sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-06 16:23:49 +03:00
Code Activity

r443: Update Samba4 to the auth and NTLMSSP code from Samba3.

Browse Source 
Not all the auth code is merged - only those parts that are actually
being used in Samba4.

There is a lot more work to do in the NTLMSSP area, and I hope to
develop that work here.  There is a start on this here - splitting
NTLMSSP into two parts that my operate in an async fashion (before and
after the actual authentication)

Andrew Bartlett
This commit is contained in:
Andrew Bartlett
2004-05-02 08:45:00 +00:00
committed by Gerald (Jerry) Carter
parent ff31cfb941
commit 5876c78806
17 changed files with 1050 additions and 744 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
source/libcli/util/smbencrypt.c
View File

@@ -28,13 +28,17 @@
/*
This implements the X/Open SMB password encryption
It takes a password ('unix' string), a 8 byte "crypt key"
and puts 24 bytes of encrypted password into p24 */
void SMBencrypt(const char *passwd, const uchar *c8, uchar p24[24])
and puts 24 bytes of encrypted password into p24
Returns False if password must have been truncated to create LM hash
*/
BOOL SMBencrypt(const char *passwd, const uchar *c8, uchar p24[24])
{
BOOL ret;
uchar p21[21];
memset(p21,'\0',21);
E_deshash(passwd, p21);
ret = E_deshash(passwd, p21);
SMBOWFencrypt(p21, c8, p24);
@@ -44,6 +48,8 @@ void SMBencrypt(const char *passwd, const uchar *c8, uchar p24[24])
dump_data(100, (const char *)c8, 8);
dump_data(100, (char *)p24, 24);
#endif
return ret;
}
/**
@@ -70,20 +76,29 @@ void E_md4hash(const char *passwd, uchar p16[16])
* Creates the DES forward-only Hash of the users password in DOS ASCII charset
* @param passwd password in 'unix' charset.
* @param p16 return password hashed with DES, caller allocated 16 byte buffer
* @return False if password was > 14 characters, and therefore may be incorrect, otherwise True
* @note p16 is filled in regardless
*/
void E_deshash(const char *passwd, uchar p16[16])
BOOL E_deshash(const char *passwd, uchar p16[16])
{
BOOL ret = True;
fstring dospwd;
ZERO_STRUCT(dospwd);
/* Password must be converted to DOS charset - null terminated, uppercase. */
push_ascii(dospwd, passwd, sizeof(dospwd), STR_UPPER|STR_TERMINATE);
/* Only the fisrt 14 chars are considered, password need not be null terminated. */
E_P16((const unsigned char *)dospwd, p16);
if (strlen(dospwd) > 14) {
ret = False;
}
ZERO_STRUCT(dospwd);
return ret;
}
/**
@@ -118,7 +133,9 @@ void nt_lm_owf_gen(const char *pwd, uchar nt_p16[16], uchar p16[16])
/* Does both the NTLMv2 owfs of a user's password */
BOOL ntv2_owf_gen(const uchar owf[16],
const char *user_in, const char *domain_in, uchar kr_buf[16])
const char *user_in, const char *domain_in,
BOOL upper_case_domain, /* Transform the domain into UPPER case */
uchar kr_buf[16])
{
smb_ucs2_t *user;
smb_ucs2_t *domain;
@@ -141,7 +158,9 @@ BOOL ntv2_owf_gen(const uchar owf[16],
}
strupper_w(user);
strupper_w(domain);
if (upper_case_domain)
strupper_w(domain);
SMB_ASSERT(user_byte_len >= 2);
SMB_ASSERT(domain_byte_len >= 2);
@@ -217,40 +236,6 @@ void SMBNTencrypt(const char *passwd, uchar *c8, uchar *p24)
#endif
}
BOOL make_oem_passwd_hash(char data[516], const char *passwd,
const uchar old_pw_hash[16],
BOOL unicode)
{
int new_pw_len = strlen(passwd) * (unicode ? 2 : 1);
if (new_pw_len > 512)
{
DEBUG(0,("make_oem_passwd_hash: new password is too long.\n"));
return False;
}
/*
* Now setup the data area.
* We need to generate a random fill
* for this area to make it harder to
* decrypt. JRA.
*/
generate_random_buffer((unsigned char *)data, 516, False);
push_string(NULL, &data[512 - new_pw_len], passwd, new_pw_len,
STR_NOALIGN | (unicode?STR_UNICODE:STR_ASCII));
SIVAL(data, 512, new_pw_len);
#ifdef DEBUG_PASSWORD
DEBUG(100,("make_oem_passwd_hash\n"));
dump_data(100, data, 516);
#endif
SamOEMhash((unsigned char *)data,
(const unsigned char *)old_pw_hash,
516);
return True;
}
/* Does the md5 encryption from the Key Response for NTLMv2. */
