search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
docs: define and include entities for the docs
[Samba.git] / libcli / auth / credentials.c
blobfb77ede197a3b9c27a6c7d0273832d1184f9caf1
1 /*
2 Unix SMB/CIFS implementation.
3
4 code to manipulate domain credentials
5
6 Copyright (C) Andrew Tridgell 1997-2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "system/time.h"
25 #include "../lib/crypto/crypto.h"
26 #include "libcli/auth/libcli_auth.h"
27 #include "../libcli/security/dom_sid.h"
28
29 static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds,
30 const struct netr_Credential *in,
31 struct netr_Credential *out)
32 {
33 if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
34 AES_KEY key;
35 uint8_t iv[AES_BLOCK_SIZE];
36
37 AES_set_encrypt_key(creds->session_key, 128, &key);
38 ZERO_STRUCT(iv);
39
40 aes_cfb8_encrypt(in->data, out->data, 8, &key, iv, AES_ENCRYPT);
41 } else {
42 des_crypt112(out->data, in->data, creds->session_key, 1);
43 }
44 }
45
46 /*
47 initialise the credentials state for old-style 64 bit session keys
48
49 this call is made after the netr_ServerReqChallenge call
50 */
51 static void netlogon_creds_init_64bit(struct netlogon_creds_CredentialState *creds,
52 const struct netr_Credential *client_challenge,
53 const struct netr_Credential *server_challenge,
54 const struct samr_Password *machine_password)
55 {
56 uint32_t sum[2];
57 uint8_t sum2[8];
58
59 sum[0] = IVAL(client_challenge->data, 0) + IVAL(server_challenge->data, 0);
60 sum[1] = IVAL(client_challenge->data, 4) + IVAL(server_challenge->data, 4);
61
62 SIVAL(sum2,0,sum[0]);
63 SIVAL(sum2,4,sum[1]);
64
65 ZERO_STRUCT(creds->session_key);
66
67 des_crypt128(creds->session_key, sum2, machine_password->hash);
68 }
69
70 /*
71 initialise the credentials state for ADS-style 128 bit session keys
72
73 this call is made after the netr_ServerReqChallenge call
74 */
75 static void netlogon_creds_init_128bit(struct netlogon_creds_CredentialState *creds,
76 const struct netr_Credential *client_challenge,
77 const struct netr_Credential *server_challenge,
78 const struct samr_Password *machine_password)
79 {
80 unsigned char zero[4], tmp[16];
81 HMACMD5Context ctx;
82 MD5_CTX md5;
83
84 ZERO_STRUCT(creds->session_key);
85
86 memset(zero, 0, sizeof(zero));
87
88 hmac_md5_init_rfc2104(machine_password->hash, sizeof(machine_password->hash), &ctx);
89 MD5Init(&md5);
90 MD5Update(&md5, zero, sizeof(zero));
91 MD5Update(&md5, client_challenge->data, 8);
92 MD5Update(&md5, server_challenge->data, 8);
93 MD5Final(tmp, &md5);
94 hmac_md5_update(tmp, sizeof(tmp), &ctx);
95 hmac_md5_final(creds->session_key, &ctx);
96 }
97
98 /*
99 initialise the credentials state for AES/HMAC-SHA256-style 128 bit session keys
100
101 this call is made after the netr_ServerReqChallenge call
102 */
103 static void netlogon_creds_init_hmac_sha256(struct netlogon_creds_CredentialState *creds,
104 const struct netr_Credential *client_challenge,
105 const struct netr_Credential *server_challenge,
106 const struct samr_Password *machine_password)
107 {
108 struct HMACSHA256Context ctx;
109 uint8_t digest[SHA256_DIGEST_LENGTH];
110
111 ZERO_STRUCT(creds->session_key);
112
113 hmac_sha256_init(machine_password->hash,
114 sizeof(machine_password->hash),
115 &ctx);
116 hmac_sha256_update(client_challenge->data, 8, &ctx);
117 hmac_sha256_update(server_challenge->data, 8, &ctx);
118 hmac_sha256_final(digest, &ctx);
119
120 memcpy(creds->session_key, digest, sizeof(creds->session_key));
121
122 ZERO_STRUCT(digest);
123 ZERO_STRUCT(ctx);
124 }
125
126 static void netlogon_creds_first_step(struct netlogon_creds_CredentialState *creds,
127 const struct netr_Credential *client_challenge,
128 const struct netr_Credential *server_challenge)
129 {
130 netlogon_creds_step_crypt(creds, client_challenge, &creds->client);
131
132 netlogon_creds_step_crypt(creds, server_challenge, &creds->server);
