summaryrefslogtreecommitdiff
path: root/source3/libsmb/smbencrypt.c
AgeCommit message (Collapse)AuthorFilesLines
2003-11-22(merge from 3.0)Andrew Bartlett1-3/+3
Changes all over the shop, but all towards: - NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... Andrew Bartlett (This used to be commit 57a895aaabacc0c9147344d097d333793b77c947)
2003-09-09sync 3.0 into HEAD for the last timeGerald Carter1-2/+2
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
2003-07-16trying to get HEAD building again. If you want the codeGerald Carter1-29/+128
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE (This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
2003-03-09Change the way we sign SMB packets, to a function pointer interface.Andrew Bartlett1-99/+1
The intention is to allow for NTLMSSP and kerberos signing of packets, but for now it's just what I call 'simple' signing. (aka SMB signing per the SNIA spec) Andrew Bartlett (This used to be commit b9cf95c3dc04a45de71fb16e85c1bfbae50e6d8f)
2003-02-14Further extract our NTLMv2 code into smbencrypt.c, prior to merge into ourAndrew Bartlett1-0/+31
NTLMSSP client code. Andrew Bartlett (This used to be commit eaa8e7d1f82b30e7af14a0a58d7ca3eb66a06053)
2003-02-10Clean up our NTLMv2 code by moving the grunt work into a helper function.Andrew Bartlett1-0/+27
Andrew Bartlett (This used to be commit 6789e237d7b070624ba09e7ed43680b838337b74)
2003-02-09(only for HEAD at the moment).Andrew Bartlett1-7/+5
Add NTLMv2 support to our client, used when so configured ('client use NTLMv2 = yes') and only when 'client use spengo = no'. (A new option to allow the client and server ends to chose spnego seperatly). NTLMv2 signing doesn't yet work, and NTLMv2 is not done for NTLMSSP yet. Also some parinoia checks in our input parsing. Andrew Bartlett (This used to be commit 85e9c060eab59c7692198f14a447ad59f05af437)
2003-02-02More signing updates - start checking that the server isn't being spoofed.Andrew Bartlett1-0/+38
Andrew Bartlett (This used to be commit b1c722e306533babeffeba9d8c7dcfa00e019423)
2003-02-01We now have client-side SMB signing support!Andrew Bartlett1-4/+7
This checking allows us to connect to Microsoft servers the use SMB signing, within a few restrictions: - I've not get the NTLMSSP stuff going - it appears to work, but if you break the sig - say by writing a zero in it - it still passes... - We don't currently verfiy the server's reply - It works against one of my test servers, but not the other... However, it provides an excellent basis to work from. Enable it with 'client signing' in your smb.conf. Doc to come (tomorrow) and this is not for 3.0, till we get it complete. The CIFS Spec is misleading - the session key (for NTLMv1 at least) is the standard session key, ie MD4(NT#). Thanks to jra for the early work on this. Andrew Bartlett (This used to be commit 1a2738937e3d80b378bd0ed33cd8d395fba2d3c3)
2003-01-13Don't force the DOS password into a 14 char space, as this would imply nullAndrew Bartlett1-1/+2
termination - the password will not be null terminated before hashing if len >= 14. related to debian bug #157432 Andrew Bartlett (This used to be commit c6535836f2e48903aa89a18c11cbb37576fb4a20)
2003-01-11Fix a number of client-side fstring/pstring mixups.Andrew Bartlett1-9/+9
Andrew Bartlett (This used to be commit fe1cc779d5ea77e87dbc0e2edf7c34a354fee6e0)
2003-01-03Fixed some simple typos, including one that would have resulted in aChristopher R. Hertel1-2/+2
DEBUG() message printing the wrong value. (This used to be commit 42a4e5b851aa7c9fd9dca5a6f8f42e5d91246c76)
2002-08-26Updates!Andrew Bartlett1-14/+46
- Don't print an uninitialised buffer in service.c - Change some charcnv.c functions to take smb_ucs2_t ** instead of void ** - Update NTLMv2 code to use dynamic buffers - Update experimental SMB signing code - still more work to do - Move sys_getgrouplist() to SAFE_FREE() and do a DEBUG() on initgroups() failure. Andrew Bartlett (This used to be commit de1964f7fa855022258a84556b266100b917444b)
