2 Unix SMB/CIFS implementation.
3 SMB parameters and setup
4 Copyright (C) Andrew Tridgell 1992-1998
5 Modified by Jeremy Allison 1995.
6 Copyright (C) Jeremy Allison 1995-2000.
7 Copyright (C) Luke Kennethc Casson Leighton 1996-2000.
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "system/time.h"
26 #include "../libcli/auth/msrpc_parse.h"
27 #include "../lib/crypto/crypto.h"
28 #include "../libcli/auth/libcli_auth.h"
29 #include "../librpc/gen_ndr/ndr_ntlmssp.h"
30 #include "lib/util/bytearray.h"
32 #include "lib/crypto/gnutls_helpers.h"
33 #include <gnutls/gnutls.h>
34 #include <gnutls/crypto.h>
36 int SMBencrypt_hash(const uint8_t lm_hash
[16], const uint8_t *c8
, uint8_t p24
[24])
42 memcpy(p21
, lm_hash
, 16);
44 rc
= SMBOWFencrypt(p21
, c8
, p24
);
47 DEBUG(100,("SMBencrypt_hash: lm#, challenge, response\n"));
48 dump_data(100, p21
, 16);
49 dump_data(100, c8
, 8);
50 dump_data(100, p24
, 24);
57 This implements the X/Open SMB password encryption
58 It takes a password ('unix' string), a 8 byte "crypt key"
59 and puts 24 bytes of encrypted password into p24
61 Returns False if password must have been truncated to create LM hash
64 bool SMBencrypt(const char *passwd
, const uint8_t *c8
, uint8_t p24
[24])
70 ret
= E_deshash(passwd
, lm_hash
);
71 rc
= SMBencrypt_hash(lm_hash
, c8
, p24
);
79 * Creates the MD4 Hash of the users password in NT UNICODE.
80 * @param passwd password in 'unix' charset.
81 * @param p16 return password hashed with md4, caller allocated 16 byte buffer
84 bool E_md4hash(const char *passwd
, uint8_t p16
[16])
90 ret
= push_ucs2_talloc(NULL
, &wpwd
, passwd
, &len
);
91 if (!ret
|| len
< 2) {
92 /* We don't want to return fixed data, as most callers
94 mdfour(p16
, (const uint8_t *)passwd
, strlen(passwd
));
99 mdfour(p16
, (const uint8_t *)wpwd
, len
);
106 * Creates the DES forward-only Hash of the users password in DOS ASCII charset
107 * @param passwd password in 'unix' charset.
108 * @param p16 return password hashed with DES, caller allocated 16 byte buffer
109 * @return false if password was > 14 characters, and therefore may be incorrect, otherwise true
110 * @note p16 is filled in regardless
113 bool E_deshash(const char *passwd
, uint8_t p16
[16])
118 TALLOC_CTX
*frame
= talloc_stackframe();
120 size_t converted_size
;
126 tmpbuf
= strupper_talloc(frame
, passwd
);
127 if (tmpbuf
== NULL
) {
128 /* Too many callers don't check this result, we need to fill in the buffer with something */
129 strlcpy((char *)dospwd
, passwd
? passwd
: "", sizeof(dospwd
));
137 ret
= convert_string_error(CH_UNIX
, CH_DOS
, tmpbuf
, strlen(tmpbuf
), dospwd
, sizeof(dospwd
), &converted_size
);
140 /* Only the first 14 chars are considered, password need not
141 * be null terminated. We do this in the error and success
142 * case to avoid returning a fixed 'password' buffer, but
143 * callers should not use it when E_deshash returns false */
145 rc
= E_P16((const uint8_t *)dospwd
, p16
);
156 * Creates the MD4 and DES (LM) Hash of the users password.
157 * MD4 is of the NT Unicode, DES is of the DOS UPPERCASE password.
158 * @param passwd password in 'unix' charset.
