
Decode an arc4 encrypted password change buffer .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2019-07-09 12:53:31 +02:00
NTSTATUS decode_rc4_passwd_buffer ( const DATA_BLOB * psession_key ,
struct samr_CryptPasswordEx * inout_crypt_pwd ) ;
2009-04-20 08:48:07 -07:00
/***********************************************************
encode a password buffer with an already unicode password . The
rest of the buffer is filled with random data to make it harder to attack .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2017-06-13 11:17:03 +02:00
bool set_pw_in_buffer ( uint8_t buffer [ 516 ] , const DATA_BLOB * password ) ;
2009-04-20 08:48:07 -07:00
/***********************************************************
decode a password buffer
* new_pw_size is the length in bytes of the extracted unicode password
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2021-08-19 11:28:37 +02:00
bool extract_pw_from_buffer ( TALLOC_CTX * mem_ctx ,
2009-04-20 08:48:07 -07:00
uint8_t in_buffer [ 516 ] , DATA_BLOB * new_pass ) ;
2015-03-18 09:50:44 +01:00
struct wkssvc_PasswordBuffer ;
2019-05-29 15:50:45 +02:00
WERROR encode_wkssvc_join_password_buffer ( TALLOC_CTX * mem_ctx ,
const char * pwd ,
DATA_BLOB * session_key ,
struct wkssvc_PasswordBuffer * * pwd_buf ) ;
2009-04-20 08:48:07 -07:00
WERROR decode_wkssvc_join_password_buffer ( TALLOC_CTX * mem_ctx ,
struct wkssvc_PasswordBuffer * pwd_buf ,
DATA_BLOB * session_key ,
char * * pwd ) ;
/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/smbdes.c */
2019-10-19 23:48:19 +03:00
int des_crypt56_gnutls ( uint8_t out [ 8 ] , const uint8_t in [ 8 ] , const uint8_t key [ 7 ] ,
enum samba_gnutls_direction encrypt ) ;
2019-11-07 16:16:26 +01:00
int E_P16 ( const uint8_t * p14 , uint8_t * p16 ) ;
2019-11-08 15:40:01 +01:00
int E_P24 ( const uint8_t * p21 , const uint8_t * c8 , uint8_t * p24 ) ;
2019-11-20 15:28:39 +01:00
int E_old_pw_hash ( uint8_t * p14 , const uint8_t * in , uint8_t * out ) ;
2019-11-08 17:49:48 +01:00
int des_crypt128 ( uint8_t out [ 8 ] , const uint8_t in [ 8 ] , const uint8_t key [ 16 ] ) ;
2019-11-20 15:41:02 +01:00
int des_crypt112 ( uint8_t out [ 8 ] , const uint8_t in [ 8 ] , const uint8_t key [ 14 ] ,
enum samba_gnutls_direction encrypt ) ;
2019-11-20 16:02:16 +01:00
int des_crypt112_16 ( uint8_t out [ 16 ] , const uint8_t in [ 16 ] , const uint8_t key [ 14 ] ,
enum samba_gnutls_direction encrypt ) ;
2019-11-07 18:40:03 +01:00
int sam_rid_crypt ( unsigned int rid , const uint8_t * in , uint8_t * out ,
enum samba_gnutls_direction encrypt ) ;
2009-04-20 08:48:07 -07:00
# undef _PRINTF_ATTRIBUTE
# define _PRINTF_ATTRIBUTE(a1, a2)
# endif
