summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/auth/auth_util.c4
-rw-r--r--source4/lib/crypto/hmacmd5.c2
-rw-r--r--source4/libcli/auth/credentials.c106
-rw-r--r--source4/libcli/auth/credentials.h6
-rw-r--r--source4/libcli/auth/ntlmssp.c8
-rw-r--r--source4/libcli/auth/schannel.c10
-rw-r--r--source4/libcli/auth/session.c2
-rw-r--r--source4/libcli/util/smbdes.c69
-rw-r--r--source4/librpc/rpc/dcerpc_schannel.c3
-rw-r--r--source4/rpc_server/config.mk1
-rw-r--r--source4/rpc_server/dcerpc_server.c2
-rw-r--r--source4/rpc_server/dcerpc_server.h2
-rw-r--r--source4/rpc_server/dcesrv_auth.c95
-rw-r--r--source4/rpc_server/dcesrv_crypto.c122
-rw-r--r--source4/rpc_server/epmapper/rpc_epmapper.c4
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c9
-rw-r--r--source4/rpc_server/samr/samr_password.c8
-rw-r--r--source4/torture/rpc/netlogon.c12
-rw-r--r--source4/torture/rpc/samr.c18
19 files changed, 326 insertions, 157 deletions
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c
index 929390ad78..bdbc818822 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/auth_util.c
@@ -222,10 +222,10 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
#endif
if (lm_interactive_pwd)
- SamOEMhash((uint8_t *)lm_pwd, key, sizeof(lm_pwd));
+ arcfour_crypt((uint8_t *)lm_pwd, key, sizeof(lm_pwd));
if (nt_interactive_pwd)
- SamOEMhash((uint8_t *)nt_pwd, key, sizeof(nt_pwd));
+ arcfour_crypt((uint8_t *)nt_pwd, key, sizeof(nt_pwd));
#ifdef DEBUG_PASSWORD
DEBUG(100,("decrypt of lm owf password:"));
diff --git a/source4/lib/crypto/hmacmd5.c b/source4/lib/crypto/hmacmd5.c
index 0d52e36858..9b24279f71 100644
--- a/source4/lib/crypto/hmacmd5.c
+++ b/source4/lib/crypto/hmacmd5.c
@@ -28,7 +28,7 @@
/***********************************************************************
the rfc 2104 version of hmac_md5 initialisation.
***********************************************************************/
-void hmac_md5_init_rfc2104(uint8_t *key, int key_len, HMACMD5Context *ctx)
+void hmac_md5_init_rfc2104(const uint8_t *key, int key_len, HMACMD5Context *ctx)
{
int i;
diff --git a/source4/libcli/auth/credentials.c b/source4/libcli/auth/credentials.c
index cf6d0cca62..27a3e32cf3 100644
--- a/source4/libcli/auth/credentials.c
+++ b/source4/libcli/auth/credentials.c
@@ -24,38 +24,66 @@
#include "includes.h"
/*
- initialise the credentials state
+ initialise the credentials state for old-style 64 bit session keys
this call is made after the netr_ServerReqChallenge call
*/
-static void creds_init(struct creds_CredentialState *creds,
- const struct netr_Credential *client_challenge,
- const struct netr_Credential *server_challenge,
- const uint8_t machine_password[16])
+static void creds_init_64bit(struct creds_CredentialState *creds,
+ const struct netr_Credential *client_challenge,
+ const struct netr_Credential *server_challenge,
+ const uint8_t machine_password[16])
{
- struct netr_Credential time_cred;
uint32_t sum[2];
uint8_t sum2[8];
- dump_data_pw("Client chall", client_challenge->data, sizeof(client_challenge->data));
- dump_data_pw("Server chall", server_challenge->data, sizeof(server_challenge->data));
- dump_data_pw("Machine Pass", machine_password, 16);
-
sum[0] = IVAL(client_challenge->data, 0) + IVAL(server_challenge->data, 0);
sum[1] = IVAL(client_challenge->data, 4) + IVAL(server_challenge->data, 4);
SIVAL(sum2,0,sum[0]);
SIVAL(sum2,4,sum[1]);
- cred_hash1(creds->session_key, sum2, machine_password);
+ ZERO_STRUCT(creds->session_key);
- SIVAL(time_cred.data, 0, IVAL(client_challenge->data, 0));
- SIVAL(time_cred.data, 4, IVAL(client_challenge->data, 4));
- cred_hash2(creds->client.data, time_cred.data, creds->session_key, 1);
+ des_crypt128(creds->session_key, sum2, machine_password);
- SIVAL(time_cred.data, 0, IVAL(server_challenge->data, 0));
- SIVAL(time_cred.data, 4, IVAL(server_challenge->data, 4));
- cred_hash2(creds->server.data, time_cred.data, creds->session_key, 1);
+ des_crypt112(creds->client.data, client_challenge->data, creds->session_key, 1);
+ des_crypt112(creds->server.data, server_challenge->data, creds->session_key, 1);
+
+ creds->seed = creds->client;
+}
+
+/*
+ initialise the credentials state for ADS-style 128 bit session keys
+
+ this call is made after the netr_ServerReqChallenge call
+*/
+static void creds_init_128bit(struct creds_CredentialState *creds,
+ const struct netr_Credential *client_challenge,
+ const struct netr_Credential *server_challenge,
+ const uint8_t machine_password[16])
+{
+ unsigned char zero[4], tmp[16];
+ HMACMD5Context ctx;
