Implemented encryption algorithm used for a number of RPC buffers.

(actually, decryption only currently because I need to get some sleep).

Basically another Microsoft twist on DES; the "master key" is the user's
NT hash MD4'd and subsets of this are chosen as the 56-bit DES keys.
(This used to be commit f09388fa6f41a13ca035b5b2ff40be804608f619)

4 files changed, 51 insertions, 4 deletions

diff --git a/source3/include/proto.h b/source3/include/proto.h
index e64a7a92aa..5ad1959677 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -739,6 +739,7 @@ void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24])
 
 /*The following definitions come from  libsmb/smbdes.c  */
 
+void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int forw);
 void E_P16(unsigned char *p14,unsigned char *p16);
 void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24);
 void D_P16(unsigned char *p14, unsigned char *in, unsigned char *out);
@@ -757,6 +758,7 @@ void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]);
 void NTLMSSPOWFencrypt(uchar passwd[8], uchar *ntlmchalresp, uchar p24[24]);
 void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24);
 BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode);
+int nt_decrypt_string2(STRING2 *out, STRING2 *in, char nt_hash[16]);
 
 /*The following definitions come from  libsmb/smberr.c  */
 
@@ -1568,8 +1570,8 @@ BOOL lsa_open_secret(struct cli_state *cli, uint16 fnum,
 		     POLICY_HND *hnd_pol, char *secret_name, uint32 des_access,
 		     POLICY_HND *hnd_secret);
 BOOL lsa_query_secret(struct cli_state *cli, uint16 fnum,
-		      POLICY_HND *pol, unsigned char secret[24],
-		      NTTIME *lastupdate);
+		      POLICY_HND *pol, STRING2 *enc_secret,
+		      NTTIME *last_update);
 BOOL lsa_lookup_names(struct cli_state *cli, uint16 fnum,
 			POLICY_HND *hnd,
 			int num_names,
diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h
index 6129c3bf01..1bd18bc7e8 100644
--- a/source3/include/rpc_lsa.h
+++ b/source3/include/rpc_lsa.h
@@ -176,7 +176,7 @@ typedef struct lsa_secret_value_info
 {
 	uint32 ptr_secret;
 	STRHDR2 hdr_secret;
-	STRING2 secret;
+	STRING2 enc_secret; /* encrypted, see nt_encrypt_string2 */
 
 } LSA_SECRET_VALUE;
 
diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c
index d0e1c6e85f..08bc929f01 100644
--- a/source3/libsmb/smbdes.c
+++ b/source3/libsmb/smbdes.c
@@ -277,7 +277,7 @@ static void str_to_key(unsigned char *str,unsigned char *key)
 }
 
 
-static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int forw)
+void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int forw)
 {
 	int i;
 	char outb[64];
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index e35cccd734..3835c99815 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -226,3 +226,48 @@ BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[
 	return True;
 }
 
+int nt_decrypt_string2(STRING2 *out, STRING2 *in, char nt_hash[16])
+{
+	uchar bufhdr[8];
+	int datalen;
+
+	uchar key[16];
+	uchar *keyptr = key;
+	uchar *keyend = key + sizeof(key);
+
+	uchar *outbuf = (uchar *)out->buffer;
+	uchar *inbuf = (uchar *)in->buffer;
+	uchar *inbufend;
+
+
+	mdfour(key, nt_hash, 16);
+
+	smbhash(bufhdr, inbuf, keyptr, 0);
+	datalen = IVAL(bufhdr, 0);
+
+	if ((datalen > in->str_str_len) || (datalen > MAX_STRINGLEN))
+	{
+		DEBUG(0, ("nt_decrypt_string2: failed\n"));
+		return False;
+	}
+
+	out->str_max_len = out->str_str_len = datalen;
+	inbuf += 8;
+	inbufend = inbuf + datalen;
+
+	while (inbuf < inbufend)
+	{
+		keyptr += 7;
+		if (keyptr + 7 > keyend)
+		{
+			keyptr = (keyend - keyptr) + key;
+		}
+
+		smbhash(outbuf, inbuf, keyptr, 0);
+
+		inbuf += 8;
+		outbuf += 8;
+	}
+
+	return True;
+}