1 #ifndef _LIBCLI_AUTH_PROTO_H__
2 #define _LIBCLI_AUTH_PROTO_H__
4 #undef _PRINTF_ATTRIBUTE
5 #define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
7 /* this file contains prototypes for functions that are private
8 * to this subsystem or library. These functions should not be
9 * used outside this particular subsystem! */
12 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/credentials.c */
14 void netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState
*creds
, struct netr_LMSessionKey
*key
);
15 void netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState
*creds
, struct netr_LMSessionKey
*key
);
16 void netlogon_creds_des_encrypt(struct netlogon_creds_CredentialState
*creds
, struct samr_Password
*pass
);
17 void netlogon_creds_des_decrypt(struct netlogon_creds_CredentialState
*creds
, struct samr_Password
*pass
);
18 void netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState
*creds
, uint8_t *data
, size_t len
);
19 void netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState
*creds
, uint8_t *data
, size_t len
);
20 void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState
*creds
, uint8_t *data
, size_t len
);
22 /*****************************************************************
23 The above functions are common to the client and server interface
24 next comes the client specific functions
25 ******************************************************************/
26 struct netlogon_creds_CredentialState
*netlogon_creds_client_init(TALLOC_CTX
*mem_ctx
,
27 const char *client_account
,
28 const char *client_computer_name
,
29 uint16_t secure_channel_type
,
30 const struct netr_Credential
*client_challenge
,
31 const struct netr_Credential
*server_challenge
,
32 const struct samr_Password
*machine_password
,
33 struct netr_Credential
*initial_credential
,
34 uint32_t negotiate_flags
);
35 struct netlogon_creds_CredentialState
*netlogon_creds_client_init_session_key(TALLOC_CTX
*mem_ctx
,
36 const uint8_t session_key
[16]);
37 void netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState
*creds
,
38 struct netr_Authenticator
*next
);
39 bool netlogon_creds_client_check(struct netlogon_creds_CredentialState
*creds
,
40 const struct netr_Credential
*received_credentials
);
41 struct netlogon_creds_CredentialState
*netlogon_creds_copy(
43 const struct netlogon_creds_CredentialState
*creds_in
);
45 /*****************************************************************
46 The above functions are common to the client and server interface
47 next comes the server specific functions
48 ******************************************************************/
49 struct netlogon_creds_CredentialState
*netlogon_creds_server_init(TALLOC_CTX
*mem_ctx
,
50 const char *client_account
,
51 const char *client_computer_name
,
52 uint16_t secure_channel_type
,
53 const struct netr_Credential
*client_challenge
,
54 const struct netr_Credential
*server_challenge
,
55 const struct samr_Password
*machine_password
,
56 const struct netr_Credential
*credentials_in
,
57 struct netr_Credential
*credentials_out
,
58 uint32_t negotiate_flags
);
59 NTSTATUS
netlogon_creds_server_step_check(struct netlogon_creds_CredentialState
*creds
,
60 const struct netr_Authenticator
*received_authenticator
,
61 struct netr_Authenticator
*return_authenticator
) ;
62 void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState
*creds
,
63 uint16_t validation_level
,
64 union netr_Validation
*validation
);
65 void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState
*creds
,
66 uint16_t validation_level
,
67 union netr_Validation
*validation
);
68 void netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState
*creds
,
69 enum netr_LogonInfoClass level
,
70 union netr_LogonLevel
*logon
);
71 void netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState
*creds
,
72 enum netr_LogonInfoClass level
,
73 union netr_LogonLevel
*logon
);
74 union netr_LogonLevel
*netlogon_creds_shallow_copy_logon(TALLOC_CTX
*mem_ctx
,
75 enum netr_LogonInfoClass level
,
76 const union netr_LogonLevel
*in
);
78 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */
80 void sess_crypt_blob(DATA_BLOB
*out
, const DATA_BLOB
*in
, const DATA_BLOB
*session_key
,
82 DATA_BLOB
sess_encrypt_string(const char *str
, const DATA_BLOB
*session_key
);
83 char *sess_decrypt_string(TALLOC_CTX
*mem_ctx
,
84 DATA_BLOB
*blob
, const DATA_BLOB
*session_key
);
85 DATA_BLOB
sess_encrypt_blob(TALLOC_CTX
*mem_ctx
, DATA_BLOB
*blob_in
, const DATA_BLOB
*session_key
);
86 NTSTATUS
sess_decrypt_blob(TALLOC_CTX
*mem_ctx
, const DATA_BLOB
*blob
, const DATA_BLOB
*session_key
,
89 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/smbencrypt.c */
91 void SMBencrypt_hash(const uint8_t lm_hash
[16], const uint8_t *c8
, uint8_t p24
[24]);
92 bool SMBencrypt(const char *passwd
, const uint8_t *c8
, uint8_t p24
[24]);
95 * Creates the MD4 Hash of the users password in NT UNICODE.