133
134 creds->seed = creds->client;
135 }
136
137 /*
138 step the credentials to the next element in the chain, updating the
139 current client and server credentials and the seed
140 */
141 static void netlogon_creds_step(struct netlogon_creds_CredentialState *creds)
142 {
143 struct netr_Credential time_cred;
144
145 DEBUG(5,("\tseed %08x:%08x\n",
146 IVAL(creds->seed.data, 0), IVAL(creds->seed.data, 4)));
147
148 SIVAL(time_cred.data, 0, IVAL(creds->seed.data, 0) + creds->sequence);
149 SIVAL(time_cred.data, 4, IVAL(creds->seed.data, 4));
150
151 DEBUG(5,("\tseed+time %08x:%08x\n", IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
152
153 netlogon_creds_step_crypt(creds, &time_cred, &creds->client);
154
155 DEBUG(5,("\tCLIENT %08x:%08x\n",
156 IVAL(creds->client.data, 0), IVAL(creds->client.data, 4)));
157
158 SIVAL(time_cred.data, 0, IVAL(creds->seed.data, 0) + creds->sequence + 1);
159 SIVAL(time_cred.data, 4, IVAL(creds->seed.data, 4));
160
161 DEBUG(5,("\tseed+time+1 %08x:%08x\n",
162 IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
163
164 netlogon_creds_step_crypt(creds, &time_cred, &creds->server);
165
166 DEBUG(5,("\tSERVER %08x:%08x\n",
167 IVAL(creds->server.data, 0), IVAL(creds->server.data, 4)));
168
169 creds->seed = time_cred;
170 }
171
172
173 /*
174 DES encrypt a 8 byte LMSessionKey buffer using the Netlogon session key
175 */
176 void netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key)
177 {
178 struct netr_LMSessionKey tmp;
179 des_crypt56(tmp.key, key->key, creds->session_key, 1);
180 *key = tmp;
181 }
182
183 /*
184 DES decrypt a 8 byte LMSessionKey buffer using the Netlogon session key
185 */
186 void netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key)
187 {
188 struct netr_LMSessionKey tmp;
189 des_crypt56(tmp.key, key->key, creds->session_key, 0);
190 *key = tmp;
191 }
192
193 /*
194 DES encrypt a 16 byte password buffer using the session key
195 */
196 void netlogon_creds_des_encrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass)
197 {
198 struct samr_Password tmp;
199 des_crypt112_16(tmp.hash, pass->hash, creds->session_key, 1);
200 *pass = tmp;
201 }
202
203 /*
204 DES decrypt a 16 byte password buffer using the session key
205 */
206 void netlogon_creds_des_decrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass)
207 {
208 struct samr_Password tmp;
209 des_crypt112_16(tmp.hash, pass->hash, creds->session_key, 0);
210 *pass = tmp;
211 }
212
213 /*
214 ARCFOUR encrypt/decrypt a password buffer using the session key
215 */
216 void netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
217 {
218 DATA_BLOB session_key = data_blob(creds->session_key, 16);
219
220 arcfour_crypt_blob(data, len, &session_key);
221
222 data_blob_free(&session_key);
223 }
224
225 /*
226 AES encrypt a password buffer using the session key
227 */
228 void netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
229 {
230 AES_KEY key;
231 uint8_t iv[AES_BLOCK_SIZE];
232
233 AES_set_encrypt_key(creds->session_key, 128, &key);
234 ZERO_STRUCT(iv);
235
236 aes_cfb8_encrypt(data, data, len, &key, iv, AES_ENCRYPT);
237 }
238
239 /*
240 AES decrypt a password buffer using the session key
241 */
242 void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
243 {
244 AES_KEY key;
245 uint8_t iv[AES_BLOCK_SIZE];
246
247 AES_set_encrypt_key(creds->session_key, 128, &key);
248 ZERO_STRUCT(iv);
249
250 aes_cfb8_encrypt(data, data, len, &key, iv, AES_DECRYPT);
251 }
252
253 /*****************************************************************
254 The above functions are common to the client and server interface
255 next comes the client specific functions
256 ******************************************************************/
257
258 /*
259 initialise the credentials chain and return the first client
260 credentials
261 */
262
263 struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *mem_ctx,