159 * @param nt_p16 return password hashed with md4, caller allocated 16 byte buffer
160 * @param p16 return password hashed with des, caller allocated 16 byte buffer
163 /* Does both the NT and LM owfs of a user's password */
164 void nt_lm_owf_gen(const char *pwd
, uint8_t nt_p16
[16], uint8_t p16
[16])
166 /* Calculate the MD4 hash (NT compatible) of the password */
167 memset(nt_p16
, '\0', 16);
168 E_md4hash(pwd
, nt_p16
);
170 #ifdef DEBUG_PASSWORD
171 DEBUG(100,("nt_lm_owf_gen: pwd, nt#\n"));
172 dump_data(120, (const uint8_t *)pwd
, strlen(pwd
));
173 dump_data(100, nt_p16
, 16);
176 E_deshash(pwd
, (uint8_t *)p16
);
178 #ifdef DEBUG_PASSWORD
179 DEBUG(100,("nt_lm_owf_gen: pwd, lm#\n"));
180 dump_data(120, (const uint8_t *)pwd
, strlen(pwd
));
181 dump_data(100, p16
, 16);
185 /* Does both the NTLMv2 owfs of a user's password */
186 bool ntv2_owf_gen(const uint8_t owf
[16],
187 const char *user_in
, const char *domain_in
,
192 size_t user_byte_len
;
193 size_t domain_byte_len
;
194 gnutls_hmac_hd_t hmac_hnd
= NULL
;
197 TALLOC_CTX
*mem_ctx
= talloc_init("ntv2_owf_gen for %s\\%s", domain_in
, user_in
);
211 user_in
= strupper_talloc(mem_ctx
, user_in
);
212 if (user_in
== NULL
) {
213 talloc_free(mem_ctx
);
217 ok
= push_ucs2_talloc(mem_ctx
, &user
, user_in
, &user_byte_len
);
219 DEBUG(0, ("push_uss2_talloc() for user failed)\n"));
220 talloc_free(mem_ctx
);
224 ok
= push_ucs2_talloc(mem_ctx
, &domain
, domain_in
, &domain_byte_len
);
226 DEBUG(0, ("push_ucs2_talloc() for domain failed\n"));
227 talloc_free(mem_ctx
);
231 SMB_ASSERT(user_byte_len
>= 2);
232 SMB_ASSERT(domain_byte_len
>= 2);
234 /* We don't want null termination */
235 user_byte_len
= user_byte_len
- 2;
236 domain_byte_len
= domain_byte_len
- 2;
238 rc
= gnutls_hmac_init(&hmac_hnd
,
247 rc
= gnutls_hmac(hmac_hnd
, user
, user_byte_len
);
249 gnutls_hmac_deinit(hmac_hnd
, NULL
);
253 rc
= gnutls_hmac(hmac_hnd
, domain
, domain_byte_len
);
255 gnutls_hmac_deinit(hmac_hnd
, NULL
);
260 gnutls_hmac_deinit(hmac_hnd
, kr_buf
);
262 #ifdef DEBUG_PASSWORD
263 DEBUG(100, ("ntv2_owf_gen: user, domain, owfkey, kr\n"));
264 dump_data(100, (uint8_t *)user
, user_byte_len
);
265 dump_data(100, (uint8_t *)domain
, domain_byte_len
);
266 dump_data(100, owf
, 16);
267 dump_data(100, kr_buf
, 16);
272 talloc_free(mem_ctx
);
276 /* Does the des encryption from the NT or LM MD4 hash. */
277 int SMBOWFencrypt(const uint8_t passwd
[16], const uint8_t *c8
, uint8_t p24
[24])
283 memcpy(p21
, passwd
, 16);
284 return E_P24(p21
, c8
, p24
);
287 /* Does the des encryption. */
289 int SMBNTencrypt_hash(const uint8_t nt_hash
[16], const uint8_t *c8
, uint8_t *p24
)
295 memcpy(p21
, nt_hash
, 16);
296 rc
= SMBOWFencrypt(p21
, c8
, p24
);
298 #ifdef DEBUG_PASSWORD
299 DEBUG(100,("SMBNTencrypt: nt#, challenge, response\n"));
300 dump_data(100, p21
, 16);
301 dump_data(100, c8
, 8);
302 dump_data(100, p24
, 24);
308 /* Does the NT MD4 hash then des encryption. Plaintext version of the above. */
310 int SMBNTencrypt(const char *passwd
, const uint8_t *c8
, uint8_t *p24
)
313 E_md4hash(passwd
, nt_hash
);
314 return SMBNTencrypt_hash(nt_hash
, c8
, p24
);
318 /* Does the md5 encryption from the Key Response for NTLMv2. */
319 NTSTATUS
SMBOWFencrypt_ntv2(const uint8_t kr
[16],
320 const DATA_BLOB
*srv_chal
,
321 const DATA_BLOB
*smbcli_chal
,
322 uint8_t resp_buf
[16])
324 gnutls_hmac_hd_t hmac_hnd
= NULL
;
328 rc
= gnutls_hmac_init(&hmac_hnd
,
333 return gnutls_error_to_ntstatus(rc
, NT_STATUS_HMAC_NOT_SUPPORTED
);
336 rc
= gnutls_hmac(hmac_hnd
, srv_chal
->data
, srv_chal
->length
);
338 status
= gnutls_error_to_ntstatus(rc
, NT_STATUS_HMAC_NOT_SUPPORTED
);
341 rc
= gnutls_hmac(hmac_hnd
, smbcli_chal
->data
, smbcli_chal
->length
);
343 status
= gnutls_error_to_ntstatus(rc
, NT_STATUS_HMAC_NOT_SUPPORTED
);
347 #ifdef DEBUG_PASSWORD
348 DEBUG(100, ("SMBOWFencrypt_ntv2: srv_chal, smbcli_chal, resp_buf\n"));
349 dump_data(100, srv_chal