+ struct MD5Context md5;
+
+ ZERO_STRUCT(creds->session_key);
+
+ memset(zero, 0, sizeof(zero));
+
+ hmac_md5_init_rfc2104(machine_password, 16, &ctx);
+ MD5Init(&md5);
+ MD5Update(&md5, zero, sizeof(zero));
+ MD5Update(&md5, client_challenge->data, 8);
+ MD5Update(&md5, server_challenge->data, 8);
+ MD5Final(tmp, &md5);
+ hmac_md5_update(tmp, 16, &ctx);
+ hmac_md5_final(creds->session_key, &ctx);
+
+ creds->client = *client_challenge;
+ creds->server = *server_challenge;
+
+ des_crypt112(creds->client.data, client_challenge->data, creds->session_key, 1);
+ des_crypt112(creds->server.data, server_challenge->data, creds->session_key, 1);
creds->seed = creds->client;
}
@@ -77,7 +105,7 @@ static void creds_step(struct creds_CredentialState *creds)
DEBUG(5,("\tseed+time %08x:%08x\n", IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
- cred_hash2(creds->client.data, time_cred.data, creds->session_key, 1);
+ des_crypt112(creds->client.data, time_cred.data, creds->session_key, 1);
DEBUG(5,("\tCLIENT %08x:%08x\n",
IVAL(creds->client.data, 0), IVAL(creds->client.data, 4)));
@@ -88,7 +116,7 @@ static void creds_step(struct creds_CredentialState *creds)
DEBUG(5,("\tseed+time+1 %08x:%08x\n",
IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
- cred_hash2(creds->server.data, time_cred.data, creds->session_key, 1);
+ des_crypt112(creds->server.data, time_cred.data, creds->session_key, 1);
DEBUG(5,("\tSERVER %08x:%08x\n",
IVAL(creds->server.data, 0), IVAL(creds->server.data, 4)));
@@ -103,7 +131,7 @@ static void creds_step(struct creds_CredentialState *creds)
void creds_des_encrypt(struct creds_CredentialState *creds, struct netr_Password *pass)
{
struct netr_Password tmp;
- cred_hash3(tmp.data, pass->data, creds->session_key, 1);
+ des_crypt112_16(tmp.data, pass->data, creds->session_key, 1);
*pass = tmp;
}
@@ -113,7 +141,7 @@ void creds_des_encrypt(struct creds_CredentialState *creds, struct netr_Password
void creds_des_decrypt(struct creds_CredentialState *creds, struct netr_Password *pass)
{
struct netr_Password tmp;
- cred_hash3(tmp.data, pass->data, creds->session_key, 0);
+ des_crypt112_16(tmp.data, pass->data, creds->session_key, 0);
*pass = tmp;
}
@@ -122,12 +150,9 @@ void creds_des_decrypt(struct creds_CredentialState *creds, struct netr_Password
*/
void creds_arcfour_crypt(struct creds_CredentialState *creds, char *data, size_t len)
{
- DATA_BLOB session_key = data_blob(NULL, 16);
-
- memcpy(&session_key.data[0], creds->session_key, 8);
- memset(&session_key.data[8], '\0', 8);
+ DATA_BLOB session_key = data_blob(creds->session_key, 16);
- SamOEMhashBlob(data, len, &session_key);
+ arcfour_crypt_blob(data, len, &session_key);
data_blob_free(&session_key);
}
@@ -145,10 +170,24 @@ void creds_client_init(struct creds_CredentialState *creds,
const struct netr_Credential *client_challenge,
const struct netr_Credential *server_challenge,
const uint8_t machine_password[16],
- struct netr_Credential *initial_credential)
+ struct netr_Credential *initial_credential,
+ uint32_t negotiate_flags)
{
creds->sequence = time(NULL);
- creds_init(creds, client_challenge, server_challenge, machine_password);
+ creds->negotiate_flags = negotiate_flags;
+
+ dump_data_pw("Client chall", client_challenge->data, sizeof(client_challenge->data));
+ dump_data_pw("Server chall", server_challenge->data, sizeof(server_challenge->data));
+ dump_data_pw("Machine Pass", machine_password, 16);
+
+ if (negotiate_flags & NETLOGON_NEG_128BIT) {
+ creds_init_128bit(creds, client_challenge, server_challenge, machine_password);
+ } else {
+ creds_init_64bit(creds, client_challenge, server_challenge, machine_password);
+ }
+
+ dump_data_pw("Session key", creds->session_key, 16);
+ dump_data_pw("Credential ", creds->client.data, 8);
*initial_credential = creds->client;
}
@@ -198,9 +237,16 @@ void creds_server_init(struct creds_CredentialState *creds,
const struct netr_Credential *client_challenge,
const struct netr_Credential *server_challenge,
const uint8_t machine_password[16],
- struct netr_Credential *initial_credential)
+ struct netr_Credential *initial_credential,
+ uint32_t negotiate_flags)
{
- creds_init(creds, client_challenge, server_challenge, machine_password);
+ if (negotiate_flags & NETLOGON_NEG_128BIT) {
+ creds_init_128bit(creds, client_challenge, server_challenge,
+ machine_password);
+ } else {
+ creds_init_64bit(creds, client_challenge, server_challenge,
+ machine_password);
+ }
*initial_credential = creds->server;
}
