1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

smbdes: convert E_P24() and SMBOWFencrypt to use gnutls

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Isaac Boukris 2019-11-08 15:40:01 +01:00 committed by Andrew Bartlett
parent 2eef12904f
commit a5548af018
12 changed files with 129 additions and 44 deletions

View File

@ -51,6 +51,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
DATA_BLOB lm_session_key = data_blob_null;
DATA_BLOB session_key = data_blob_null;
const struct samr_Password *nt_hash = NULL;
int rc;
if (cred->use_kerberos == CRED_MUST_USE_KERBEROS) {
TALLOC_FREE(frame);
@ -159,7 +160,6 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
uint8_t session_nonce[16];
uint8_t session_nonce_hash[16];
uint8_t user_session_key[16];
int rc;
lm_response = data_blob_talloc_zero(frame, 24);
if (lm_response.data == NULL) {
@ -188,9 +188,13 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
SMBOWFencrypt(nt_hash->hash,
session_nonce_hash,
nt_response.data);
rc = SMBOWFencrypt(nt_hash->hash,
session_nonce_hash,
nt_response.data);
if (rc != 0) {
TALLOC_FREE(frame);
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
ZERO_ARRAY(session_nonce_hash);
@ -228,8 +232,12 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
SMBOWFencrypt(nt_hash->hash, challenge.data,
nt_response.data);
rc = SMBOWFencrypt(nt_hash->hash, challenge.data,
nt_response.data);
if (rc != 0) {
TALLOC_FREE(frame);
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
session_key = data_blob_talloc_zero(frame, 16);
if (session_key.data == NULL) {
@ -254,9 +262,14 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
return NT_STATUS_NO_MEMORY;
}
SMBencrypt_hash(lm_hash,
challenge.data,
lm_response.data);
rc = SMBencrypt_hash(lm_hash,
challenge.data,
lm_response.data);
if (rc != 0) {
ZERO_STRUCT(lm_hash);
TALLOC_FREE(frame);
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
} else {
/* just copy the nt_response */
lm_response = data_blob_dup_talloc(frame, nt_response);

View File

@ -36,6 +36,7 @@ static bool smb_pwd_check_ntlmv1(TALLOC_CTX *mem_ctx,
{
/* Finish the encryption of part_passwd. */
uint8_t p24[24];
int rc;
if (part_passwd == NULL) {
DEBUG(10,("No password set - DISALLOWING access\n"));
@ -55,7 +56,10 @@ static bool smb_pwd_check_ntlmv1(TALLOC_CTX *mem_ctx,
return false;
}
SMBOWFencrypt(part_passwd, sec_blob->data, p24);
rc = SMBOWFencrypt(part_passwd, sec_blob->data, p24);
if (rc != 0) {
return false;
}
#if DEBUG_PASSWORD
DEBUG(100,("Part password (P16) was |\n"));

View File

@ -99,7 +99,7 @@ NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DAT
/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/smbencrypt.c */
void SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[24]);
int SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[24]);
bool SMBencrypt(const char *passwd, const uint8_t *c8, uint8_t p24[24]);
/**
@ -129,9 +129,9 @@ void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], uint8_t p16[16]);
bool ntv2_owf_gen(const uint8_t owf[16],
const char *user_in, const char *domain_in,
uint8_t kr_buf[16]);
void SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]);
void SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p24);
void SMBNTencrypt(const char *passwd, const uint8_t *c8, uint8_t *p24);
int SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]);
int SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p24);
int SMBNTencrypt(const char *passwd, const uint8_t *c8, uint8_t *p24);
NTSTATUS SMBOWFencrypt_ntv2(const uint8_t kr[16],
const DATA_BLOB *srv_chal,
const DATA_BLOB *smbcli_chal,
@ -224,7 +224,7 @@ void des_crypt56(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], int
int des_crypt56_gnutls(uint8_t out[8], const uint8_t in[8], const uint8_t key[7],
enum samba_gnutls_direction encrypt);
int E_P16(const uint8_t *p14,uint8_t *p16);
void E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24);
int E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24);
void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out);
void des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]);
void des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14], int forw);

View File

@ -374,11 +374,21 @@ int E_P16(const uint8_t *p14,uint8_t *p16)
return des_crypt56_gnutls(p16+8, sp8, p14+7, SAMBA_GNUTLS_ENCRYPT);
}
void E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24)
int E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24)
{
des_crypt56(p24, c8, p21, 1);
des_crypt56(p24+8, c8, p21+7, 1);
des_crypt56(p24+16, c8, p21+14, 1);
int ret;
ret = des_crypt56_gnutls(p24, c8, p21, SAMBA_GNUTLS_ENCRYPT);
if (ret != 0) {
return ret;
}
ret = des_crypt56_gnutls(p24+8, c8, p21+7, SAMBA_GNUTLS_ENCRYPT);
if (ret != 0) {
return ret;
}
return des_crypt56_gnutls(p24+16, c8, p21+14, SAMBA_GNUTLS_ENCRYPT);
}
void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out)

