r443: Update Samba4 to the auth and NTLMSSP code from Samba3.

Not all the auth code is merged - only those parts that are actually being used in Samba4. There is a lot more work to do in the NTLMSSP area, and I hope to develop that work here. There is a start on this here - splitting NTLMSSP into two parts that my operate in an async fashion (before and after the actual authentication) Andrew Bartlett (This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f)
author: Andrew Bartlett <abartlet@samba.org> 2004-05-02 08:45:00 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 12:51:42 -0500
commit: 9f084101dd392ceb85f141f55ee56bed344626ef (patch)
tree: 2a9884d8e99e28b9dbfb153575e32c5b8bb9ef4c /source4/libcli/util
parent: 585d87a9590ecf64681700d70c37e5276ee8514a (diff)
download: samba-9f084101dd392ceb85f141f55ee56bed344626ef.tar.gz
samba-9f084101dd392ceb85f141f55ee56bed344626ef.tar.bz2
samba-9f084101dd392ceb85f141f55ee56bed344626ef.zip
1 files changed, 62 insertions, 59 deletions
diff --git a/source4/libcli/util/smbencrypt.c b/source4/libcli/util/smbencrypt.c
index a091805345..4b2c753637 100644
--- a/source4/libcli/util/smbencrypt.c
+++ b/source4/libcli/util/smbencrypt.c
@@ -28,13 +28,17 @@
 /*
    This implements the X/Open SMB password encryption
    It takes a password ('unix' string), a 8 byte "crypt key" 
-   and puts 24 bytes of encrypted password into p24 */
-void SMBencrypt(const char *passwd, const uchar *c8, uchar p24[24])
+   and puts 24 bytes of encrypted password into p24 
+
+   Returns False if password must have been truncated to create LM hash
+*/
+BOOL SMBencrypt(const char *passwd, const uchar *c8, uchar p24[24])
 {
+	BOOL ret;
 	uchar p21[21];
 
 	memset(p21,'\0',21);
-	E_deshash(passwd, p21); 
+	ret = E_deshash(passwd, p21); 
 
 	SMBOWFencrypt(p21, c8, p24);
 
@@ -44,6 +48,8 @@ void SMBencrypt(const char *passwd, const uchar *c8, uchar p24[24])
 	dump_data(100, (const char *)c8, 8);
 	dump_data(100, (char *)p24, 24);
 #endif
+
+	return ret;
 }
 
 /**
@@ -70,20 +76,29 @@ void E_md4hash(const char *passwd, uchar p16[16])
  * Creates the DES forward-only Hash of the users password in DOS ASCII charset
  * @param passwd password in 'unix' charset.
  * @param p16 return password hashed with DES, caller allocated 16 byte buffer
+ * @return False if password was > 14 characters, and therefore may be incorrect, otherwise True
+ * @note p16 is filled in regardless
  */
  
-void E_deshash(const char *passwd, uchar p16[16])
+BOOL E_deshash(const char *passwd, uchar p16[16])
 {
+	BOOL ret = True;
 	fstring dospwd; 
 	ZERO_STRUCT(dospwd);
 	
 	/* Password must be converted to DOS charset - null terminated, uppercase. */
 	push_ascii(dospwd, passwd, sizeof(dospwd), STR_UPPER|STR_TERMINATE);
-
+       
 	/* Only the fisrt 14 chars are considered, password need not be null terminated. */
 	E_P16((const unsigned char *)dospwd, p16);
 
+	if (strlen(dospwd) > 14) {
+		ret = False;
+	}
+
 	ZERO_STRUCT(dospwd);	
+
+	return ret;
 }
 
 /**
@@ -118,7 +133,9 @@ void nt_lm_owf_gen(const char *pwd, uchar nt_p16[16], uchar p16[16])
 