diff --git a/source4/libcli/auth/credentials.h b/source4/libcli/auth/credentials.h
index 20eed73cc0..de0e086278 100644
--- a/source4/libcli/auth/credentials.h
+++ b/source4/libcli/auth/credentials.h
@@ -21,7 +21,8 @@
*/
struct creds_CredentialState {
- uint8_t session_key[8];
+ uint32_t negotiate_flags;
+ uint8_t session_key[16];
uint32_t sequence;
struct netr_Credential seed;
struct netr_Credential client;
@@ -29,6 +30,9 @@ struct creds_CredentialState {
};
+#define NETLOGON_NEG_128BIT 0x4000
+
+
/* for the timebeing, use the same neg flags as Samba3. */
/* The 7 here seems to be required to get Win2k not to downgrade us
to NT4. Actually, anything other than 1ff would seem to do... */
diff --git a/source4/libcli/auth/ntlmssp.c b/source4/libcli/auth/ntlmssp.c
index 49935f0acb..5916faf513 100644
--- a/source4/libcli/auth/ntlmssp.c
+++ b/source4/libcli/auth/ntlmssp.c
@@ -792,9 +792,9 @@ static NTSTATUS ntlmssp_server_postauth(struct ntlmssp_state *ntlmssp_state,
dump_data_pw("KEY_EXCH session key (enc):\n",
ntlmssp_state->encrypted_session_key.data,
ntlmssp_state->encrypted_session_key.length);
- SamOEMhash(ntlmssp_state->encrypted_session_key.data,
- session_key.data,
- ntlmssp_state->encrypted_session_key.length);
+ arcfour_crypt(ntlmssp_state->encrypted_session_key.data,
+ session_key.data,
+ ntlmssp_state->encrypted_session_key.length);
ntlmssp_state->session_key = data_blob_talloc(ntlmssp_state->mem_ctx,
ntlmssp_state->encrypted_session_key.data,
ntlmssp_state->encrypted_session_key.length);
@@ -1191,7 +1191,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
encrypted_session_key = data_blob_talloc(ntlmssp_state->mem_ctx,
client_session_key, sizeof(client_session_key));
dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, encrypted_session_key.length);
- SamOEMhash(encrypted_session_key.data, session_key.data, encrypted_session_key.length);
+ arcfour_crypt(encrypted_session_key.data, session_key.data, encrypted_session_key.length);
dump_data_pw("KEY_EXCH session key (enc):\n", encrypted_session_key.data, encrypted_session_key.length);
/* Mark the new session key as the 'real' session key */
diff --git a/source4/libcli/auth/schannel.c b/source4/libcli/auth/schannel.c
index 666eb811ae..294873feff 100644
--- a/source4/libcli/auth/schannel.c
+++ b/source4/libcli/auth/schannel.c
@@ -35,7 +35,7 @@ static void netsec_deal_with_seq_num(struct schannel_state *state,
hmac_md5(state->session_key, zeros, sizeof(zeros), digest1);
hmac_md5(digest1, packet_digest, 8, sequence_key);
- SamOEMhash(seq_num, sequence_key, 8);
+ arcfour_crypt(seq_num, sequence_key, 8);
state->seq_num++;
}
@@ -113,8 +113,8 @@ NTSTATUS schannel_unseal_packet(struct schannel_state *state,
SIVAL(seq_num, 4, state->initiator?0:0x80);
netsec_get_sealing_key(state->session_key, seq_num, sealing_key);
- SamOEMhash(confounder, sealing_key, 8);
- SamOEMhash(data, sealing_key, length);
+ arcfour_crypt(confounder, sealing_key, 8);
+ arcfour_crypt(data, sealing_key, length);
schannel_digest(state->session_key,
netsec_sig, confounder,
@@ -204,8 +204,8 @@ NTSTATUS schannel_seal_packet(struct schannel_state *state,
data, length, digest_final);
netsec_get_sealing_key(state->session_key, seq_num, sealing_key);
- SamOEMhash(confounder, sealing_key, 8);
- SamOEMhash(data, sealing_key, length);
+ arcfour_crypt(confounder, sealing_key, 8);
+ arcfour_crypt(data, sealing_key, length);
netsec_deal_with_seq_num(state, digest_final, seq_num);
diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c
index 1176d7fd0d..598f2d4f28 100644
--- a/source4/libcli/auth/session.c
+++ b/source4/libcli/auth/session.c
@@ -47,7 +47,7 @@ void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *sessi
}
memcpy(key, &session_key->data[k], 7);
- smbhash(bout, bin, key, forward?1:0);
+ des_crypt56(bout, bin, key, forward?1:0);
memcpy(&out->data[i], bout, MIN(8, in->length-i));
}
diff --git a/source4/libcli/util/smbdes.c b/source4/libcli/util/smbdes.c
index 967d0ffb82..2492f9a1ba 100644
--- a/source4/libcli/util/smbdes.c
+++ b/source4/libcli/util/smbdes.c
@@ -273,8 +273,10 @@ static void str_to_key(const uint8_t *str,uint8_t *key)
}
}
-
-void smbhash(uint8_t *out, const uint8_t *in, const uint8_t *key, int forw)
+/*
+ basic des crypt using a 56 bit (7 byte) key
+*/
+void des_crypt56(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], int forw)
{
int i;
char outb[64];
@@ -305,58 +307,67 @@ void smbhash(uint8_t *out, const uint8_t *in, const uint8_t *key, int forw)
void E_P16(const uint8_t *p14,uint8_t *p16)
{
