From efb71742ca8ff9ec3211c5b3cf5d311fdceecd1c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 20 Apr 1998 22:43:54 +0000 Subject: Makefile: Added genrand.o clientgen.c: Changed to fill change password buffer with random stuff. password.c: Changed to get challenge from genrand.c server.c: Added #ifdef around O_SYNC. version.h: Changed to 1.9.19prealpha. genrand.c: New code to generate (hopefully) good random numbers for use in crypto challenges/session keys etc. PLEASE REVIEW THIS CODE AND SUGGEST IMPROVEMENTS !!!!!! Jeremy. (This used to be commit 608e98546392fd0aac9b33f4feac43615dbb4405) --- source3/include/proto.h | 4 ++ source3/include/version.h | 2 +- source3/lib/genrand.c | 137 +++++++++++++++++++++++++++++++++++++++++++++ source3/libsmb/clientgen.c | 7 ++- source3/smbd/password.c | 10 ++++ source3/smbd/server.c | 2 + 6 files changed, 160 insertions(+), 2 deletions(-) create mode 100644 source3/lib/genrand.c (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 539ddc2ae5..e57f7924ee 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -187,6 +187,10 @@ void DirCacheFlush( int snum ); void fault_setup(void (*fn)(void *)); +/*The following definitions come from genrand.c */ + +void generate_random_buffer( unsigned char *out, int len, BOOL re_seed); + /*The following definitions come from getsmbpass.c */ char *getsmbpass(char *prompt) ; diff --git a/source3/include/version.h b/source3/include/version.h index 758b32209e..146d0b7753 100644 --- a/source3/include/version.h +++ b/source3/include/version.h @@ -1 +1 @@ -#define VERSION "1.9.18-HEAD" +#define VERSION "1.9.19-prealpha" diff --git a/source3/lib/genrand.c b/source3/lib/genrand.c new file mode 100644 index 0000000000..b26269f091 --- /dev/null +++ b/source3/lib/genrand.c @@ -0,0 +1,137 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + + Functions to create reasonable random numbers for crypto use. + + Copyright (C) Jeremy Allison 1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +extern int DEBUGLEVEL; + +/************************************************************** + Try and get a good random number seed. Try a number of + different factors. Firstly, try /dev/random and try and + read from this. If this fails iterate through /tmp and + XOR all the file timestamps. If this fails then just use + a combination of pid and time of day (yes I know this + sucks :-). Finally md4 the result. +**************************************************************/ + +static uint32 do_reseed(void) +{ + static int counter = 0; + unsigned char md4_outbuf[16]; + unsigned char md4_inbuf[40]; + BOOL got_random = False; + uint32 v1, v2, ret; + int fd; + struct timeval tval; + + memset(md4_inbuf, '\0', sizeof(md4_inbuf)); + + fd = open( "/dev/random", O_RDONLY); + if(fd >= 0) { + /* + * We can use /dev/random ! + */ + if(read(fd, md4_inbuf, 40) == 40) { + got_random = True; + DEBUG(10,("do_reseed: got 40 bytes from /dev/random.\n")); + } + close(fd); + } + + if(!got_random) { + /* + * /dev/random failed - try /tmp/ for timestamps. + */ + void *dp = sys_opendir("/tmp"); + + if(dp != NULL) { + char *p; + + while ((p = readdirname(dp))) { + struct stat st; + if(sys_stat(p,&st) != 0) + SIVAL(md4_inbuf, ((counter%sizeof(md4_inbuf))/4), + IVAL(md4_inbuf,((counter%sizeof(md4_inbuf))/4)) ^ st.st_atime); + counter++; + DEBUG(10,("do_reseed: value from file %s.