96 * @param passwd password in 'unix' charset.
97 * @param p16 return password hashed with md4, caller allocated 16 byte buffer
99 bool E_md4hash(const char *passwd
, uint8_t p16
[16]);
102 * Creates the MD5 Hash of a combination of 16 byte salt and 16 byte NT hash.
103 * @param 16 byte salt.
104 * @param 16 byte NT hash.
105 * @param 16 byte return hashed with md5, caller allocated 16 byte buffer
107 void E_md5hash(const uint8_t salt
[16], const uint8_t nthash
[16], uint8_t hash_out
[16]);
110 * Creates the DES forward-only Hash of the users password in DOS ASCII charset
111 * @param passwd password in 'unix' charset.
112 * @param p16 return password hashed with DES, caller allocated 16 byte buffer
113 * @return false if password was > 14 characters, and therefore may be incorrect, otherwise true
114 * @note p16 is filled in regardless
116 bool E_deshash(const char *passwd
, uint8_t p16
[16]);
119 * Creates the MD4 and DES (LM) Hash of the users password.
120 * MD4 is of the NT Unicode, DES is of the DOS UPPERCASE password.
121 * @param passwd password in 'unix' charset.
122 * @param nt_p16 return password hashed with md4, caller allocated 16 byte buffer
123 * @param p16 return password hashed with des, caller allocated 16 byte buffer
125 void nt_lm_owf_gen(const char *pwd
, uint8_t nt_p16
[16], uint8_t p16
[16]);
126 bool ntv2_owf_gen(const uint8_t owf
[16],
127 const char *user_in
, const char *domain_in
,
129 void SMBOWFencrypt(const uint8_t passwd
[16], const uint8_t *c8
, uint8_t p24
[24]);
130 void SMBNTencrypt_hash(const uint8_t nt_hash
[16], const uint8_t *c8
, uint8_t *p24
);
131 void SMBNTencrypt(const char *passwd
, const uint8_t *c8
, uint8_t *p24
);
132 void SMBOWFencrypt_ntv2(const uint8_t kr
[16],
133 const DATA_BLOB
*srv_chal
,
134 const DATA_BLOB
*smbcli_chal
,
135 uint8_t resp_buf
[16]);
136 void SMBsesskeygen_ntv2(const uint8_t kr
[16],
137 const uint8_t * nt_resp
, uint8_t sess_key
[16]);
138 void SMBsesskeygen_ntv1(const uint8_t kr
[16], uint8_t sess_key
[16]);
139 void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash
[16],
140 const uint8_t lm_resp
[24], /* only uses 8 */
141 uint8_t sess_key
[16]);
142 DATA_BLOB
NTLMv2_generate_names_blob(TALLOC_CTX
*mem_ctx
,
143 const char *hostname
,
145 bool SMBNTLMv2encrypt_hash(TALLOC_CTX
*mem_ctx
,
146 const char *user
, const char *domain
, const uint8_t nt_hash
[16],
147 const DATA_BLOB
*server_chal
,
148 const NTTIME
*server_timestamp
,
149 const DATA_BLOB
*names_blob
,
150 DATA_BLOB
*lm_response
, DATA_BLOB
*nt_response
,
151 DATA_BLOB
*lm_session_key
, DATA_BLOB
*user_session_key
) ;
152 bool SMBNTLMv2encrypt(TALLOC_CTX
*mem_ctx
,
153 const char *user
, const char *domain
,
154 const char *password
,
155 const DATA_BLOB
*server_chal
,
156 const DATA_BLOB
*names_blob
,
157 DATA_BLOB
*lm_response
, DATA_BLOB
*nt_response
,
158 DATA_BLOB
*lm_session_key
, DATA_BLOB
*user_session_key
) ;
159 NTSTATUS
NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name
,
160 const char *account_domain
,
161 const DATA_BLOB response
,
162 const struct netlogon_creds_CredentialState
*creds
,
163 const char *workgroup
);
165 /***********************************************************
166 encode a password buffer with a unicode password. The buffer
167 is filled with random data to make it harder to attack.