const uint8_t sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
- smbhash(p16, sp8, p14, 1);
- smbhash(p16+8, sp8, p14+7, 1);
+ des_crypt56(p16, sp8, p14, 1);
+ des_crypt56(p16+8, sp8, p14+7, 1);
}
void E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24)
{
- smbhash(p24, c8, p21, 1);
- smbhash(p24+8, c8, p21+7, 1);
- smbhash(p24+16, c8, p21+14, 1);
+ des_crypt56(p24, c8, p21, 1);
+ des_crypt56(p24+8, c8, p21+7, 1);
+ des_crypt56(p24+16, c8, p21+14, 1);
}
void D_P16(const uint8_t *p14, const uint8_t *in, uint8_t *out)
{
- smbhash(out, in, p14, 0);
- smbhash(out+8, in+8, p14+7, 0);
+ des_crypt56(out, in, p14, 0);
+ des_crypt56(out+8, in+8, p14+7, 0);
}
void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out)
{
- smbhash(out, in, p14, 1);
- smbhash(out+8, in+8, p14+7, 1);
+ des_crypt56(out, in, p14, 1);
+ des_crypt56(out+8, in+8, p14+7, 1);
}
-void cred_hash1(uint8_t *out, const uint8_t *in, const uint8_t *key)
+/* des encryption with a 128 bit key */
+void des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16])
{
uint8_t buf[8];
-
- smbhash(buf, in, key, 1);
- smbhash(out, buf, key+9, 1);
+ des_crypt56(buf, in, key, 1);
+ des_crypt56(out, buf, key+9, 1);
}
-void cred_hash2(uint8_t *out, const uint8_t *in, const uint8_t *key, int forw)
+/* des encryption with a 64 bit key */
+void des_crypt64(uint8_t out[8], const uint8_t in[8], const uint8_t key[8], int forw)
{
uint8_t buf[8];
uint8_t key2[8];
ZERO_STRUCT(key2);
- smbhash(buf, in, key, forw);
+ des_crypt56(buf, in, key, forw);
key2[0] = key[7];
- smbhash(out, buf, key2, forw);
+ des_crypt56(out, buf, key2, forw);
}
-void cred_hash3(uint8_t *out, uint8_t *in, const uint8_t *key, int forw)
+/* des encryption with a 112 bit (14 byte) key */
+void des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14], int forw)
{
- uint8_t key2[8];
- ZERO_STRUCT(key2);
- smbhash(out, in, key, forw);
- key2[0] = key[7];
- smbhash(out + 8, in + 8, key2, forw);
+ uint8_t buf[8];
+ des_crypt56(buf, in, key, forw);
+ des_crypt56(out, buf, key+7, forw);
}
+/* des encryption of a 16 byte lump of data with a 112 bit key */
+void des_crypt112_16(uint8_t out[16], uint8_t in[16], const uint8_t key[14], int forw)
+{
+ des_crypt56(out, in, key, forw);
+ des_crypt56(out + 8, in + 8, key+7, forw);
+}
-void SamOEMhashBlob(uint8_t *data, int len, const DATA_BLOB *key)
+/*
+ arcfour encryption with a blob key
+*/
+void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key)
{
uint8_t s_box[256];
uint8_t index_i = 0;
@@ -397,11 +408,11 @@ void SamOEMhashBlob(uint8_t *data, int len, const DATA_BLOB *key)
a varient that assumes a 16 byte key. This should be removed
when the last user is gone
*/
-void SamOEMhash(uint8_t *data, const uint8_t keystr[16], int len)
+void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len)
{
DATA_BLOB key = data_blob(keystr, 16);
- SamOEMhashBlob(data, len, &key);
+ arcfour_crypt_blob(data, len, &key);
data_blob_free(&key);
}
@@ -419,6 +430,6 @@ void sam_pwd_hash(uint_t rid, const uint8_t *in, uint8_t *out, int forw)
s[2] = s[6] = s[10] = (uint8_t)((rid >> 16) & 0xFF);
s[3] = s[7] = s[11] = (uint8_t)((rid >> 24) & 0xFF);
- smbhash(out, in, s, forw);
- smbhash(out+8, in+8, s+7, forw);
+ des_crypt56(out, in, s, forw);
+ des_crypt56(out+8, in+8, s+7, forw);
}
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index 1874de726b..b4dbfbb5a5 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -124,7 +124,8 @@ NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p,
step 3 - authenticate on the netlogon pipe
*/
E_md4hash(password, mach_pwd);
- creds_client_init(&creds, &credentials1, &credentials2, mach_pwd, &credentials3);
+ creds_client_init(&creds, &credentials1, &credentials2, mach_pwd, &credentials3,
+ negotiate_flags);
a.in.server_name = r.in.server_name;
a.in.username = talloc_asprintf(p->mem_ctx, "%s$", workstation);
diff --git a/source4/rpc_server/config.mk b/source4/rpc_server/config.mk
index da6adaa220..4f8b4796fd 100644
--- a/source4/rpc_server/config.mk
+++ b/source4/rpc_server/config.mk
@@ -122,6 +122,7 @@ INIT_OBJ_FILES = \
ADD_OBJ_FILES = \
rpc_server/dcerpc_tcp.o \
rpc_server/dcesrv_auth.o \
+ rpc_server/dcesrv_crypto.o \
rpc_server/handles.o
#
# End SUBSYSTEM DCERPC
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 683be7225b..fd806c5289 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -268,7 +268,7 @@ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
(*p)->cli_max_recv_frag = 0;
(*p)->handles = NULL;
(*p)->partial_input = data_blob(NULL, 0);
- (*p)->auth_state.ntlmssp_state = NULL;