\n", p)); + } + } + closedir(dp); + } + + /* + * Finally add the counter, time of day, and pid. + */ + GetTimeOfDay(&tval); + v1 = (counter++) + getpid() + tval.tv_sec; + v2 = (counter++) * getpid() + tval.tv_usec; + + SIVAL(md4_inbuf, 32, v1 ^ IVAL(md4_inbuf, 32)); + SIVAL(md4_inbuf, 36, v1 ^ IVAL(md4_inbuf, 36)); + + mdfour(md4_outbuf, md4_inbuf, sizeof(md4_inbuf)); + + /* XOR everything togther in blocks of 4 bytes. */ + ret = IVAL(md4_outbuf,0); + ret ^= IVAL(md4_outbuf,4); + ret ^= IVAL(md4_outbuf,8); + ret ^= IVAL(md4_outbuf,12); + + DEBUG(10,("do_reseed: returning seed %lu\n", ret)); + + return ret; +} + +/******************************************************************* + Interface to the (hopefully) good crypto random number generator. +********************************************************************/ + +void generate_random_buffer( unsigned char *out, int len, BOOL re_seed) +{ + static BOOL done_reseed = False; + unsigned char tmp_buf[64]; + unsigned char md4_buf[16]; + unsigned char *p; + + if(!done_reseed || re_seed) { + srandom(do_reseed()); + done_reseed = True; + } + + /* + * Generate random numbers in chunks of 64 bytes, + * then md4 them & copy to the output buffer. + */ + + p = out; + while(len > 0) { + int i; + int copy_len = len > 16 ? 16 : len; + for( i = 0; i < 16; i++) + SIVAL(tmp_buf, i*4, random()); + mdfour(md4_buf, tmp_buf, sizeof(tmp_buf)); + memcpy(p, md4_buf, copy_len); + p += copy_len; + len -= copy_len; + } +} diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index bffce26294..1f2f746576 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -766,9 +766,11 @@ int cli_open(struct cli_state *cli, char *fname, int flags, int share_mode) accessmode |= 1; } +#if defined(O_SYNC) if ((flags & O_SYNC) == O_SYNC) { accessmode |= (1<<14); } +#endif /* O_SYNC */ bzero(cli->outbuf,smb_size); bzero(cli->inbuf,smb_size); @@ -1300,8 +1302,11 @@ BOOL cli_oem_change_password(struct cli_state *cli, char *user, char *new_passwo /* * Now setup the data area. + * We need to generate a random fill + * for this area to make it harder to + * decrypt. JRA. */ - memset(data, '\0', sizeof(data)); + generate_random_buffer(data, sizeof(data), False); fstrcpy( &data[512 - new_pw_len], new_password); SIVAL(data, 512, new_pw_len); diff --git a/source3/smbd/password.c b/source3/smbd/password.c index bbd9f8b849..fe3ac5c765 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -45,6 +45,12 @@ Get the next challenge value - no repeats. ********************************************************************/ void generate_next_challenge(char *challenge) { +#if 0 + /* + * Leave this ifdef'd out while we test + * the new crypto random number generator. + * JRA. + */ unsigned char buf[16]; static int counter = 0; struct timeval tval; @@ -59,7 +65,11 @@ void generate_next_challenge(char *challenge) /* mash it up with md4 */ mdfour(buf, (unsigned char *)challenge, 8); +#else + unsigned char buf[8]; + generate_random_buffer(buf,8,False); +#endif memcpy(saved_challenge, buf, 8); memcpy(challenge,buf,8); challenge_sent = True; diff --git a/source3/smbd/server.c b/source3/smbd/server.c index c4db553659..4a3edeb871 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1837,9 +1837,11 @@ void open_file_shared(int fnum,int cnum,char *fname,int share_mode,int ofun, break; } +#if defined(O_SYNC) if (share_mode&(1<<14)) { flags2 |= O_SYNC; } +#endif /* O_SYNC */ if (flags != O_RDONLY && file_existed && (!CAN_WRITE(cnum) || IS_DOS_READONLY(dos_mode(cnum,fname,&sbuf)))) -- cgit