View File

@ -32,14 +32,15 @@
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
void SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[24])
int SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[24])
{
uint8_t p21[21];
int rc;
memset(p21,'\0',21);
memcpy(p21, lm_hash, 16);
SMBOWFencrypt(p21, c8, p24);
rc = SMBOWFencrypt(p21, c8, p24);
#ifdef DEBUG_PASSWORD
DEBUG(100,("SMBencrypt_hash: lm#, challenge, response\n"));
@ -47,6 +48,8 @@ void SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[2
dump_data(100, c8, 8);
dump_data(100, p24, 24);
#endif
return rc;
}
/*
@ -61,9 +64,13 @@ bool SMBencrypt(const char *passwd, const uint8_t *c8, uint8_t p24[24])
{
bool ret;
uint8_t lm_hash[16];
int rc;
ret = E_deshash(passwd, lm_hash);
SMBencrypt_hash(lm_hash, c8, p24);
rc = SMBencrypt_hash(lm_hash, c8, p24);
if (rc != 0) {
ret = false;
}
return ret;
}
@ -266,25 +273,26 @@ out:
}
/* Does the des encryption from the NT or LM MD4 hash. */
void SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24])
int SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24])
{
uint8_t p21[21];
ZERO_STRUCT(p21);
memcpy(p21, passwd, 16);
E_P24(p21, c8, p24);
return E_P24(p21, c8, p24);
}
/* Does the des encryption. */
void SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p24)
int SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p24)
{
uint8_t p21[21];
int rc;
memset(p21,'\0',21);
memcpy(p21, nt_hash, 16);
SMBOWFencrypt(p21, c8, p24);
rc = SMBOWFencrypt(p21, c8, p24);
#ifdef DEBUG_PASSWORD
DEBUG(100,("SMBNTencrypt: nt#, challenge, response\n"));
@ -292,15 +300,17 @@ void SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p2
dump_data(100, c8, 8);
dump_data(100, p24, 24);
#endif
return rc;
}
/* Does the NT MD4 hash then des encryption. Plaintext version of the above. */
void SMBNTencrypt(const char *passwd, const uint8_t *c8, uint8_t *p24)
int SMBNTencrypt(const char *passwd, const uint8_t *c8, uint8_t *p24)
{
uint8_t nt_hash[16];
E_md4hash(passwd, nt_hash);
SMBNTencrypt_hash(nt_hash, c8, p24);
return SMBNTencrypt_hash(nt_hash, c8, p24);
}

View File

@ -298,8 +298,10 @@ static void torture_gnutls_E_P24(void **state)
};
uint8_t crypt[24];
int rc;
E_P24(key, c8, crypt);
rc = E_P24(key, c8, crypt);
assert_int_equal(rc, 0);
assert_memory_equal(crypt, crypt_expected, 24);
}
@ -319,8 +321,10 @@ static void torture_gnutls_SMBOWFencrypt(void **state)
};
uint8_t crypt[24];
int rc;
SMBOWFencrypt(password, c8, crypt);
rc = SMBOWFencrypt(password, c8, crypt);
assert_int_equal(rc, 0);
assert_memory_equal(crypt, crypt_expected, 24);
}

View File

@ -209,6 +209,7 @@ bool make_user_info_netlogon_interactive(TALLOC_CTX *mem_ctx,
struct samr_Password nt_pwd;
unsigned char local_lm_response[24];
unsigned char local_nt_response[24];
int rc;
if (lm_interactive_pwd)
memcpy(lm_pwd.hash, lm_interactive_pwd, sizeof(lm_pwd.hash));
@ -216,13 +217,21 @@ bool make_user_info_netlogon_interactive(TALLOC_CTX *mem_ctx,
if (nt_interactive_pwd)
memcpy(nt_pwd.hash, nt_interactive_pwd, sizeof(nt_pwd.hash));
if (lm_interactive_pwd)
SMBOWFencrypt(lm_pwd.hash, chal,
local_lm_response);
if (lm_interactive_pwd) {
rc = SMBOWFencrypt(lm_pwd.hash, chal,
local_lm_response);
if (rc != 0) {
return false;
}
}
if (nt_interactive_pwd)
SMBOWFencrypt(nt_pwd.hash, chal,
if (nt_interactive_pwd) {
rc = SMBOWFencrypt(nt_pwd.hash, chal,
local_nt_response);
if (rc != 0) {
return false;
}
}
{
bool ret;

View File

@ -37,6 +37,7 @@
#include "dbwrap/dbwrap.h"
#include "dbwrap/dbwrap_open.h"
#include "util_tdb.h"
#include "lib/crypto/gnutls_helpers.h"
NTSTATUS rpccli_pre_open_netlogon_creds(void)
@ -528,6 +529,7 @@ NTSTATUS rpccli_netlogon_password_logon(
case NetlogonNetworkTransitiveInformation: {
struct netr_NetworkInfo *network_info;
uint8_t chal[8];
int rc;
ZERO_STRUCT(lm);
ZERO_STRUCT(nt);
@ -541,7 +543,11 @@ NTSTATUS rpccli_netlogon_password_logon(
generate_random_buffer(chal, 8);
SMBencrypt(password, chal, local_lm_response);
SMBNTencrypt(password, chal, local_nt_response);
rc = SMBNTencrypt(password, chal, local_nt_response);
if (rc != 0) {
TALLOC_FREE(frame);
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
lm.length = 24;
lm.data = local_lm_response;