264 const char *client_account,
265 const char *client_computer_name,
266 uint16_t secure_channel_type,
267 const struct netr_Credential *client_challenge,
268 const struct netr_Credential *server_challenge,
269 const struct samr_Password *machine_password,
270 struct netr_Credential *initial_credential,
271 uint32_t negotiate_flags)
272 {
273 struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
274
275 if (!creds) {
276 return NULL;
277 }
278
279 creds->sequence = time(NULL);
280 creds->negotiate_flags = negotiate_flags;
281 creds->secure_channel_type = secure_channel_type;
282
283 creds->computer_name = talloc_strdup(creds, client_computer_name);
284 if (!creds->computer_name) {
285 talloc_free(creds);
286 return NULL;
287 }
288 creds->account_name = talloc_strdup(creds, client_account);
289 if (!creds->account_name) {
290 talloc_free(creds);
291 return NULL;
292 }
293
294 dump_data_pw("Client chall", client_challenge->data, sizeof(client_challenge->data));
295 dump_data_pw("Server chall", server_challenge->data, sizeof(server_challenge->data));
296 dump_data_pw("Machine Pass", machine_password->hash, sizeof(machine_password->hash));
297
298 if (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
299 netlogon_creds_init_hmac_sha256(creds,
300 client_challenge,
301 server_challenge,
302 machine_password);
303 } else if (negotiate_flags & NETLOGON_NEG_STRONG_KEYS) {
304 netlogon_creds_init_128bit(creds, client_challenge, server_challenge, machine_password);
305 } else {
306 netlogon_creds_init_64bit(creds, client_challenge, server_challenge, machine_password);
307 }
308
309 netlogon_creds_first_step(creds, client_challenge, server_challenge);
310
311 dump_data_pw("Session key", creds->session_key, 16);
312 dump_data_pw("Credential ", creds->client.data, 8);
313
314 *initial_credential = creds->client;
315 return creds;
316 }
317
318 /*
319 initialise the credentials structure with only a session key. The caller better know what they are doing!
320 */
321
322 struct netlogon_creds_CredentialState *netlogon_creds_client_init_session_key(TALLOC_CTX *mem_ctx,
323 const uint8_t session_key[16])
324 {
325 struct netlogon_creds_CredentialState *creds;
326
327 creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
328 if (!creds) {
329 return NULL;
330 }
331
332 memcpy(creds->session_key, session_key, 16);
333
334 return creds;
335 }
336
337 /*
338 step the credentials to the next element in the chain, updating the
339 current client and server credentials and the seed
340
341 produce the next authenticator in the sequence ready to send to
342 the server
343 */
344 void netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds,
345 struct netr_Authenticator *next)
346 {
347 creds->sequence += 2;
348 netlogon_creds_step(creds);
349
350 next->cred = creds->client;
351 next->timestamp = creds->sequence;
352 }
353
354 /*
355 check that a credentials reply from a server is correct
356 */
357 bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
358 const struct netr_Credential *received_credentials)
359 {
360 if (!received_credentials ||
361 memcmp(received_credentials->data, creds->server.data, 8) != 0) {
362 DEBUG(2,("credentials check failed\n"));
363 return false;
364 }
365 return true;
366 }
367
368
369 /*****************************************************************
370 The above functions are common to the client and server interface
371 next comes the server specific functions
372 ******************************************************************/
373
374 /*
375 check that a credentials reply from a server is correct
376 */
377 static bool netlogon_creds_server_check_internal(const struct netlogon_creds_CredentialState *creds,
378 const struct netr_Credential *received_credentials)
379 {
380 if (memcmp(received_credentials->data, creds->client.data, 8) != 0) {
381 DEBUG(2,("credentials check failed\n"));