->data
, srv_chal
->length
);
350 dump_data(100, smbcli_chal
->data
, smbcli_chal
->length
);
351 dump_data(100, resp_buf
, 16);
354 status
= NT_STATUS_OK
;
356 gnutls_hmac_deinit(hmac_hnd
, resp_buf
);
360 NTSTATUS
SMBsesskeygen_ntv2(const uint8_t kr
[16],
361 const uint8_t *nt_resp
,
362 uint8_t sess_key
[16])
366 /* a very nice, 128 bit, variable session key */
367 rc
= gnutls_hmac_fast(GNUTLS_MAC_MD5
,
374 return gnutls_error_to_ntstatus(rc
, NT_STATUS_HASH_NOT_SUPPORTED
);
377 #ifdef DEBUG_PASSWORD
378 DEBUG(100, ("SMBsesskeygen_ntv2:\n"));
379 dump_data(100, sess_key
, 16);
385 void SMBsesskeygen_ntv1(const uint8_t kr
[16], uint8_t sess_key
[16])
387 /* yes, this session key does not change - yes, this
388 is a problem - but it is 128 bits */
390 mdfour((uint8_t *)sess_key
, kr
, 16);
392 #ifdef DEBUG_PASSWORD
393 DEBUG(100, ("SMBsesskeygen_ntv1:\n"));
394 dump_data(100, sess_key
, 16);
398 NTSTATUS
SMBsesskeygen_lm_sess_key(const uint8_t lm_hash
[16],
399 const uint8_t lm_resp
[24], /* only uses 8 */
400 uint8_t sess_key
[16])
402 /* Calculate the LM session key (effective length 40 bits,
403 but changes with each session) */
405 uint8_t partial_lm_hash
[14];
408 memcpy(partial_lm_hash
, lm_hash
, 8);
409 memset(partial_lm_hash
+ 8, 0xbd, 6);
411 rc
= des_crypt56_gnutls(p24
, lm_resp
, partial_lm_hash
, SAMBA_GNUTLS_ENCRYPT
);
413 return gnutls_error_to_ntstatus(rc
, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER
);
415 rc
= des_crypt56_gnutls(p24
+8, lm_resp
, partial_lm_hash
+ 7, SAMBA_GNUTLS_ENCRYPT
);
417 return gnutls_error_to_ntstatus(rc
, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER
);
420 memcpy(sess_key
, p24
, 16);
422 #ifdef DEBUG_PASSWORD
423 DEBUG(100, ("SMBsesskeygen_lm_sess_key: \n"));
424 dump_data(100, sess_key
, 16);
430 DATA_BLOB
NTLMv2_generate_names_blob(TALLOC_CTX
*mem_ctx
,
431 const char *hostname
,
434 DATA_BLOB names_blob
= data_blob_talloc(mem_ctx
, NULL
, 0);
436 /* Deliberately ignore return here.. */
437 if (hostname
!= NULL
) {
438 (void)msrpc_gen(mem_ctx
, &names_blob
,
440 MsvAvNbDomainName
, domain
,
441 MsvAvNbComputerName
, hostname
,
444 (void)msrpc_gen(mem_ctx
, &names_blob
,
446 MsvAvNbDomainName
, domain
,
452 static DATA_BLOB
NTLMv2_generate_client_data(TALLOC_CTX
*mem_ctx
,
454 const DATA_BLOB
*names_blob
)
456 uint8_t client_chal
[8];
457 DATA_BLOB response
= data_blob(NULL
, 0);
458 uint8_t long_date
[8];
460 generate_random_buffer(client_chal
, sizeof(client_chal
));
462 push_nttime(long_date
, 0, nttime
);
464 /* See http://www.ubiqx.org/cifs/SMB.html#SMB.8.5 */
466 /* Deliberately ignore return here.. */
467 (void)msrpc_gen(mem_ctx
, &response
, "ddbbdb",
468 0x00000101, /* Header */
470 long_date
, 8, /* Timestamp */
471 client_chal
, 8, /* client challenge */
473 names_blob
->data
, names_blob
->length
); /* End of name list */
478 static DATA_BLOB
NTLMv2_generate_response(TALLOC_CTX
*out_mem_ctx
,
479 const uint8_t ntlm_v2_hash
[16],
480 const DATA_BLOB
*server_chal
,
482 const DATA_BLOB
*names_blob
)
484 uint8_t ntlmv2_response
[16];
485 DATA_BLOB ntlmv2_client_data
;
486 DATA_BLOB final_response
;
489 TALLOC_CTX
*mem_ctx
= talloc_named(out_mem_ctx
, 0,
490 "NTLMv2_generate_response internal context");
493 return data_blob(NULL
, 0);
497 /* generate some data to pass into the response function - including
498 the hostname and domain name of the server */
499 ntlmv2_client_data
= NTLMv2_generate_client_data(mem_ctx
, nttime
, names_blob
);
501 /* Given that data, and the challenge from the server, generate a response */
502 status
= SMBOWFencrypt_ntv2(ntlm_v2_hash
,
506 if (!NT_STATUS_IS_OK(status
)) {
507 talloc_free(mem_ctx
);
508 return data_blob(NULL
, 0);
511 final_response
= data_blob_talloc(out_mem_ctx
, NULL
, sizeof(ntlmv2_response
) + ntlmv2_client_data
.length
);
513 memcpy(final_response
.data
, ntlmv2_response
, sizeof(ntlmv2_response
));
515 memcpy(final_response
.data
