summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>1998-04-20 22:43:54 +0000
committerJeremy Allison <jra@samba.org>1998-04-20 22:43:54 +0000
commitefb71742ca8ff9ec3211c5b3cf5d311fdceecd1c (patch)
treea153db84a0a571cbe2e49d591025e5c4659a3676
parentec6fde99ab739ff2c410e5459bba06b06d18b5dc (diff)
downloadsamba-efb71742ca8ff9ec3211c5b3cf5d311fdceecd1c.tar.gz
samba-efb71742ca8ff9ec3211c5b3cf5d311fdceecd1c.tar.bz2
samba-efb71742ca8ff9ec3211c5b3cf5d311fdceecd1c.zip
Makefile: Added genrand.o
clientgen.c: Changed to fill change password buffer with random stuff. password.c: Changed to get challenge from genrand.c server.c: Added #ifdef around O_SYNC. version.h: Changed to 1.9.19prealpha. genrand.c: New code to generate (hopefully) good random numbers for use in crypto challenges/session keys etc. PLEASE REVIEW THIS CODE AND SUGGEST IMPROVEMENTS !!!!!! Jeremy. (This used to be commit 608e98546392fd0aac9b33f4feac43615dbb4405)
-rw-r--r--source3/include/proto.h4
-rw-r--r--source3/include/version.h2
-rw-r--r--source3/lib/genrand.c137
-rw-r--r--source3/libsmb/clientgen.c7
-rw-r--r--source3/smbd/password.c10
-rw-r--r--source3/smbd/server.c2
6 files changed, 160 insertions, 2 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 539ddc2ae5..e57f7924ee 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -187,6 +187,10 @@ void DirCacheFlush( int snum );
void fault_setup(void (*fn)(void *));
+/*The following definitions come from genrand.c */
+
+void generate_random_buffer( unsigned char *out, int len, BOOL re_seed);
+
/*The following definitions come from getsmbpass.c */
char *getsmbpass(char *prompt) ;
diff --git a/source3/include/version.h b/source3/include/version.h
index 758b32209e..146d0b7753 100644
--- a/source3/include/version.h
+++ b/source3/include/version.h
@@ -1 +1 @@
-#define VERSION "1.9.18-HEAD"
+#define VERSION "1.9.19-prealpha"
diff --git a/source3/lib/genrand.c b/source3/lib/genrand.c
new file mode 100644
index 0000000000..b26269f091
--- /dev/null
+++ b/source3/lib/genrand.c
@@ -0,0 +1,137 @@
+/*
+ Unix SMB/Netbios implementation.
+ Version 1.9.
+
+ Functions to create reasonable random numbers for crypto use.
+
+ Copyright (C) Jeremy Allison 1998
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern int DEBUGLEVEL;
+
+/**************************************************************
+ Try and get a good random number seed. Try a number of
+ different factors. Firstly, try /dev/random and try and
+ read from this. If this fails iterate through /tmp and
+ XOR all the file timestamps. If this fails then just use
+ a combination of pid and time of day (yes I know this
+ sucks :-). Finally md4 the result.
+**************************************************************/
+
+static uint32 do_reseed(void)
+{
+ static int counter = 0;
+ unsigned char md4_outbuf[16];
+ unsigned char md4_inbuf[40];
+ BOOL got_random = False;
+ uint32 v1, v2, ret;
+ int fd;
+ struct timeval tval;
+
+ memset(md4_inbuf, '\0', sizeof(md4_inbuf));
+
+ fd = open( "/dev/random", O_RDONLY);
+ if(fd >= 0) {
+ /*
+ * We can use /dev/random !
+ */
+ if(read(fd, md4_inbuf, 40) == 40) {
+ got_random = True;
+ DEBUG(10,("do_reseed: got 40 bytes from /dev/random.\n"));
+ }
+ close(fd);
+ }
+
+ if(!got_random) {
+ /*
+ * /dev/random failed - try /tmp/ for timestamps.
+ */
+ void *dp = sys_opendir("/tmp");
+
+ if(dp != NULL) {
+ char *p;
+
+ while ((p = readdirname(dp))) {
+ struct stat st;
+ if(sys_stat(p,&st) != 0)
+ SIVAL(md4_inbuf, ((counter%sizeof(md4_inbuf))/4),
+ IVAL(md4_inbuf,((counter%sizeof(md4_inbuf))/4)) ^ st.st_atime);
+ counter++;
+ DEBUG(10,("do_reseed: value from file %s.\n", p));
+ }
+ }
+ closedir(dp);
+ }
+
+ /*
+ * Finally add the counter, time of day, and pid.