382 dump_data_pw("client creds", creds->client.data, 8);
383 dump_data_pw("calc creds", received_credentials->data, 8);
384 return false;
385 }
386 return true;
387 }
388
389 /*
390 initialise the credentials chain and return the first server
391 credentials
392 */
393 struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *mem_ctx,
394 const char *client_account,
395 const char *client_computer_name,
396 uint16_t secure_channel_type,
397 const struct netr_Credential *client_challenge,
398 const struct netr_Credential *server_challenge,
399 const struct samr_Password *machine_password,
400 struct netr_Credential *credentials_in,
401 struct netr_Credential *credentials_out,
402 uint32_t negotiate_flags)
403 {
404
405 struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
406
407 if (!creds) {
408 return NULL;
409 }
410
411 creds->negotiate_flags = negotiate_flags;
412 creds->secure_channel_type = secure_channel_type;
413
414 dump_data_pw("Client chall", client_challenge->data, sizeof(client_challenge->data));
415 dump_data_pw("Server chall", server_challenge->data, sizeof(server_challenge->data));
416 dump_data_pw("Machine Pass", machine_password->hash, sizeof(machine_password->hash));
417
418 creds->computer_name = talloc_strdup(creds, client_computer_name);
419 if (!creds->computer_name) {
420 talloc_free(creds);
421 return NULL;
422 }
423 creds->account_name = talloc_strdup(creds, client_account);
424 if (!creds->account_name) {
425 talloc_free(creds);
426 return NULL;
427 }
428
429 if (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
430 netlogon_creds_init_hmac_sha256(creds,
431 client_challenge,
432 server_challenge,
433 machine_password);
434 } else if (negotiate_flags & NETLOGON_NEG_STRONG_KEYS) {
435 netlogon_creds_init_128bit(creds, client_challenge, server_challenge,
436 machine_password);
437 } else {
438 netlogon_creds_init_64bit(creds, client_challenge, server_challenge,
439 machine_password);
440 }
441
442 netlogon_creds_first_step(creds, client_challenge, server_challenge);
443
444 dump_data_pw("Session key", creds->session_key, 16);
445 dump_data_pw("Client Credential ", creds->client.data, 8);
446 dump_data_pw("Server Credential ", creds->server.data, 8);
447
448 dump_data_pw("Credentials in", credentials_in->data, sizeof(credentials_in->data));
449
450 /* And before we leak information about the machine account
451 * password, check that they got the first go right */
452 if (!netlogon_creds_server_check_internal(creds, credentials_in)) {
453 talloc_free(creds);
454 return NULL;
455 }
456
457 *credentials_out = creds->server;
458
459 dump_data_pw("Credentials out", credentials_out->data, sizeof(credentials_out->data));
460
461 return creds;
462 }
463
464 NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds,
465 struct netr_Authenticator *received_authenticator,
466 struct netr_Authenticator *return_authenticator)
467 {
468 if (!received_authenticator || !return_authenticator) {
469 return NT_STATUS_INVALID_PARAMETER;
470 }
471
472 if (!creds) {
473 return NT_STATUS_ACCESS_DENIED;
474 }
475
476 /* TODO: this may allow the a replay attack on a non-signed
477 connection. Should we check that this is increasing? */
478 creds->sequence = received_authenticator->timestamp;
479 netlogon_creds_step(creds);
480 if (netlogon_creds_server_check_internal(creds, &received_authenticator->cred)) {
481 return_authenticator->cred = creds->server;
482 return_authenticator->timestamp = creds->sequence;
483 return NT_STATUS_OK;
484 } else {
485 ZERO_STRUCTP(return_authenticator);
486 return NT_STATUS_ACCESS_DENIED;
487 }
488 }
489
490 static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
491 uint16_t validation_level,
492 union netr_Validation *validation,
493 bool encrypt)
494 {
495 static const char zeros[16];
496
497 struct netr_SamBaseInfo *base = NULL;
498 switch (validation_level) {
499 case 2:
500 if (validation->sam2) {