+sizeof(ntlmv2_response
),
516 ntlmv2_client_data
.data
, ntlmv2_client_data
.length
);
518 talloc_free(mem_ctx
);
520 return final_response
;
523 static DATA_BLOB
LMv2_generate_response(TALLOC_CTX
*mem_ctx
,
524 const uint8_t ntlm_v2_hash
[16],
525 const DATA_BLOB
*server_chal
)
527 uint8_t lmv2_response
[16];
528 DATA_BLOB lmv2_client_data
= data_blob_talloc(mem_ctx
, NULL
, 8);
529 DATA_BLOB final_response
= data_blob_talloc(mem_ctx
, NULL
,24);
533 /* client-supplied random data */
534 generate_random_buffer(lmv2_client_data
.data
, lmv2_client_data
.length
);
536 /* Given that data, and the challenge from the server, generate a response */
537 status
= SMBOWFencrypt_ntv2(ntlm_v2_hash
,
541 if (!NT_STATUS_IS_OK(status
)) {
542 data_blob_free(&lmv2_client_data
);
543 return data_blob(NULL
, 0);
545 memcpy(final_response
.data
, lmv2_response
, sizeof(lmv2_response
));
547 /* after the first 16 bytes is the random data we generated above,
548 so the server can verify us with it */
549 memcpy(final_response
.data
+sizeof(lmv2_response
),
550 lmv2_client_data
.data
, lmv2_client_data
.length
);
552 data_blob_free(&lmv2_client_data
);
554 return final_response
;
557 bool SMBNTLMv2encrypt_hash(TALLOC_CTX
*mem_ctx
,
558 const char *user
, const char *domain
, const uint8_t nt_hash
[16],
559 const DATA_BLOB
*server_chal
,
560 const NTTIME
*server_timestamp
,
561 const DATA_BLOB
*names_blob
,
562 DATA_BLOB
*lm_response
, DATA_BLOB
*nt_response
,
563 DATA_BLOB
*lm_session_key
, DATA_BLOB
*user_session_key
)
565 uint8_t ntlm_v2_hash
[16];
568 /* We don't use the NT# directly. Instead we use it mashed up with
569 the username and domain.
570 This prevents username swapping during the auth exchange
572 if (!ntv2_owf_gen(nt_hash
, user
, domain
, ntlm_v2_hash
)) {
577 const NTTIME
*nttime
= server_timestamp
;
580 if (nttime
== NULL
) {
581 struct timeval tv_now
= timeval_current();
582 _now
= timeval_to_nttime(&tv_now
);
586 *nt_response
= NTLMv2_generate_response(mem_ctx
,
591 if (user_session_key
) {
592 *user_session_key
= data_blob_talloc(mem_ctx
, NULL
, 16);
594 /* The NTLMv2 calculations also provide a session key, for signing etc later */
595 /* use only the first 16 bytes of nt_response for session key */
596 status
= SMBsesskeygen_ntv2(ntlm_v2_hash
,
598 user_session_key
->data
);
599 if (!NT_STATUS_IS_OK(status
)) {
608 if (server_timestamp
!= NULL
) {
609 *lm_response
= data_blob_talloc_zero(mem_ctx
, 24);
611 *lm_response
= LMv2_generate_response(mem_ctx
,
615 if (lm_session_key
) {
616 *lm_session_key
= data_blob_talloc(mem_ctx
, NULL
, 16);
618 /* The NTLMv2 calculations also provide a session key, for signing etc later */
619 /* use only the first 16 bytes of lm_response for session key */
620 status
= SMBsesskeygen_ntv2(ntlm_v2_hash
,
622 lm_session_key
->data
);
623 if (!NT_STATUS_IS_OK(status
)) {
632 bool SMBNTLMv2encrypt(TALLOC_CTX
*mem_ctx
,
633 const char *user
, const char *domain
,
634 const char *password
,
635 const DATA_BLOB
*server_chal
,
636 const DATA_BLOB
*names_blob
,
637 DATA_BLOB
*lm_response
, DATA_BLOB
*nt_response
,
638 DATA_BLOB
*lm_session_key
, DATA_BLOB
*user_session_key
)
641 E_md4hash(password
, nt_hash
);
643 return SMBNTLMv2encrypt_hash(mem_ctx
,
644 user
, domain
, nt_hash
,
645 server_chal
, NULL
, names_blob
,
646 lm_response
, nt_response
, lm_session_key
, user_session_key
);
649 NTSTATUS
NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name
,
650 const char *account_domain
,
651 const DATA_BLOB response
,
652 const struct netlogon_creds_CredentialState
*creds
,
653 const char *workgroup
)
655 TALLOC_CTX
*frame
= NULL
;
656 /* RespType + HiRespType */
657 static const char *magic
= "\x01\x01";
659 struct NTLMv2_RESPONSE v2_resp
;
660 enum ndr_err_code err
;
661 const struct AV_PAIR
*av_nb_cn
= NULL
;
662 const struct AV_PAIR
*av_nb_dn
= NULL
;
664 if (response
.length
< 48) {
666 * NTLMv2_RESPONSE has at least 48 bytes.