2002-07-20Try to fix up warnings - particularly on the IRIX 64 bit compiler (which had aAndrew Bartlett1-2/+2
distinction between uchar and char). Lots of const etc. Andrew Bartlett (This used to be commit 8196ee908e10db2119e480fe1b0a71b31a16febc)
2002-07-20Fix up char/uchar casts etc. Fix up comments on some of the password hashAndrew Bartlett1-4/+4
wrappers. Andrew Bartlett (This used to be commit 95519d408caa7da00dbb2a8323cc4374a517cd69)
2002-07-20Add support for a weird behaviour apparently used by Win9X pass-throughAndrew Bartlett1-2/+2
authentication - we can have an NT hash in the LM hash feild. (I need to double-check this fix with tpot, who discovered it). Also remove silly casts back and forth between uchar and char. Andrew Bartlett (This used to be commit 07e2b36311f91d7a20865a2ccc94716772e53fd7)
2002-06-16Two things: Check how many paramaters that the LDAP libs take for theAndrew Bartlett1-4/+6
rebind proc (some give an extra paramter to pass a void* paramater) and some small changes for the SMB signing code to reset things when the signing starts, and to 'turn off' signing if the session setup failed. Andrew Bartlett (This used to be commit a8805a34e5d96eeb5ffe15681b241d5a449a6144)
2002-06-16Fix up some of the SMB signing code:Andrew Bartlett1-0/+10
The problem was that *all* packets were being signed, even packets before signing was set up. (This broke the session request). This fixes it to be an 'opt in' measure - that is, we only attempt to sign things after we have got a valid, non-guest session setup as per the CIFS spec. I've not tested this against an MS server, becouse my VMware is down, but at least it doesn't break the build farm any more. Andrew Bartlett (This used to be commit 1dc5a8765876c1ca822e454651f8fd4a551965e9)
2002-06-14Ok, now I can try my first client test...Jeremy Allison1-0/+12
Jeremy. (This used to be commit 9d461933766f26ce772f6d5ea849ef9218c4d534)
2002-06-14More of SMB signing for client - not yet finished (should be harmless).Jeremy Allison1-0/+27
Jeremy. (This used to be commit c1b20db4bb4bb1ba485466f50b9795470027327c)
2002-06-07A couple of updates for the SmbEncrypt code, and some of its users.Andrew Bartlett1-1/+1
(const, takes unix string as arg) Also update cli_full_connection to take NULL pointers as 'undefined' correctly, and therefore do its own lookup etc. This what was intended, but previously you needed to supply a 0.0.0.0 IP address. Andrew Bartlett (This used to be commit 8fb1a9c6ba07dbf04a6aa1e30fa7bbd4c676ed28)
2002-05-25Update some of the LM hash code to better respect the seperation betweenAndrew Bartlett1-32/+41
unix and DOS strings. This pushes all the 'have to uppercase, must be 14 chars' stuff behind the the interface. Andrew Bartlett (This used to be commit dec650efa8ab1466114c2e6d469320a319499ea0)
2002-05-23This function is unused, and doesn't make any sense to me anyway.Andrew Bartlett1-17/+0
Wasn't this what got us some of the bugs with big-endien smbpasswd -j FOO -U ? Anyway, it deserves to die. Andrew Bartlett (This used to be commit 7201720048b31e48fb2600de8f7396088cc9b533)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-12-04Add 'net rpc join' to match the ADS equiv.Andrew Bartlett1-12/+5
This kills off the offending code in smbpasswd -j -Uab%c In the process we have changed from unsing compelatly random passwords to random, 15 char ascii strings. While this does produce a decrese in entropy, it is still vastly greater than we need, considering the application. In the meantime this allows us to actually *type* the machine account password duruign debugging. This code also adds a 'check' step to the join, confirming that the stored password does indeed do somthing of value :-) Andrew Bartlett (This used to be commit c0b7ee6ee547dc7ff798eaf8cb63fbe344073029)