View File

@ -278,9 +278,14 @@ static bool test_auth(TALLOC_CTX *mem_ctx, struct samu *pdb_entry)
NTSTATUS status;
bool ok;
uint8_t authoritative = 0;
int rc;
rc = SMBOWFencrypt(pdb_get_nt_passwd(pdb_entry), challenge_8,
local_nt_response);
if (rc != 0) {
return False;
}
SMBOWFencrypt(pdb_get_nt_passwd(pdb_entry), challenge_8,
local_nt_response);
SMBsesskeygen_ntv1(pdb_get_nt_passwd(pdb_entry), local_nt_session_key);
if (tsocket_address_inet_from_strings(NULL, "ip", NULL, 0, &remote_address) != 0) {

View File

@ -47,6 +47,7 @@
#include "libads/krb5_errs.h"
#include "param/param.h"
#include "messaging/messaging.h"
#include "lib/crypto/gnutls_helpers.h"
#include "lib/crypto/gnutls_helpers.h"
#include <gnutls/crypto.h>
@ -1792,8 +1793,14 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(
}
data_blob_free(&names_blob);
} else {
int rc;
lm_resp = data_blob_null;
SMBNTencrypt(pass, chal, local_nt_response);
rc = SMBNTencrypt(pass, chal, local_nt_response);
if (rc != 0) {
DEBUG(0, ("winbindd_pam_auth: SMBNTencrypt() failed!\n"));
result = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
goto done;
}
nt_resp = data_blob_talloc(mem_ctx, local_nt_response,
sizeof(local_nt_response));

View File

@ -28,6 +28,7 @@
#include "auth/ntlm/auth_proto.h"
#include "librpc/gen_ndr/drsuapi.h"
#include "dsdb/samdb/samdb.h"
#include "lib/crypto/gnutls_helpers.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@ -41,6 +42,7 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth4_context *auth_conte
const struct auth_usersupplied_info *user_info_in,
const struct auth_usersupplied_info **user_info_encrypted)
{
int rc;
NTSTATUS nt_status;
struct auth_usersupplied_info *user_info_temp;
switch (to_state) {
@ -103,12 +105,17 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth4_context *auth_conte
data_blob_free(&ntlmv2_session_key);
} else {
DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, 24);
SMBOWFencrypt(user_info_in->password.hash.nt->hash, chal, blob.data);
rc = SMBOWFencrypt(user_info_in->password.hash.nt->hash, chal, blob.data);
if (rc != 0) {
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
user_info_temp->password.response.nt = blob;
if (lpcfg_client_lanman_auth(auth_context->lp_ctx) && user_info_in->password.hash.lanman) {
DATA_BLOB lm_blob = data_blob_talloc(mem_ctx, NULL, 24);
SMBOWFencrypt(user_info_in->password.hash.lanman->hash, chal, blob.data);
rc = SMBOWFencrypt(user_info_in->password.hash.lanman->hash, chal, blob.data);
if (rc != 0) {
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
user_info_temp->password.response.lanman = lm_blob;
} else {
/* if not sending the LM password, send the NT password twice */

View File

@ -36,6 +36,7 @@
#include "librpc/gen_ndr/ndr_samr_c.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "param/param.h"
#include "lib/crypto/gnutls_helpers.h"
#define TEST_MACHINE_NAME "samsynctest"
#define TEST_WKSTA_MACHINE_NAME "samsynctest2"
@ -61,6 +62,7 @@ static NTSTATUS test_SamLogon(struct torture_context *tctx,
union netr_Validation validation;
uint8_t authoritative;
struct dcerpc_binding_handle *b = p->binding_handle;
int rc;
ninfo.identity_info.domain_name.string = domain;
ninfo.identity_info.parameter_control = 0;
@ -72,7 +74,11 @@ static NTSTATUS test_SamLogon(struct torture_context *tctx,
if (nt_hash) {
ninfo.nt.length = 24;
ninfo.nt.data = talloc_array(mem_ctx, uint8_t, 24);
SMBOWFencrypt(nt_hash->hash, ninfo.challenge, ninfo.nt.data);
rc = SMBOWFencrypt(nt_hash->hash, ninfo.challenge,
ninfo.nt.data);
if (rc != 0) {
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
} else {
ninfo.nt.length = 0;
ninfo.nt.data = NULL;
@ -81,7 +87,11 @@ static NTSTATUS test_SamLogon(struct torture_context *tctx,
if (lm_hash) {
ninfo.lm.length = 24;
ninfo.lm.data = talloc_array(mem_ctx, uint8_t, 24);
SMBOWFencrypt(lm_hash->hash, ninfo.challenge, ninfo.lm.data);
rc = SMBOWFencrypt(lm_hash->hash, ninfo.challenge,
ninfo.lm.data);
if (rc != 0) {
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
} else {
ninfo.lm.length = 0;
ninfo.lm.data = NULL;