671 cmp
= memcmp(response
.data
+ 16, magic
, 2);
674 * It doesn't look like a valid NTLMv2_RESPONSE
679 if (response
.length
== 95) {
681 * ndr_pull_NTLMv2_RESPONSE() fails on this strange blob,
682 * because the AvPairs content is not valid
683 * as AvLen of the first pair is 33032 (0x8108).
685 * I saw a single machine sending the following 3 times
686 * in a row, but I'm not sure if everything is static.
688 * Note this is NTLMv2_CLIENT_CHALLENGE only, not
689 * the full NTLMv2_RESPONSE (which has Response of 16 bytes
690 * before the NTLMv2_CLIENT_CHALLENGE).
692 * Note this code only prevents
693 * ndr_pull_error(Buffer Size Error): Pull bytes 39016
694 * debug message for a known case, the actual
695 * bug is also handled below in a generic way to
696 * map NT_STATUS_BUFFER_TOO_SMALL to NT_STATUS_OK.
698 * See https://bugzilla.samba.org/show_bug.cgi?id=14932
700 static const char *netapp_magic
=
701 "\x01\x01\x00\x00\x00\x00\x00\x00"
702 "\x3f\x3f\x3f\x3f\x3f\x3f\x3f\x3f"
703 "\xb8\x82\x3a\xf1\xb3\xdd\x08\x15"
704 "\x00\x00\x00\x00\x11\xa2\x08\x81"
705 "\x50\x38\x22\x78\x2b\x94\x47\xfe"
706 "\x54\x94\x7b\xff\x17\x27\x5a\xb4"
707 "\xf4\x18\xba\xdc\x2c\x38\xfd\x5b"
708 "\xfb\x0e\xc1\x85\x1e\xcc\x92\xbb"
709 "\x9b\xb1\xc4\xd5\x53\x14\xff\x8c"
710 "\x76\x49\xf5\x45\x90\x19\xa2";
712 * First we check the initial bytes
713 * and the 0x3F timestamp.
715 cmp
= memcmp(response
.data
+ 16,
720 * Then check everything after the
723 cmp
= memcmp(response
.data
+ 40,
725 response
.length
- 40);
727 DBG_DEBUG("Invalid NETAPP NTLMv2_RESPONSE "
728 "for user[%s\\%s] against "
729 "SEC_CHAN(%u)[%s/%s] "
730 "in workgroup[%s]\n",
733 creds
->secure_channel_type
,
734 creds
->computer_name
,
742 frame
= talloc_stackframe();
744 err
= ndr_pull_struct_blob(&response
, frame
, &v2_resp
,
745 (ndr_pull_flags_fn_t
)ndr_pull_NTLMv2_RESPONSE
);
746 if (!NDR_ERR_CODE_IS_SUCCESS(err
)) {
748 status
= ndr_map_error2ntstatus(err
);
749 if (NT_STATUS_EQUAL(status
, NT_STATUS_BUFFER_TOO_SMALL
)) {
751 * We are supposed to ignore invalid buffers,
752 * see https://bugzilla.samba.org/show_bug.cgi?id=14932
754 status
= NT_STATUS_OK
;
756 DEBUG(2,("%s: Failed to parse NTLMv2_RESPONSE length=%u "
757 "for user[%s\\%s] against SEC_CHAN(%u)[%s/%s] "
758 "in workgroup[%s] - %s %s %s\n",
760 (unsigned)response
.length
,
763 creds
->secure_channel_type
,
764 creds
->computer_name
,
767 ndr_map_error2string(err
),
768 NT_STATUS_IS_OK(status
) ? "(ignoring) =>" : "=>",
770 dump_data(2, response
.data
, response
.length
);
776 NDR_PRINT_DEBUG(NTLMv2_RESPONSE
, &v2_resp
);
780 * Make sure the netbios computer name in the
781 * NTLMv2_RESPONSE matches the computer name
782 * in the secure channel credentials for workstation
785 * And the netbios domain name matches our
788 * This prevents workstations from requesting
789 * the session key of NTLMSSP sessions of clients
792 if (creds
->secure_channel_type
== SEC_CHAN_WKSTA
) {
793 av_nb_cn
= ndr_ntlmssp_find_av(&v2_resp
.Challenge
.AvPairs
,
794 MsvAvNbComputerName
);
795 av_nb_dn
= ndr_ntlmssp_find_av(&v2_resp
.Challenge
.AvPairs
,
799 if (av_nb_cn
!= NULL
) {
800 const char *v
= NULL
;
804 v
= av_nb_cn
->Value
.AvNbComputerName
;
806 a
= talloc_strdup(frame
, creds
->account_name
);
809 return NT_STATUS_NO_MEMORY
;
812 if (len