 /* Does both the NTLMv2 owfs of a user's password */
 BOOL ntv2_owf_gen(const uchar owf[16],
-		  const char *user_in, const char *domain_in, uchar kr_buf[16])
+		  const char *user_in, const char *domain_in,
+		  BOOL upper_case_domain, /* Transform the domain into UPPER case */
+		  uchar kr_buf[16])
 {
 	smb_ucs2_t *user;
 	smb_ucs2_t *domain;
@@ -141,7 +158,9 @@ BOOL ntv2_owf_gen(const uchar owf[16],
 	}
 
 	strupper_w(user);
-	strupper_w(domain);
+
+	if (upper_case_domain)
+		strupper_w(domain);
 
 	SMB_ASSERT(user_byte_len >= 2);
 	SMB_ASSERT(domain_byte_len >= 2);
@@ -217,40 +236,6 @@ void SMBNTencrypt(const char *passwd, uchar *c8, uchar *p24)
 #endif
 }
 
-BOOL make_oem_passwd_hash(char data[516], const char *passwd, 
-			  const uchar old_pw_hash[16], 
-			  BOOL unicode)
-{
-	int new_pw_len = strlen(passwd) * (unicode ? 2 : 1);
-
-	if (new_pw_len > 512)
-	{
-		DEBUG(0,("make_oem_passwd_hash: new password is too long.\n"));
-		return False;
-	}
-
-	/*
-	 * Now setup the data area.
-	 * We need to generate a random fill
-	 * for this area to make it harder to
-	 * decrypt. JRA.
-	 */
-	generate_random_buffer((unsigned char *)data, 516, False);
-	push_string(NULL, &data[512 - new_pw_len], passwd, new_pw_len, 
-		    STR_NOALIGN | (unicode?STR_UNICODE:STR_ASCII));
-	SIVAL(data, 512, new_pw_len);
-
-#ifdef DEBUG_PASSWORD
-	DEBUG(100,("make_oem_passwd_hash\n"));
-	dump_data(100, data, 516);
-#endif
-	SamOEMhash((unsigned char *)data, 
-		   (const unsigned char *)old_pw_hash, 
-		   516);
-
-	return True;
-}
-
 /* Does the md5 encryption from the Key Response for NTLMv2. */
 void SMBOWFencrypt_ntv2(const uchar kr[16],
 			const DATA_BLOB *srv_chal,
@@ -329,15 +314,35 @@ void SMBsesskeygen_lmv1(const uchar lm_hash[16],
 #endif
 }
 
+void SMBsesskeygen_lm_sess_key(const uchar lm_hash[16],
+			const uchar lm_resp[24], /* only uses 8 */ 
+			uint8 sess_key[16])
+{
+	uchar p24[24];
+	uchar partial_lm_hash[16];
+	
+	memcpy(partial_lm_hash, lm_hash, 8);
+	memset(partial_lm_hash + 8, 0xbd, 8);    
+
+	SMBOWFencrypt(partial_lm_hash, lm_resp, p24);
+	
+	memcpy(sess_key, p24, 16);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100, ("SMBsesskeygen_lmv1_jerry:\n"));
+	dump_data(100, sess_key, 16);
+#endif
+}
+
 DATA_BLOB NTLMv2_generate_names_blob(const char *hostname, 
 				     const char *domain)
 {
 	DATA_BLOB names_blob = data_blob(NULL, 0);
 	
 	msrpc_gen(&names_blob, "aaa", 
-		  True, NTLMSSP_NAME_TYPE_DOMAIN, domain,
-		  True, NTLMSSP_NAME_TYPE_SERVER, hostname,
-		  True, 0, "");
+		  NTLMSSP_NAME_TYPE_DOMAIN, domain,
+		  NTLMSSP_NAME_TYPE_SERVER, hostname,
+		  0, "");
 	return names_blob;
 }
 