void SMBOWFencrypt_ntv2(const uchar kr[16],
const DATA_BLOB *srv_chal,
@@ -329,15 +314,35 @@ void SMBsesskeygen_lmv1(const uchar lm_hash[16],
#endif
}
void SMBsesskeygen_lm_sess_key(const uchar lm_hash[16],
const uchar lm_resp[24], /* only uses 8 */
uint8 sess_key[16])
{
uchar p24[24];
uchar partial_lm_hash[16];
memcpy(partial_lm_hash, lm_hash, 8);
memset(partial_lm_hash + 8, 0xbd, 8);
SMBOWFencrypt(partial_lm_hash, lm_resp, p24);
memcpy(sess_key, p24, 16);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("SMBsesskeygen_lmv1_jerry:\n"));
dump_data(100, sess_key, 16);
#endif
}
DATA_BLOB NTLMv2_generate_names_blob(const char *hostname,
const char *domain)
{
DATA_BLOB names_blob = data_blob(NULL, 0);
msrpc_gen(&names_blob, "aaa",
True, NTLMSSP_NAME_TYPE_DOMAIN, domain,
True, NTLMSSP_NAME_TYPE_SERVER, hostname,
True, 0, "");
NTLMSSP_NAME_TYPE_DOMAIN, domain,
NTLMSSP_NAME_TYPE_SERVER, hostname,
0, "");
return names_blob;
}
@@ -424,7 +429,7 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password
const DATA_BLOB *server_chal,
const DATA_BLOB *names_blob,
DATA_BLOB *lm_response, DATA_BLOB *nt_response,
DATA_BLOB *nt_session_key)
DATA_BLOB *user_session_key)
{
uchar nt_hash[16];
uchar ntlm_v2_hash[16];
@@ -434,19 +439,19 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password
the username and domain.
This prevents username swapping during the auth exchange
*/
if (!ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash)) {
if (!ntv2_owf_gen(nt_hash, user, domain, True, ntlm_v2_hash)) {
return False;
}
if (nt_response) {
*nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal,
names_blob);
if (nt_session_key) {
*nt_session_key = data_blob(NULL, 16);
if (user_session_key) {
*user_session_key = data_blob(NULL, 16);
/* The NTLMv2 calculations also provide a session key, for signing etc later */
/* use only the first 16 bytes of nt_response for session key */
SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, nt_session_key->data);
SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, user_session_key->data);
}
}
@@ -471,9 +476,6 @@ BOOL encode_pw_buffer(char buffer[516], const char *password, int string_flags)
new_pw_len = push_string(NULL, new_pw,
password,
sizeof(new_pw), string_flags);
if (new_pw_len > 512) {
return False;
}
memcpy(&buffer[512 - new_pw_len], new_pw, new_pw_len);
@@ -495,13 +497,14 @@ BOOL encode_pw_buffer(char buffer[516], const char *password, int string_flags)
returned password including termination.
************************************************************/
BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd,
int new_pwrd_size, uint32 *new_pw_len)
int new_pwrd_size, uint32 *new_pw_len,
int string_flags)
{
int byte_len=0;
/*
Warning !!! : This function is called from some rpc call.
The password IN the buffer is a UNICODE string.
The password IN the buffer may be a UNICODE string.
The password IN new_pwrd is an ASCII string
If you reuse that code somewhere else check first.
*/
@@ -514,15 +517,16 @@ BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd,
dump_data(100, in_buffer, 516);
#endif
/* Password cannot be longer than 128 characters */
if ( (byte_len < 0) || (byte_len > new_pwrd_size - 1)) {
/* Password cannot be longer than the size of the password buffer */
if ( (byte_len < 0) || (byte_len > 512)) {
DEBUG(0, ("decode_pw_buffer: incorrect password length (%d).\n", byte_len));
DEBUG(0, ("decode_pw_buffer: check that 'encrypt passwords = yes'\n"));
return False;
}
/* decode into the return buffer. Buffer must be a pstring */
*new_pw_len = pull_string(NULL, new_pwrd, &in_buffer[512 - byte_len], new_pwrd_size, byte_len, STR_UNICODE);
/* decode into the return buffer. Buffer length supplied */
*new_pw_len = pull_string(NULL, new_pwrd, &in_buffer[512 - byte_len], new_pwrd_size,
byte_len, string_flags);
#ifdef DEBUG_PASSWORD
DEBUG(100,("decode_pw_buffer: new_pwrd: "));
@@ -533,4 +537,3 @@ BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd,
return True;
}