> 0 && a
[len
- 1] == '$') {
816 cmp
= strcasecmp_m(a
, v
);
818 DEBUG(2,("%s: NTLMv2_RESPONSE with "
819 "NbComputerName[%s] rejected "
821 "against SEC_CHAN_WKSTA[%s/%s] "
822 "in workgroup[%s]\n",
826 creds
->computer_name
,
830 return NT_STATUS_LOGON_FAILURE
;
833 if (av_nb_dn
!= NULL
) {
834 const char *v
= NULL
;
836 v
= av_nb_dn
->Value
.AvNbDomainName
;
838 cmp
= strcasecmp_m(workgroup
, v
);
840 DEBUG(2,("%s: NTLMv2_RESPONSE with "
841 "NbDomainName[%s] rejected "
843 "against SEC_CHAN_WKSTA[%s/%s] "
844 "in workgroup[%s]\n",
848 creds
->computer_name
,
852 return NT_STATUS_LOGON_FAILURE
;
861 ENCODE_ORDER_PASSWORD_FIRST
,
862 ENCODE_ORDER_PASSWORD_LAST
,
865 #define PASSWORD_BUFFER_LEN 512
867 static ssize_t
_encode_pwd_buffer_from_str(uint8_t buf
[PASSWORD_BUFFER_LEN
],
868 const char *password
,
870 enum encode_order order
)
874 size_t random_pos
= 0;
875 size_t random_len
= 0;
877 /* The incoming buffer can be any alignment. */
878 string_flags
|= STR_NOALIGN
;
880 new_pw_len
= push_string(buf
,
884 if (new_pw_len
< 0) {
885 BURN_DATA_SIZE(buf
, PASSWORD_BUFFER_LEN
);
889 if (new_pw_len
== PASSWORD_BUFFER_LEN
) {
894 case ENCODE_ORDER_PASSWORD_FIRST
:
896 random_pos
= new_pw_len
;
897 random_len
= PASSWORD_BUFFER_LEN
- random_pos
;
899 case ENCODE_ORDER_PASSWORD_LAST
:
900 pw_pos
= PASSWORD_BUFFER_LEN
- new_pw_len
;
903 memmove(buf
+ pw_pos
, buf
, new_pw_len
);
907 generate_random_buffer(buf
+ random_pos
, random_len
);
912 /***********************************************************
913 encode a password buffer with a unicode password. The buffer
914 is filled with random data to make it harder to attack.
915 ************************************************************/
916 bool encode_pw_buffer(uint8_t buffer
[516], const char *password
, int string_flags
)
920 pw_len
= _encode_pwd_buffer_from_str(buffer
,
923 ENCODE_ORDER_PASSWORD_LAST
);
924 if (pw_len
< 0 || pw_len
> PASSWORD_BUFFER_LEN
) {
928 PUSH_LE_U32(buffer
, PASSWORD_BUFFER_LEN
, pw_len
);
934 /***********************************************************
935 decode a password buffer
936 *new_pw_len is the length in bytes of the possibly mulitbyte
937 returned password including termination.
938 ************************************************************/
940 bool decode_pw_buffer(TALLOC_CTX
*ctx
,
941 uint8_t in_buffer
[516],
944 charset_t string_charset
)
946 DATA_BLOB new_password
;
953 ok
= extract_pw_from_buffer(ctx
, in_buffer
, &new_password
);
959 Warning !!! : This function is called from some rpc call.
960 The password IN the buffer may be a UNICODE string.
961 The password IN new_pwrd is an ASCII string
962 If you reuse that code somewhere else check first.
965 /* decode into the return buffer. */
966 ok
= convert_string_talloc(ctx
,
973 data_blob_free(&new_password
);
975 DBG_ERR("Failed to convert incoming password\n");
978 talloc_keep_secret(*pp_new_pwrd
);
980 #ifdef DEBUG_PASSWORD
981 DEBUG(100,("decode_pw_buffer: new_pwrd: "));
982 dump_data(100, (uint8_t *)*pp_new_pwrd
, *new_pw_len
);
983 DEBUG(100,("multibyte len:%lu\n", (unsigned long int)*new_pw_len
));
984 DEBUG(100,("original char len:%d\n", byte_len
/2));
990 #define MAX_PASSWORD_LEN 256
993 * [MS-SAMR] 2.2.6.32 This creates the buffer to be sent. It is of type
994 * SAMPR_USER_PASSWORD_AES.