+ (*p)->auth_state.crypto_state = NULL;
(*p)->auth_state.auth_info = NULL;
(*p)->session_key = data_blob(NULL, 0);
diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h
index 2d833ebd58..bdda8f252f 100644
--- a/source4/rpc_server/dcerpc_server.h
+++ b/source4/rpc_server/dcerpc_server.h
@@ -95,7 +95,7 @@ struct dcesrv_handle {
/* hold the authentication state information */
struct dcesrv_auth {
- struct auth_ntlmssp_state *ntlmssp_state;
+ void *crypto_state;
struct dcerpc_auth *auth_info;
};
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index 48792180c6..7aa296c245 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -22,7 +22,6 @@
#include "includes.h"
-
/*
parse any auth information from a dcerpc bind request
return False if we can't handle the auth request for some
@@ -52,24 +51,11 @@ BOOL dcesrv_auth_bind(struct dcesrv_call_state *call)
return False;
}
- if (dce_conn->auth_state.auth_info->auth_type != DCERPC_AUTH_TYPE_NTLMSSP) {
- /* only do NTLMSSP for now */
- DEBUG(2,("auth_type %d not supported\n", dce_conn->auth_state.auth_info->auth_type));
- return False;
- }
-
- if (dce_conn->auth_state.auth_info->auth_level != DCERPC_AUTH_LEVEL_INTEGRITY &&
- dce_conn->auth_state.auth_info->auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
- DEBUG(2,("auth_level %d not supported\n", dce_conn->auth_state.auth_info->auth_level));
- return False;
- }
-
- status = auth_ntlmssp_start(&dce_conn->auth_state.ntlmssp_state);
+ status = dcesrv_crypto_startup(dce_conn, &dce_conn->auth_state);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(2, ("Failed to start NTLMSSP subsystem!\n"));
return False;
}
-
+
return True;
}
@@ -81,17 +67,17 @@ BOOL dcesrv_auth_bind_ack(struct dcesrv_call_state *call, struct dcerpc_packet *
struct dcesrv_connection *dce_conn = call->conn;
NTSTATUS status;
- if (!call->conn->auth_state.ntlmssp_state) {
+ if (!call->conn->auth_state.crypto_state) {
return True;
}
- status = auth_ntlmssp_update(dce_conn->auth_state.ntlmssp_state,
- call->mem_ctx,
- dce_conn->auth_state.auth_info->credentials,
- &dce_conn->auth_state.auth_info->credentials);
+ status = dcesrv_crypto_update(&dce_conn->auth_state,
+ call->mem_ctx,
+ dce_conn->auth_state.auth_info->credentials,
+ &dce_conn->auth_state.auth_info->credentials);
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- DEBUG(2, ("Failed to start NTLMSSP process NTLMSSP negotiate: %s\n", nt_errstr(status)));
+ DEBUG(2, ("Failed to start dcesrv auth negotiate: %s\n", nt_errstr(status)));
return False;
}
@@ -103,7 +89,7 @@ BOOL dcesrv_auth_bind_ack(struct dcesrv_call_state *call, struct dcerpc_packet *
/*
- process the final stage of a NTLMSSP auth request
+ process the final stage of a auth request
*/
BOOL dcesrv_auth_auth3(struct dcesrv_call_state *call)
{
@@ -112,7 +98,7 @@ BOOL dcesrv_auth_auth3(struct dcesrv_call_state *call)
NTSTATUS status;
if (!dce_conn->auth_state.auth_info ||
- !dce_conn->auth_state.ntlmssp_state ||
+ !dce_conn->auth_state.crypto_state ||
pkt->u.auth.auth_info.length == 0) {
return False;
}
@@ -125,20 +111,13 @@ BOOL dcesrv_auth_auth3(struct dcesrv_call_state *call)
return False;
}
- if (dce_conn->auth_state.auth_info->auth_type != DCERPC_AUTH_TYPE_NTLMSSP) {
- return False;
- }
- if (dce_conn->auth_state.auth_info->auth_level != DCERPC_AUTH_LEVEL_INTEGRITY &&
- dce_conn->auth_state.auth_info->auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
- return False;
- }
-
- status = auth_ntlmssp_update(dce_conn->auth_state.ntlmssp_state,
- call->mem_ctx,
- dce_conn->auth_state.auth_info->credentials,
- &dce_conn->auth_state.auth_info->credentials);
+ status = dcesrv_crypto_update(&dce_conn->auth_state,
+ call->mem_ctx,
+ dce_conn->auth_state.auth_info->credentials,
+ &dce_conn->auth_state.auth_info->credentials);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(4, ("User failed to authenticated with NTLMSSP: %s\n", nt_errstr(status)));
+ DEBUG(4, ("dcesrv_auth_auth3: failed to authenticate: %s\n",
+ nt_errstr(status)));
return False;
}
@@ -159,7 +138,7 @@ BOOL dcesrv_auth_request(struct dcesrv_call_state *call)
NTSTATUS status;
if (!dce_conn->auth_state.auth_info ||
- !dce_conn->auth_state.ntlmssp_state) {
+ !dce_conn->auth_state.crypto_state) {
return True;
}
@@ -193,21 +172,21 @@ BOOL dcesrv_auth_request(struct dcesrv_call_state *call)
/* check signature or unseal the packet */
switch (dce_conn->auth_state.auth_info->auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
- status = ntlmssp_unseal_packet(dce_conn->auth_state.ntlmssp_state->ntlmssp_state,