2001-11-11Minor updates. A small dose of const.Andrew Bartlett1-1/+1
(This used to be commit 80667cb0dd1a2cdef17711c8580af9f524971cea)
2001-10-31This is a farily large patch (3300 lines) and reworks most of the AuthRewriteAndrew Bartlett1-8/+8
code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
2001-10-31More const.Andrew Bartlett1-2/+2
(This used to be commit ceba373aa30e09be948bd0980040cba204d12084)
2001-10-29This commit is number 4 of 4.Andrew Bartlett1-6/+6
In particular this commit focuses on: Actually adding the 'const' to the passdb interface, and the flow-on changes. Also kill off the 'disp_info' stuff, as its no longer used. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes introduces a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username --- This finishes this line of commits off, your tree should now compile again :-) Andrew Bartlett (This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-3/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-27Kill unused variablesAndrew Bartlett1-2/+0
(This used to be commit 758d923fa183b50acab9928e402f17bd25ba8f41)
2001-09-26Make use of the pdb_set_plaintext_passwd() update to vastly simplifyAndrew Bartlett1-49/+10
decode_pw_buffer() and the samr password changing routines. And yes, I know that we can lost some information in the Unicode->UTF->Unicode bit of this, but its worth the code cleanup. This also takes into account the possability of multibyte passwords. Andrew Bartlett (This used to be commit 42402c87d6bcff71b700e497b74d2600d7ce8b95)
2001-08-24get rid of compiler warningsHerb Lewis1-8/+8
(This used to be commit 0768991d04ea03e774ca8662c9cae5e1951b88e0)
2001-08-10A rewrite of the error handling in the libsmb client code. I've separatedTim Potter1-2/+1
out the error handling into a bunch of separate functions rather than all being handled in one big function. Fetch error codes from the last received packet: void cli_dos_error(struct cli_state *cli, uint8 *eclass, uint32 *num); uint32 cli_nt_error(struct cli_state *); Convert errors to UNIX errno values: int cli_errno_from_dos(uint8 eclass, uint32 num); int cli_errno_from_nt(uint32 status); int cli_errno(struct cli_state *cli); Detect different kinds of errors: BOOL cli_is_dos_error(struct cli_state *cli); BOOL cli_is_nt_error(struct cli_state *cli); BOOL cli_is_error(struct cli_state *cli); This also means we now support CAP_STATUS32 as we can decode and understand NT errors instead of just DOS errors. Yay! Ported a whole bunch of files in libsmb to use this new API instead of the just the DOS error. (This used to be commit 6dbdb0d813f3c7ab20b38baa1223b0b479aadec9)
2001-08-10Changed the order of arguments in make_oem_passwd_hash(). All the otherTim Potter1-1/+2
encryption functions have outputs as the last arguments. (This used to be commit fb60798a771a7a2358d78e5cef97487addf930e7)
2001-07-30Throw out crappy (non-ascii unaware) mbtows stuff and use proper unicodeJeremy Allison1-57/+6
push calls. If this breaks authentication then good, it needed fixing anyway :-). Jeremy. (This used to be commit e3580b4033c551e215cb246d4e36c4870cb4a582)
2001-07-07Add backend encryption support for NTLMv2.Andrew Bartlett1-1/+96
The leg-work for this was done by the folks at samba-tng.org, I'm just bringing it accross to HEAD. The MD5 implementation is seperatly derived, and does not have the copyright problems that the one in TNG has. Also add const to a few places where it makes sence. Andrew Bartlett (This used to be commit 8df8e841445dfe09fc7a06bb55d12adc3fecb345)
2001-07-04The big character set handling changeover!Andrew Tridgell1-30/+11
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)
2001-06-20Fixed W2K SP2 joining a Samba PDC hosted domain.Jeremy Allison1-1/+1
Jermey. (This used to be commit 05a2911403a0710d994a618e72743205a3b0b87a)
2001-06-15Merged encode_pw_buffer() and nt_owf_genW() functions from TNG branch.Tim Potter1-0/+49