@@ -424,7 +429,7 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password
 		      const DATA_BLOB *server_chal, 
 		      const DATA_BLOB *names_blob,
 		      DATA_BLOB *lm_response, DATA_BLOB *nt_response, 
-		      DATA_BLOB *nt_session_key) 
+		      DATA_BLOB *user_session_key) 
 {
 	uchar nt_hash[16];
 	uchar ntlm_v2_hash[16];
@@ -434,19 +439,19 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password
 	   the username and domain.
 	   This prevents username swapping during the auth exchange
 	*/
-	if (!ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash)) {
+	if (!ntv2_owf_gen(nt_hash, user, domain, True, ntlm_v2_hash)) {
 		return False;
 	}
 	
 	if (nt_response) {
 		*nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal,
 							names_blob); 
-		if (nt_session_key) {
-			*nt_session_key = data_blob(NULL, 16);
+		if (user_session_key) {
+			*user_session_key = data_blob(NULL, 16);
 			
 			/* The NTLMv2 calculations also provide a session key, for signing etc later */
 			/* use only the first 16 bytes of nt_response for session key */
-			SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, nt_session_key->data);
+			SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, user_session_key->data);
 		}
 	}
 	
@@ -471,9 +476,6 @@ BOOL encode_pw_buffer(char buffer[516], const char *password, int string_flags)
 	new_pw_len = push_string(NULL, new_pw,
 				 password, 
 				 sizeof(new_pw), string_flags);
-	if (new_pw_len > 512) {
-		return False;
-	}
 	
 	memcpy(&buffer[512 - new_pw_len], new_pw, new_pw_len);
 
@@ -495,13 +497,14 @@ BOOL encode_pw_buffer(char buffer[516], const char *password, int string_flags)
  returned password including termination.
 ************************************************************/
 BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd,
-		      int new_pwrd_size, uint32 *new_pw_len)
+		      int new_pwrd_size, uint32 *new_pw_len,
+		      int string_flags)
 {
 	int byte_len=0;
 
 	/*
 	  Warning !!! : This function is called from some rpc call.
-	  The password IN the buffer is a UNICODE string.
+	  The password IN the buffer may be a UNICODE string.
 	  The password IN new_pwrd is an ASCII string
 	  If you reuse that code somewhere else check first.
 	*/
@@ -514,15 +517,16 @@ BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd,
 	dump_data(100, in_buffer, 516);
 #endif
 
-	/* Password cannot be longer than 128 characters */
-	if ( (byte_len < 0) || (byte_len > new_pwrd_size - 1)) {
+	/* Password cannot be longer than the size of the password buffer */
+	if ( (byte_len < 0) || (byte_len > 512)) {
 		DEBUG(0, ("decode_pw_buffer: incorrect password length (%d).\n", byte_len));
 		DEBUG(0, ("decode_pw_buffer: check that 'encrypt passwords = yes'\n"));
 		return False;
 	}
 
-	/* decode into the return buffer.  Buffer must be a pstring */
- 	*new_pw_len = pull_string(NULL, new_pwrd, &in_buffer[512 - byte_len], new_pwrd_size, byte_len, STR_UNICODE);
+	/* decode into the return buffer.  Buffer length supplied */
+ 	*new_pw_len = pull_string(NULL, new_pwrd, &in_buffer[512 - byte_len], new_pwrd_size, 
+				  byte_len, string_flags);
 
 #ifdef DEBUG_PASSWORD
 	DEBUG(100,("decode_pw_buffer: new_pwrd: "));
@@ -533,4 +537,3 @@ BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd,
 	
 	return True;
 }
-
author	Andrew Bartlett <abartlet@samba.org>	2004-05-02 08:45:00 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 12:51:42 -0500
commit	9f084101dd392ceb85f141f55ee56bed344626ef (patch)
tree	2a9884d8e99e28b9dbfb153575e32c5b8bb9ef4c /source4/libcli/util
parent	585d87a9590ecf64681700d70c37e5276ee8514a (diff)
download	samba-9f084101dd392ceb85f141f55ee56bed344626ef.tar.gz samba-9f084101dd392ceb85f141f55ee56bed344626ef.tar.bz2 samba-9f084101dd392ceb85f141f55ee56bed344626ef.zip