+ */
+ GetTimeOfDay(&tval);
+ v1 = (counter++) + getpid() + tval.tv_sec;
+ v2 = (counter++) * getpid() + tval.tv_usec;
+
+ SIVAL(md4_inbuf, 32, v1 ^ IVAL(md4_inbuf, 32));
+ SIVAL(md4_inbuf, 36, v1 ^ IVAL(md4_inbuf, 36));
+
+ mdfour(md4_outbuf, md4_inbuf, sizeof(md4_inbuf));
+
+ /* XOR everything togther in blocks of 4 bytes. */
+ ret = IVAL(md4_outbuf,0);
+ ret ^= IVAL(md4_outbuf,4);
+ ret ^= IVAL(md4_outbuf,8);
+ ret ^= IVAL(md4_outbuf,12);
+
+ DEBUG(10,("do_reseed: returning seed %lu\n", ret));
+
+ return ret;
+}
+
+/*******************************************************************
+ Interface to the (hopefully) good crypto random number generator.
+********************************************************************/
+
+void generate_random_buffer( unsigned char *out, int len, BOOL re_seed)
+{
+ static BOOL done_reseed = False;
+ unsigned char tmp_buf[64];
+ unsigned char md4_buf[16];
+ unsigned char *p;
+
+ if(!done_reseed || re_seed) {
+ srandom(do_reseed());
+ done_reseed = True;
+ }
+
+ /*
+ * Generate random numbers in chunks of 64 bytes,
+ * then md4 them & copy to the output buffer.
+ */
+
+ p = out;
+ while(len > 0) {
+ int i;
+ int copy_len = len > 16 ? 16 : len;
+ for( i = 0; i < 16; i++)
+ SIVAL(tmp_buf, i*4, random());
+ mdfour(md4_buf, tmp_buf, sizeof(tmp_buf));
+ memcpy(p, md4_buf, copy_len);
+ p += copy_len;
+ len -= copy_len;
+ }
+}
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index bffce26294..1f2f746576 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -766,9 +766,11 @@ int cli_open(struct cli_state *cli, char *fname, int flags, int share_mode)
accessmode |= 1;
}
+#if defined(O_SYNC)
if ((flags & O_SYNC) == O_SYNC) {
accessmode |= (1<<14);
}
+#endif /* O_SYNC */
bzero(cli->outbuf,smb_size);
bzero(cli->inbuf,smb_size);
@@ -1300,8 +1302,11 @@ BOOL cli_oem_change_password(struct cli_state *cli, char *user, char *new_passwo
/*
* Now setup the data area.
+ * We need to generate a random fill
+ * for this area to make it harder to
+ * decrypt. JRA.
*/
- memset(data, '\0', sizeof(data));
+ generate_random_buffer(data, sizeof(data), False);
fstrcpy( &data[512 - new_pw_len], new_password);
SIVAL(data, 512, new_pw_len);
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index bbd9f8b849..fe3ac5c765 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -45,6 +45,12 @@ Get the next challenge value - no repeats.
********************************************************************/
void generate_next_challenge(char *challenge)
{
+#if 0
+ /*
+ * Leave this ifdef'd out while we test
+ * the new crypto random number generator.
+ * JRA.
+ */
unsigned char buf[16];
static int counter = 0;
struct timeval tval;
@@ -59,7 +65,11 @@ void generate_next_challenge(char *challenge)
/* mash it up with md4 */
mdfour(buf, (unsigned char *)challenge, 8);
+#else
+ unsigned char buf[8];
+ generate_random_buffer(buf,8,False);
+#endif
memcpy(saved_challenge, buf, 8);
memcpy(challenge,buf,8);
challenge_sent = True;
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index c4db553659..4a3edeb871 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1837,9 +1837,11 @@ void open_file_shared(int fnum,int cnum,char *fname,int share_mode,int ofun,
break;
}
+#if defined(O_SYNC)
if (share_mode&(1<<14)) {
flags2 |= O_SYNC;
}
+#endif /* O_SYNC */
if (flags != O_RDONLY && file_existed &&
(!CAN_WRITE(cnum) || IS_DOS_READONLY(dos_mode(cnum,fname,&sbuf))))