996 bool encode_pwd_buffer514_from_str(uint8_t buffer
[514],
997 const char *password
,
998 uint32_t string_flags
)
1002 pw_len
= _encode_pwd_buffer_from_str(buffer
+ 2,
1005 ENCODE_ORDER_PASSWORD_FIRST
);
1010 PUSH_LE_U16(buffer
, 0, pw_len
);
1015 bool extract_pwd_blob_from_buffer514(TALLOC_CTX
*mem_ctx
,
1016 const uint8_t in_buffer
[514],
1017 DATA_BLOB
*new_password
)
1019 #ifdef DEBUG_PASSWORD
1020 DEBUG(100, ("in_buffer: "));
1021 dump_data(100, in_buffer
, 514);
1024 new_password
->length
= PULL_LE_U16(in_buffer
, 0);
1025 if (new_password
->length
== 0 || new_password
->length
> 512) {
1029 new_password
->data
=
1030 talloc_memdup(mem_ctx
, in_buffer
+ 2, new_password
->length
);
1031 if (new_password
->data
== NULL
) {
1034 talloc_keep_secret(new_password
->data
);
1036 #ifdef DEBUG_PASSWORD
1037 DEBUG(100, ("new_pwd_len: %zu\n", new_password
->length
));
1038 DEBUG(100, ("new_pwd: "));
1039 dump_data(100, new_password
->data
, new_password
->length
);
1045 bool decode_pwd_string_from_buffer514(TALLOC_CTX
*mem_ctx
,
1046 const uint8_t in_buffer
[514],
1047 charset_t string_charset
,
1048 DATA_BLOB
*decoded_password
)
1050 DATA_BLOB new_password
= {
1055 ok
= extract_pwd_blob_from_buffer514(mem_ctx
, in_buffer
, &new_password
);
1060 ok
= convert_string_talloc(mem_ctx
,
1064 new_password
.length
,
1065 (void *)&decoded_password
->data
,
1066 &decoded_password
->length
);
1067 data_blob_free(&new_password
);
1071 talloc_keep_secret(decoded_password
->data
);
1076 /***********************************************************
1077 Encode an arc4 password change buffer.
1078 ************************************************************/
1079 NTSTATUS
encode_rc4_passwd_buffer(const char *passwd
,
1080 const DATA_BLOB
*session_key
,
1081 struct samr_CryptPasswordEx
*out_crypt_pwd
)
1083 uint8_t _confounder
[16] = {0};
1084 DATA_BLOB confounder
= data_blob_const(_confounder
, 16);
1085 DATA_BLOB pw_data
= data_blob_const(out_crypt_pwd
->data
, 516);
1089 ok
= encode_pw_buffer(pw_data
.data
, passwd
, STR_UNICODE
);
1091 return NT_STATUS_INVALID_PARAMETER
;
1094 generate_random_buffer(confounder
.data
, confounder
.length
);
1096 rc
= samba_gnutls_arcfour_confounded_md5(&confounder
,
1099 SAMBA_GNUTLS_ENCRYPT
);
1101 ZERO_ARRAY(_confounder
);
1102 data_blob_clear(&pw_data
);
1103 return gnutls_error_to_ntstatus(rc
, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER
);
1107 * The packet format is the 516 byte RC4 encrypted
1108 * pasword followed by the 16 byte counfounder
1109 * The confounder is a salt to prevent pre-computed hash attacks on the
1112 memcpy(&out_crypt_pwd
->data
[516], confounder
.data
, confounder
.length
);
1113 ZERO_ARRAY(_confounder
);
1115 return NT_STATUS_OK
;
1118 /***********************************************************
1119 Decode an arc4 encrypted password change buffer.
1120 ************************************************************/
1122 NTSTATUS
decode_rc4_passwd_buffer(const DATA_BLOB
*psession_key
,
1123 struct samr_CryptPasswordEx
*inout_crypt_pwd
)
1125 /* Confounder is last 16 bytes. */
1126 DATA_BLOB confounder
= data_blob_const(&inout_crypt_pwd
->data
[516], 16);
1127 DATA_BLOB pw_data
= data_blob_const(&inout_crypt_pwd
->data
, 516);
1130 rc
= samba_gnutls_arcfour_confounded_md5(&confounder
,
1133 SAMBA_GNUTLS_DECRYPT
);
1135 return gnutls_error_to_ntstatus(rc
, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER
);
1138 return NT_STATUS_OK
;
1141 /***********************************************************
1142 encode a password buffer with an already unicode password. The
1143 rest of the buffer is filled with random data to make it harder to attack.