- call->mem_ctx,
- pkt->u.request.stub_and_verifier.data,
- pkt->u.request.stub_and_verifier.length,
- &auth.credentials);
- break;
-
- case DCERPC_AUTH_LEVEL_INTEGRITY:
- status = ntlmssp_check_packet(dce_conn->auth_state.ntlmssp_state->ntlmssp_state,
+ status = dcesrv_crypto_unseal(&dce_conn->auth_state,
call->mem_ctx,
pkt->u.request.stub_and_verifier.data,
pkt->u.request.stub_and_verifier.length,
&auth.credentials);
break;
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ status = dcesrv_crypto_check_sig(&dce_conn->auth_state,
+ call->mem_ctx,
+ pkt->u.request.stub_and_verifier.data,
+ pkt->u.request.stub_and_verifier.length,
+ &auth.credentials);
+ break;
+
default:
status = NT_STATUS_INVALID_LEVEL;
break;
@@ -234,7 +213,7 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
struct ndr_push *ndr;
/* non-signed packets are simple */
- if (!dce_conn->auth_state.auth_info || !dce_conn->auth_state.ntlmssp_state) {
+ if (!dce_conn->auth_state.auth_info || !dce_conn->auth_state.crypto_state) {
status = dcerpc_push_auth(blob, call->mem_ctx, pkt, NULL);
return NT_STATUS_IS_OK(status);
}
@@ -260,19 +239,19 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
/* sign or seal the packet */
switch (dce_conn->auth_state.auth_info->auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
- status = ntlmssp_seal_packet(dce_conn->auth_state.ntlmssp_state->ntlmssp_state,
- call->mem_ctx,
- ndr->data + DCERPC_REQUEST_LENGTH,
- ndr->offset - DCERPC_REQUEST_LENGTH,
- &dce_conn->auth_state.auth_info->credentials);
+ status = dcesrv_crypto_seal(&dce_conn->auth_state,
+ call->mem_ctx,
+ ndr->data + DCERPC_REQUEST_LENGTH,
+ ndr->offset - DCERPC_REQUEST_LENGTH,
+ &dce_conn->auth_state.auth_info->credentials);
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
- status = ntlmssp_sign_packet(dce_conn->auth_state.ntlmssp_state->ntlmssp_state,
- call->mem_ctx,
- ndr->data + DCERPC_REQUEST_LENGTH,
- ndr->offset - DCERPC_REQUEST_LENGTH,
- &dce_conn->auth_state.auth_info->credentials);
+ status = dcesrv_crypto_sign(&dce_conn->auth_state,
+ call->mem_ctx,
+ ndr->data + DCERPC_REQUEST_LENGTH,
+ ndr->offset - DCERPC_REQUEST_LENGTH,
+ &dce_conn->auth_state.auth_info->credentials);
break;
default:
status = NT_STATUS_INVALID_LEVEL;
diff --git a/source4/rpc_server/dcesrv_crypto.c b/source4/rpc_server/dcesrv_crypto.c
new file mode 100644
index 0000000000..64ff4ee30b
--- /dev/null
+++ b/source4/rpc_server/dcesrv_crypto.c
@@ -0,0 +1,122 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ server side dcerpc authentication code - crypto support
+
+ Copyright (C) Andrew Tridgell 2004
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/*
+ this provides a crypto interface to the various backends (such as
+ NTLMSSP and SCHANNEL) for the rpc server code
+*/
+
+#include "includes.h"
+
+/*
+ startup the cryptographic side of an authenticated dcerpc server
+*/
+NTSTATUS dcesrv_crypto_startup(struct dcesrv_connection *dce_conn,
+ struct dcesrv_auth *auth)
+{
+ struct auth_ntlmssp_state *ntlmssp = NULL;
+ NTSTATUS status;
+
+ if (auth->auth_info->auth_level != DCERPC_AUTH_LEVEL_INTEGRITY &&
+ auth->auth_info->auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
+ DEBUG(2,("auth_level %d not supported in dcesrv auth\n",
+ auth->auth_info->auth_level));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ switch (auth->auth_info->auth_type) {
+/*
+ case DCERPC_AUTH_TYPE_SCHANNEL:
+ return auth_schannel_start();
+*/
+
+ case DCERPC_AUTH_TYPE_NTLMSSP:
+ status = auth_ntlmssp_start(&ntlmssp);
+ auth->crypto_state = ntlmssp;
+ break;
+
+ default:
+ DEBUG(2,("dcesrv auth_type %d not supported\n", auth->auth_info->auth_type));
+ status = NT_STATUS_INVALID_PARAMETER;
+ }
+
+ DEBUG(4,("dcesrv_crypto_startup: %s\n", nt_errstr(status)));
+
+ return status;
+}
+
+/*
+ update crypto state
+*/
+NTSTATUS dcesrv_crypto_update(struct dcesrv_auth *auth,
+ TALLOC_CTX *out_mem_ctx,
+ const DATA_BLOB in, DATA_BLOB *out)
+{
+ AUTH_NTLMSSP_STATE *ntlmssp = auth->crypto_state;
+
+ return ntlmssp_update(ntlmssp->ntlmssp_state, out_mem_ctx, in, out);
+}
+
+
+/*
+ seal a packet
+*/
+NTSTATUS dcesrv_crypto_seal(struct dcesrv_auth *auth,
+ TALLOC_CTX *sig_mem_ctx, uint8_t *data, size_t length, DATA_BLOB *sig)
+{
+ AUTH_NTLMSSP_STATE *ntlmssp = auth->crypto_state;
+
+ return ntlmssp_seal_packet(ntlmssp->ntlmssp_state, sig_mem_ctx, data, length, sig);
+}
+
+/*
+ sign a packet
+*/
+NTSTATUS dcesrv_crypto_sign(struct dcesrv_auth *auth,
+ TALLOC_CTX *sig_mem_ctx, const uint8_t *data, size_t length, DATA_BLOB *sig)
