summaryrefslogtreecommitdiff
path: root/source4/libcli/util/ntlmssp_sign.c
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2003-11-26 01:16:41 +0000
committerAndrew Tridgell <tridge@samba.org>2003-11-26 01:16:41 +0000
commite0ac659917066dbf7f8fdbcc7684ce2b49dd04d9 (patch)
tree349f47df69b41ca0c9a11452e7f56e6c6c3647ce /source4/libcli/util/ntlmssp_sign.c
parent06942f3ddbb897c66644c253d1d2a7a21a31702e (diff)
downloadsamba-e0ac659917066dbf7f8fdbcc7684ce2b49dd04d9.tar.gz
samba-e0ac659917066dbf7f8fdbcc7684ce2b49dd04d9.tar.bz2
samba-e0ac659917066dbf7f8fdbcc7684ce2b49dd04d9.zip
signed DCERPC over TCP now works !
* moved ntlmssp code into libcli/auth/, and updated to latest ntlmssp code from samba3 (thanks Andrew! the new interface is great) * added signing/ntlmssp support in the dcerpc code * added a dcerpc_auth.c module for the various dcerpc auth mechanisms (This used to be commit c18c9b5585a3e5f7868562820c14f7cb529cdbcd)
Diffstat (limited to 'source4/libcli/util/ntlmssp_sign.c')
-rw-r--r--source4/libcli/util/ntlmssp_sign.c226
1 files changed, 0 insertions, 226 deletions
diff --git a/source4/libcli/util/ntlmssp_sign.c b/source4/libcli/util/ntlmssp_sign.c
deleted file mode 100644
index bd6d64d842..0000000000
--- a/source4/libcli/util/ntlmssp_sign.c
+++ /dev/null
@@ -1,226 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * Version 3.0
- * NTLMSSP Signing routines
- * Copyright (C) Luke Kenneth Casson Leighton 1996-2001
- * Copyright (C) Andrew Bartlett 2003
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- */
-
-#include "includes.h"
-
-#define CLI_SIGN "session key to client-to-server signing key magic constant"
-#define CLI_SEAL "session key to client-to-server sealing key magic constant"
-#define SRV_SIGN "session key to server-to-client signing key magic constant"
-#define SRV_SEAL "session key to server-to-client sealing key magic constant"
-
-static void NTLMSSPcalc_ap( unsigned char *hash, unsigned char *data, int len)
-{
- unsigned char index_i = hash[256];
- unsigned char index_j = hash[257];
- int ind;
-
- for (ind = 0; ind < len; ind++)
- {
- unsigned char tc;
- unsigned char t;
-
- index_i++;
- index_j += hash[index_i];
-
- tc = hash[index_i];
- hash[index_i] = hash[index_j];
- hash[index_j] = tc;
-
- t = hash[index_i] + hash[index_j];
- data[ind] = data[ind] ^ hash[t];
- }
-
- hash[256] = index_i;
- hash[257] = index_j;
-}
-
-static void calc_hash(unsigned char *hash, const char *k2, int k2l)
-{
- unsigned char j = 0;
- int ind;
-
- for (ind = 0; ind < 256; ind++)
- {
- hash[ind] = (unsigned char)ind;
- }
-
- for (ind = 0; ind < 256; ind++)
- {
- unsigned char tc;
-
- j += (hash[ind] + k2[ind%k2l]);
-
- tc = hash[ind];
- hash[ind] = hash[j];
- hash[j] = tc;
- }
-
- hash[256] = 0;
- hash[257] = 0;
-}
-
-static void calc_ntlmv2_hash(unsigned char hash[16], char digest[16],
- const char encrypted_response[16],
- const char *constant)
-{
- struct MD5Context ctx3;
-
- MD5Init(&ctx3);
- MD5Update(&ctx3, encrypted_response, 5);
- MD5Update(&ctx3, constant, strlen(constant));
- MD5Final(digest, &ctx3);
-
- calc_hash(hash, digest, 16);
-}
-
-enum ntlmssp_direction {
- NTLMSSP_SEND,
- NTLMSSP_RECEIVE
-};
-
-static NTSTATUS ntlmssp_make_packet_signiture(NTLMSSP_CLIENT_STATE *ntlmssp_state,
- const uchar *data, size_t length,
- enum ntlmssp_direction direction,
- DATA_BLOB *sig)
-{
- if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