(This used to be commit fb80cf2aa13883c6dac461f95bc1000c4881d724)
2001-04-22merging from 2.2 to headAndrew Tridgell1-17/+63
(This used to be commit bfcc6f88271025760732271f03933839b1cbe0de)
2000-10-13last part of W2K support.Jean-François Micouleau1-4/+5
the trust domain list reply on netlogon pipe was wrong, interim hack until we have full trust relationships. changed some unistr2 to parse the ending NULL char. added a prs_align_needed() function. much like a prs_align but with a condition. needed for the unistr2 parsing. J.F. (This used to be commit d8bf81553c17d9ee3419d8150b96119ebb0b8fa9)
2000-10-11changes to sync with 2.2. treeHerb Lewis1-1/+1
.cvsignore remove config.h - not in this directory include/profile.h profile changes lib/messages.c added message to return debug level libsmb/clierror.c cast to get rid of compiler warning libsmb/smbencrypt.c cast to get rid of compiler warning profile/profile.c add flush profile stats changes for profile struct rpc_parse/parse_samr.c fix for compiler warning rpc_server/srv_samr.c cast to get rid of compiler warning smbd/ipc.c profile stats message.c profile stats smbd/negprot.c profile stats smbd/nttrans.c profile stats smbd/trans2.c profile stats utils/smbcontrol.c new flush stats command (This used to be commit bbb24daa25dca4e4b6b1f8942cd84ee3aa1bed8e)
2000-10-07added samr_set_user_info and info_2.Jean-François Micouleau1-0/+44
cleanup of create_user cleanup of rid/sid mix in samr. now we only have sid. some prs_align() missing in parse_samr.c a small debug change in srv_pipe.c You still can't change a user's password in this commit. Will be availble in the next one. J.F. (This used to be commit b655bc281fa183b1827a946ada1fcf500fb93aea)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-415/+66
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-01sys_select added one more argument (read, write selectors).Luke Leighton1-52/+50
(This used to be commit e4d92ff9dfc51735e6932748f66a7c20b2c1cb6a)
1999-11-25previous commit added an abstraction function that didn't even haveLuke Leighton1-6/+3
struct cli_state, uint16 fnum into the code: rpc_hnd_api_req(). modified cli_lsarpc.c to use this. the rest is const issues. (This used to be commit c1ea396de21309c4cf19fd92f2573f5257c24588)
1999-11-21implement server-side generation of NTLMv2 session key. YESSS :-)Luke Leighton1-0/+28
(This used to be commit 1092b4f6fbdf3770c0dab756b982a562def1738e)
1999-11-21you know what? this sort of thing makes me laugh. hmm, what functionsLuke Leighton1-1/+1
have we got. and what data do we have. hmm.. i wonder what the NTLMv2 user session key can be... hmmm... weell.... there's some hidden data here, generated from the user password that doesn't go over-the-wire, so that's _got_ to be involved. and... that bit of data took a lot of computation to produce, so it's probably _also_ involved... and md4 no, md5? no, how about hmac_md5 yes let's try that one (the other's didn't work) oh goodie, it worked! i love it when this sort of thing happens. took all of fifteen minutes to guess it. tried concatenating client and server challenges. tried concatenating _random_ bits of client and server challenges. tried md5 of the above. tried hmac_md5 of the above. eventually, it boils down to this: kr = MD4(NT#,username,domainname) hmacntchal=hmac_md5(kr, nt server challenge) sess_key = hmac_md5(kr, hmacntchal); (This used to be commit ab174759cd210fe1be888d0c589a5b2669f7ff1e)
1999-11-19The First Necessary UNICODE String Support.Luke Leighton1-19/+67
the random workstation trust account password is TOTAL garbage. i mean, complete garbage. it's nowhere CLOSE to being a UNICODE string. therefore we can't just take every second character. created nt_owf_genW() which creates NT#(password) instead of NT#(Unicode(pw)). followed through to the password setting in srv_samr.c (This used to be commit 172601b84ae94044b27ded917d4e0e21e47a5a66)