+{
+ AUTH_NTLMSSP_STATE *ntlmssp = auth->crypto_state;
+
+ return ntlmssp_sign_packet(ntlmssp->ntlmssp_state, sig_mem_ctx, data, length, sig);
+}
+
+/*
+ check a packet signature
+*/
+NTSTATUS dcesrv_crypto_check_sig(struct dcesrv_auth *auth,
+ TALLOC_CTX *sig_mem_ctx, const uint8_t *data, size_t length, const DATA_BLOB *sig)
+{
+ AUTH_NTLMSSP_STATE *ntlmssp = auth->crypto_state;
+
+ return ntlmssp_check_packet(ntlmssp->ntlmssp_state, sig_mem_ctx, data, length, sig);
+}
+
+/*
+ unseal a packet
+*/
+NTSTATUS dcesrv_crypto_unseal(struct dcesrv_auth *auth,
+ TALLOC_CTX *sig_mem_ctx, uint8_t *data, size_t length, DATA_BLOB *sig)
+{
+ AUTH_NTLMSSP_STATE *ntlmssp = auth->crypto_state;
+
+ return ntlmssp_unseal_packet(ntlmssp->ntlmssp_state, sig_mem_ctx, data, length, sig);
+}
diff --git a/source4/rpc_server/epmapper/rpc_epmapper.c b/source4/rpc_server/epmapper/rpc_epmapper.c
index b5113a881b..891876c2d8 100644
--- a/source4/rpc_server/epmapper/rpc_epmapper.c
+++ b/source4/rpc_server/epmapper/rpc_epmapper.c
@@ -102,6 +102,8 @@ static BOOL fill_protocol_tower(TALLOC_CTX *mem_ctx, struct epm_towers *twr,
twr->floors[4].lhs.protocol = EPM_PROTOCOL_IP;
twr->floors[4].lhs.info.lhs_data = data_blob(NULL, 0);
twr->floors[4].rhs.rhs_data = data_blob_talloc_zero(mem_ctx, 4);
+ /* TODO: we should fill in our IP address here as a hint to the
+ client */
break;
}
@@ -247,7 +249,7 @@ static NTSTATUS epm_Map(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
count = build_ep_list(mem_ctx, dce_call->conn->dce_ctx->endpoint_list, &eps);
- ZERO_STRUCTP(r->out.entry_handle);
+ ZERO_STRUCT(*r->out.entry_handle);
r->out.num_towers = 1;
r->out.status = 0;
r->out.towers = talloc_p(mem_ctx, struct epm_twr_p_t);
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 81d37d0984..5f4717a5c6 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -148,7 +148,7 @@ static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TAL
ZERO_STRUCTP(r->out.credentials);
*r->out.rid = 0;
- *r->out.negotiate_flags = *r->in.negotiate_flags & NETLOGON_NEG_AUTH2_FLAGS;
+ *r->out.negotiate_flags = *r->in.negotiate_flags;
if (!pipe_state) {
DEBUG(1, ("No challange requested by client, cannot authenticate\n"));
@@ -228,8 +228,9 @@ static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TAL
creds_server_init(pipe_state->creds, &pipe_state->client_challenge,
&pipe_state->server_challenge, mach_pwd,
- r->out.credentials);
-
+ r->out.credentials,
+ *r->in.negotiate_flags);
+
if (!creds_server_check(pipe_state->creds, r->in.credentials)) {
return NT_STATUS_ACCESS_DENIED;
}
@@ -249,8 +250,6 @@ static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TAL
}
pipe_state->computer_name = talloc_strdup(pipe_state->mem_ctx, r->in.computer_name);
-
- *r->out.negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
return NT_STATUS_OK;
}
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 89deaa2f09..228b8b53c0 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -169,7 +169,7 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_
}
/* decrypt the password we have been given */
- SamOEMhash(pwbuf->data, lm_pwd, 516);
+ arcfour_crypt(pwbuf->data, lm_pwd, 516);
if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
&new_pass_len, STR_ASCII)) {
@@ -284,7 +284,7 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
}
/* decrypt the password we have been given */
- SamOEMhash(r->in.nt_password->data, nt_pwd, 516);
+ arcfour_crypt(r->in.nt_password->data, nt_pwd, 516);
if (!decode_pw_buffer(r->in.nt_password->data, new_pass, sizeof(new_pass),
&new_pass_len, STR_UNICODE)) {
@@ -684,7 +684,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
uint32_t new_pass_len;
DATA_BLOB session_key = dce_call->conn->session_key;
- SamOEMhashBlob(pwbuf->data, 516, &session_key);
+ arcfour_crypt_blob(pwbuf->data, 516, &session_key);
if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
&new_pass_len, STR_UNICODE)) {
@@ -731,7 +731,7 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
MD5Update(&ctx, session_key.data, session_key.length);
MD5Final(co_session_key.data, &ctx);
- SamOEMhashBlob(pwbuf->data, 516, &co_session_key);
+ arcfour_crypt_blob(pwbuf->data, 516, &co_session_key);
if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
&new_pass_len, STR_UNICODE)) {
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 58c071dcdb..bfa63c2af7 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -147,7 +147,7 @@ again:
return False;
}
- SamOEMhashBlob(u.info24.password.data, 516, &session_key);
+ arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
status = dcerpc_samr_SetUserInfo(join.p, mem_ctx, &s);
if (!NT_STATUS_IS_OK(status)) {
@@ -274,7 +274,8 @@ static BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
a.in.credentials = &credentials3;
a.out.credentials = &credentials3;
- creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3);
+ creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3,
+ NETLOGON_NEG_AUTH2_FLAGS);
printf("Testing ServerAuthenticate\n");
@@ -335,7 +336,8 @@ static BOOL test_SetupCredentials2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
a.in.credentials = &credentials3;
a.out.credentials = &credentials3;
- creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3);
+ creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3,
+ negotiate_flags);
printf("Testing ServerAuthenticate2\n");
@@ -374,6 +376,7 @@ static BOOL test_SetupCredentials3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
r.in.computer_name = TEST_MACHINE_NAME;
r.in.credentials = &credentials1;
r.out.credentials = &credentials2;
+
generate_random_buffer(credentials1.data, sizeof(credentials1.data), False);
status = dcerpc_netr_ServerReqChallenge(p, mem_ctx, &r);
@@ -400,7 +403,8 @@ static BOOL test_SetupCredentials3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
a.out.negotiate_flags = &negotiate_flags;
a.out.rid = &rid;
- creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3);
+ creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3,
+ negotiate_flags);
printf("Testing ServerAuthenticate3\n");
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 3a243abfce..dab1b3bed5 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -364,7 +364,7 @@ static BOOL test_SetUserPass(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
return False;
}
- SamOEMhashBlob(u.info24.password.data, 516, &session_key);
+ arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
printf("Testing SetUserInfo level 24 (set password)\n");
@@ -408,7 +408,7 @@ static BOOL test_SetUserPass_23(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
return False;
}
- SamOEMhashBlob(u.info23.password.data, 516, &session_key);
+ arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
printf("Testing SetUserInfo level 23 (set password)\n");
@@ -459,7 +459,7 @@ static BOOL test_SetUserPassEx(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
MD5Update(&ctx, session_key.data, session_key.length);
MD5Final(confounded_session_key.data, &ctx);
- SamOEMhashBlob(u.info26.password.data, 516, &confounded_session_key);
+ arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
memcpy(&u.info26.password.data[516], confounder, 16);
printf("Testing SetUserInfo level 26 (set password ex)\n");
@@ -513,7 +513,7 @@ static BOOL test_SetUserPass_25(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
MD5Update(&ctx, session_key.data, session_key.length);
MD5Final(confounded_session_key.data, &ctx);
- SamOEMhashBlob(u.info25.password.data, 516, &confounded_session_key);
+ arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
memcpy(&u.info25.password.data[516], confounder, 16);
printf("Testing SetUserInfo level 25 (set password ex)\n");
@@ -810,7 +810,7 @@ static BOOL test_OemChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_c
E_deshash(newpass, new_lm_hash);
encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
- SamOEMhash(lm_pass.data, old_lm_hash, 516);
+ arcfour_crypt(lm_pass.data, old_lm_hash, 516);
E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
r.in.server = &server;
@@ -856,11 +856,11 @@ static BOOL test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
E_deshash(newpass, new_lm_hash);
encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE);
- SamOEMhash(lm_pass.data, old_lm_hash, 516);
+ arcfour_crypt(lm_pass.data, old_lm_hash, 516);
E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
- SamOEMhash(nt_pass.data, old_nt_hash, 516);
+ arcfour_crypt(nt_pass.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
r.in.server = &server;
@@ -909,11 +909,11 @@ static BOOL test_ChangePasswordUser3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
E_deshash(newpass, new_lm_hash);
encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
- SamOEMhash(lm_pass.data, old_nt_hash, 516);
+ arcfour_crypt(lm_pass.data, old_nt_hash, 516);
E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
- SamOEMhash(nt_pass.data, old_nt_hash, 516);
+ arcfour_crypt(nt_pass.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
r.in.server = &server;