168 ************************************************************/
169 bool encode_pw_buffer(uint8_t buffer
[516], const char *password
, int string_flags
);
171 /***********************************************************
172 decode a password buffer
173 *new_pw_len is the length in bytes of the possibly mulitbyte
174 returned password including termination.
175 ************************************************************/
176 bool decode_pw_buffer(TALLOC_CTX
*ctx
,
177 uint8_t in_buffer
[516],
180 charset_t string_charset
);
182 /***********************************************************
183 Decode an arc4 encrypted password change buffer.
184 ************************************************************/
185 void encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf
[532], const DATA_BLOB
*psession_key
);
187 /***********************************************************
188 encode a password buffer with an already unicode password. The
189 rest of the buffer is filled with random data to make it harder to attack.
190 ************************************************************/
191 bool set_pw_in_buffer(uint8_t buffer
[516], const DATA_BLOB
*password
);
193 /***********************************************************
194 decode a password buffer
195 *new_pw_size is the length in bytes of the extracted unicode password
196 ************************************************************/
197 bool extract_pw_from_buffer(TALLOC_CTX
*mem_ctx
,
198 uint8_t in_buffer
[516], DATA_BLOB
*new_pass
);
199 struct wkssvc_PasswordBuffer
;
200 void encode_wkssvc_join_password_buffer(TALLOC_CTX
*mem_ctx
,
202 DATA_BLOB
*session_key
,
203 struct wkssvc_PasswordBuffer
**pwd_buf
);
204 WERROR
decode_wkssvc_join_password_buffer(TALLOC_CTX
*mem_ctx
,
205 struct wkssvc_PasswordBuffer
*pwd_buf
,
206 DATA_BLOB
*session_key
,
209 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/smbdes.c */
211 void des_crypt56(uint8_t out
[8], const uint8_t in
[8], const uint8_t key
[7], int forw
);
212 void E_P16(const uint8_t *p14
,uint8_t *p16
);
213 void E_P24(const uint8_t *p21
, const uint8_t *c8
, uint8_t *p24
);
214 void D_P16(const uint8_t *p14
, const uint8_t *in
, uint8_t *out
);
215 void E_old_pw_hash( uint8_t *p14
, const uint8_t *in
, uint8_t *out
);
216 void des_crypt128(uint8_t out
[8], const uint8_t in
[8], const uint8_t key
[16]);
217 void des_crypt64(uint8_t out
[8], const uint8_t in
[8], const uint8_t key
[8], int forw
);
218 void des_crypt112(uint8_t out
[8], const uint8_t in
[8], const uint8_t key
[14], int forw
);
219 void des_crypt112_16(uint8_t out
[16], const uint8_t in
[16], const uint8_t key
[14], int forw
);
220 void sam_rid_crypt(unsigned int rid
, const uint8_t *in
, uint8_t *out
, int forw
);
221 #undef _PRINTF_ATTRIBUTE
222 #define _PRINTF_ATTRIBUTE(a1, a2)