1144 ************************************************************/
1146 static bool create_pw_buffer_from_blob(uint8_t buffer
[512],
1147 const DATA_BLOB
*in_password
,
1148 enum encode_order order
)
1151 size_t random_pos
= 0;
1152 size_t random_len
= 0;
1154 if (in_password
->length
> 512) {
1159 case ENCODE_ORDER_PASSWORD_FIRST
:
1161 random_pos
= in_password
->length
;
1163 case ENCODE_ORDER_PASSWORD_LAST
:
1164 pwd_pos
= PASSWORD_BUFFER_LEN
- in_password
->length
;
1168 random_len
= PASSWORD_BUFFER_LEN
- in_password
->length
;
1170 memcpy(buffer
+ pwd_pos
, in_password
->data
, in_password
->length
);
1171 generate_random_buffer(buffer
+ random_pos
, random_len
);
1176 bool set_pw_in_buffer(uint8_t buffer
[516], const DATA_BLOB
*password
)
1180 ok
= create_pw_buffer_from_blob(buffer
,
1182 ENCODE_ORDER_PASSWORD_LAST
);
1188 * The length of the new password is in the last 4 bytes of
1191 PUSH_LE_U32(buffer
, PASSWORD_BUFFER_LEN
, password
->length
);
1196 /***********************************************************
1197 decode a password buffer
1198 *new_pw_size is the length in bytes of the extracted unicode password
1199 ************************************************************/
1200 bool extract_pw_from_buffer(TALLOC_CTX
*mem_ctx
,
1201 uint8_t in_buffer
[516], DATA_BLOB
*new_pass
)
1205 /* The length of the new password is in the last 4 bytes of the data buffer. */
1207 byte_len
= IVAL(in_buffer
, 512);
1209 #ifdef DEBUG_PASSWORD
1210 dump_data(100, in_buffer
, 516);
1213 /* Password cannot be longer than the size of the password buffer */
1214 if ( (byte_len
< 0) || (byte_len
> 512)) {
1218 *new_pass
= data_blob_talloc(mem_ctx
, &in_buffer
[512 - byte_len
], byte_len
);
1220 if (!new_pass
->data
) {
1223 talloc_keep_secret(new_pass
->data
);
1229 /* encode a wkssvc_PasswordBuffer:
1231 * similar to samr_CryptPasswordEx. Different: 8byte confounder (instead of
1232 * 16byte), confounder in front of the 516 byte buffer (instead of after that
1233 * buffer), calling MD5Update() first with session_key and then with confounder
1234 * (vice versa in samr) - Guenther */
1236 WERROR
encode_wkssvc_join_password_buffer(TALLOC_CTX
*mem_ctx
,
1238 DATA_BLOB
*session_key
,
1239 struct wkssvc_PasswordBuffer
**out_pwd_buf
)
1241 struct wkssvc_PasswordBuffer
*pwd_buf
= NULL
;
1242 uint8_t _confounder
[8] = {0};
1243 DATA_BLOB confounder
= data_blob_const(_confounder
, 8);
1244 uint8_t pwbuf
[516] = {0};
1245 DATA_BLOB encrypt_pwbuf
= data_blob_const(pwbuf
, 516);
1248 pwd_buf
= talloc_zero(mem_ctx
, struct wkssvc_PasswordBuffer
);
1249 if (pwd_buf
== NULL
) {
1250 return WERR_NOT_ENOUGH_MEMORY
;
1253 encode_pw_buffer(pwbuf
, pwd
, STR_UNICODE
);
1255 generate_random_buffer(_confounder
, sizeof(_confounder
));
1257 rc
= samba_gnutls_arcfour_confounded_md5(session_key
,
1260 SAMBA_GNUTLS_ENCRYPT
);
1262 ZERO_ARRAY(_confounder
);
1263 TALLOC_FREE(pwd_buf
);
1264 return gnutls_error_to_werror(rc
, WERR_CONTENT_BLOCKED
);
1267 memcpy(&pwd_buf
->data
[0], confounder
.data
, confounder
.length
);
1268 ZERO_ARRAY(_confounder
);
1269 memcpy(&pwd_buf
->data
[8], encrypt_pwbuf
.data
, encrypt_pwbuf
.length
);
1272 *out_pwd_buf
= pwd_buf
;
1277 WERROR
decode_wkssvc_join_password_buffer(TALLOC_CTX
*mem_ctx
,
1278 struct wkssvc_PasswordBuffer
*pwd_buf
,
1279 DATA_BLOB
*session_key
,
1282 uint8_t _confounder
[8] = { 0 };
1283 DATA_BLOB confounder
= data_blob_const(_confounder
, 8);
1284 uint8_t pwbuf
[516] = {0};
1285 DATA_BLOB decrypt_pwbuf
= data_blob_const(pwbuf
, 516);
1289 if (pwd_buf
== NULL
) {
1290 return WERR_INVALID_PASSWORD
;
1295 if (session_key
->length
!= 16) {
1296 DEBUG(10,("invalid session key\n"));
1297 return WERR_INVALID_PASSWORD
;
1300 confounder
= data_blob_const(&pwd_buf
->data
[0], 8);
1301 memcpy(&pwbuf
, &pwd_buf
->data
[8], 516);
1303 rc
= samba_gnutls_arcfour_confounded_md5(session_key
,
1306 SAMBA_GNUTLS_ENCRYPT
);
1308 ZERO_ARRAY(_confounder
);
1309 TALLOC_FREE(pwd_buf
);
1310 return gnutls_error_to_werror(rc
, WERR_CONTENT_BLOCKED
);
1313 ok
= decode_pw_buffer(mem_ctx
,
1316 &decrypt_pwbuf
.length
,
1321 return WERR_INVALID_PASSWORD
;