501 base = &validation->sam2->base;
502 }
503 break;
504 case 3:
505 if (validation->sam3) {
506 base = &validation->sam3->base;
507 }
508 break;
509 case 6:
510 if (validation->sam6) {
511 base = &validation->sam6->base;
512 }
513 break;
514 default:
515 /* If we can't find it, we can't very well decrypt it */
516 return;
517 }
518
519 if (!base) {
520 return;
521 }
522
523 /* find and decyrpt the session keys, return in parameters above */
524 if (validation_level == 6) {
525 /* they aren't encrypted! */
526 } else if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
527 /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
528 if (memcmp(base->key.key, zeros,
529 sizeof(base->key.key)) != 0) {
530 if (encrypt) {
531 netlogon_creds_aes_encrypt(creds,
532 base->key.key,
533 sizeof(base->key.key));
534 } else {
535 netlogon_creds_aes_decrypt(creds,
536 base->key.key,
537 sizeof(base->key.key));
538 }
539 }
540
541 if (memcmp(base->LMSessKey.key, zeros,
542 sizeof(base->LMSessKey.key)) != 0) {
543 if (encrypt) {
544 netlogon_creds_aes_encrypt(creds,
545 base->LMSessKey.key,
546 sizeof(base->LMSessKey.key));
547
548 } else {
549 netlogon_creds_aes_decrypt(creds,
550 base->LMSessKey.key,
551 sizeof(base->LMSessKey.key));
552 }
553 }
554 } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
555 /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
556 if (memcmp(base->key.key, zeros,
557 sizeof(base->key.key)) != 0) {
558 netlogon_creds_arcfour_crypt(creds,
559 base->key.key,
560 sizeof(base->key.key));
561 }
562
563 if (memcmp(base->LMSessKey.key, zeros,
564 sizeof(base->LMSessKey.key)) != 0) {
565 netlogon_creds_arcfour_crypt(creds,
566 base->LMSessKey.key,
567 sizeof(base->LMSessKey.key));
568 }
569 } else {
570 /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
571 if (memcmp(base->LMSessKey.key, zeros,
572 sizeof(base->LMSessKey.key)) != 0) {
573 if (encrypt) {
574 netlogon_creds_des_encrypt_LMKey(creds,
575 &base->LMSessKey);
576 } else {
577 netlogon_creds_des_decrypt_LMKey(creds,
578 &base->LMSessKey);
579 }
580 }
581 }
582 }
583
584 void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
585 uint16_t validation_level,
586 union netr_Validation *validation)
587 {
588 netlogon_creds_crypt_samlogon_validation(creds, validation_level,
589 validation, false);
590 }
591
592 void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
593 uint16_t validation_level,
594 union netr_Validation *validation)
595 {
596 netlogon_creds_crypt_samlogon_validation(creds, validation_level,
597 validation, true);
598 }
599
600 /*
601 copy a netlogon_creds_CredentialState struct
602 */
603
604 struct netlogon_creds_CredentialState *netlogon_creds_copy(TALLOC_CTX *mem_ctx,
605 struct netlogon_creds_CredentialState *creds_in)
606 {
607 struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
608
609 if (!creds) {
610 return NULL;
611 }
612
613 creds->sequence = creds_in->sequence;
614 creds->negotiate_flags = creds_in->negotiate_flags;
615 creds->secure_channel_type = creds_in->secure_channel_type;
616
617 creds->computer_name = talloc_strdup(creds, creds_in->computer_name);
618 if (!creds->computer_name) {
619 talloc_free(creds);
620 return NULL;
621 }
622 creds->account_name = talloc_strdup(creds, creds_in->account_name);
623 if (!creds->account_name) {
624 talloc_free(creds);
625 return NULL;
626 }
627
628 if (creds_in->sid) {
629 creds->sid = dom_sid_dup(creds, creds_in->sid);
630 if (!creds->sid) {
631 talloc_free(creds);
632 return NULL;
633 }
634 }
635
636 memcpy(creds->session_key, creds_in->session_key, sizeof(creds->session_key));
637 memcpy(creds->seed.data, creds_in->seed.data, sizeof(creds->seed.data));
638 memcpy(creds->client.data, creds_in->client.data, sizeof(creds->client.data));
639 memcpy(creds->server.data, creds_in->server.data, sizeof(creds->server.data));
640
641 return creds;
642 }
Samba GIT mirror