- HMACMD5Context ctx;
- char seq_num[4];
- uchar digest[16];
- SIVAL(seq_num, 0, ntlmssp_state->ntlmssp_seq_num);
-
- hmac_md5_init_limK_to_64(ntlmssp_state->cli_sign_const, 16, &ctx);
- hmac_md5_update(seq_num, 4, &ctx);
- hmac_md5_update(data, length, &ctx);
- hmac_md5_final(digest, &ctx);
-
- if (!msrpc_gen(sig, "Bd", digest, sizeof(digest), ntlmssp_state->ntlmssp_seq_num)) {
- return NT_STATUS_NO_MEMORY;
- }
- switch (direction) {
- case NTLMSSP_SEND:
- NTLMSSPcalc_ap(ntlmssp_state->cli_sign_hash, sig->data, sig->length);
- break;
- case NTLMSSP_RECEIVE:
- NTLMSSPcalc_ap(ntlmssp_state->srv_sign_hash, sig->data, sig->length);
- break;
- }
- } else {
- uint32 crc;
- crc = crc32_buffer(data, length);
- if (!msrpc_gen(sig, "ddd", 0, crc, ntlmssp_state->ntlmssp_seq_num)) {
- return NT_STATUS_NO_MEMORY;
- }
-
- NTLMSSPcalc_ap(ntlmssp_state->ntlmssp_hash, sig->data, sig->length);
- }
- return NT_STATUS_OK;
-}
-
-NTSTATUS ntlmssp_client_sign_packet(NTLMSSP_CLIENT_STATE *ntlmssp_state,
- const uchar *data, size_t length,
- DATA_BLOB *sig)
-{
- ntlmssp_state->ntlmssp_seq_num++;
- return ntlmssp_make_packet_signiture(ntlmssp_state, data, length, NTLMSSP_SEND, sig);
-}
-
-/**
- * Check the signature of an incoming packet
- * @note caller *must* check that the signature is the size it expects
- *
- */
-
-NTSTATUS ntlmssp_client_check_packet(NTLMSSP_CLIENT_STATE *ntlmssp_state,
- const uchar *data, size_t length,
- const DATA_BLOB *sig)
-{
- DATA_BLOB local_sig;
- NTSTATUS nt_status;
-
- if (sig->length < 8) {
- DEBUG(0, ("NTLMSSP packet check failed due to short signiture (%u bytes)!\n",
- sig->length));
- }
-
- nt_status = ntlmssp_make_packet_signiture(ntlmssp_state, data,
- length, NTLMSSP_RECEIVE, &local_sig);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status)));
- return nt_status;
- }
-
- if (memcmp(sig->data, local_sig.data, MIN(sig->length, local_sig.length)) == 0) {
- return NT_STATUS_OK;
- } else {
- DEBUG(5, ("BAD SIG: wanted signature of\n"));
- dump_data(5, local_sig.data, local_sig.length);
-
- DEBUG(5, ("BAD SIG: got signature of\n"));
- dump_data(5, sig->data, sig->length);
-
- DEBUG(0, ("NTLMSSP packet check failed due to invalid signiture!\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-}
-
-/**
- Initialise the state for NTLMSSP signing.
-*/
-NTSTATUS ntlmssp_client_sign_init(NTLMSSP_CLIENT_STATE *ntlmssp_state)
-{
- unsigned char p24[24];
- unsigned char lm_hash[16];
-
- if (!ntlmssp_state->lm_resp.data) {
- /* can't sign or check signitures yet */
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- E_deshash(ntlmssp_state->password, lm_hash);
-
- NTLMSSPOWFencrypt(lm_hash, ntlmssp_state->lm_resp.data, p24);
-
- if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
- {
- calc_ntlmv2_hash(ntlmssp_state->cli_sign_hash, ntlmssp_state->cli_sign_const, p24, CLI_SIGN);
- calc_ntlmv2_hash(ntlmssp_state->cli_seal_hash, ntlmssp_state->cli_seal_const, p24, CLI_SEAL);
- calc_ntlmv2_hash(ntlmssp_state->srv_sign_hash, ntlmssp_state->srv_sign_const, p24, SRV_SIGN);
- calc_ntlmv2_hash(ntlmssp_state->srv_seal_hash, ntlmssp_state->srv_seal_const, p24, SRV_SEAL);
- }
- else
- {
- char k2[8];
- memcpy(k2, p24, 5);
- k2[5] = 0xe5;
- k2[6] = 0x38;
- k2[7] = 0xb0;
-
- calc_hash(ntlmssp_state->ntlmssp_hash, k2, 8);
- }
-
- ntlmssp_state->ntlmssp_seq_num = 0;
-
- ZERO_STRUCT(lm_hash);
- return NT_STATUS_OK;
-}