2 Unix SMB/CIFS implementation.
4 dcerpc schannel operations
6 Copyright (C) Andrew Tridgell 2004
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "librpc/gen_ndr/ndr_schannel.h"
25 #include "auth/auth.h"
26 #include "auth/credentials/credentials.h"
27 #include "auth/gensec/gensec.h"
28 #include "auth/gensec/gensec_internal.h"
29 #include "auth/gensec/gensec_proto.h"
30 #include "../libcli/auth/schannel.h"
31 #include "librpc/gen_ndr/dcerpc.h"
32 #include "param/param.h"
33 #include "auth/gensec/gensec_toplevel_proto.h"
34 #include "lib/crypto/crypto.h"
36 struct schannel_state
{
37 struct gensec_security
*gensec
;
40 struct netlogon_creds_CredentialState
*creds
;
41 struct auth_user_info_dc
*user_info_dc
;
44 #define SETUP_SEQNUM(state, buf, initiator) do { \
45 uint8_t *_buf = buf; \
46 uint32_t _seq_num_low = (state)->seq_num & UINT32_MAX; \
47 uint32_t _seq_num_high = (state)->seq_num >> 32; \
49 _seq_num_high |= 0x80000000; \
51 RSIVAL(_buf, 0, _seq_num_low); \
52 RSIVAL(_buf, 4, _seq_num_high); \
55 static struct schannel_state
*netsec_create_state(
56 struct gensec_security
*gensec
,
57 struct netlogon_creds_CredentialState
*creds
,
60 struct schannel_state
*state
;
62 state
= talloc_zero(gensec
, struct schannel_state
);
67 state
->gensec
= gensec
;
68 state
->initiator
= initiator
;
69 state
->creds
= netlogon_creds_copy(state
, creds
);
70 if (state
->creds
== NULL
) {
75 gensec
->private_data
= state
;
80 static void netsec_offset_and_sizes(struct schannel_state
*state
,
82 uint32_t *_min_sig_size
,
83 uint32_t *_used_sig_size
,
84 uint32_t *_checksum_length
,
85 uint32_t *_confounder_ofs
)
87 uint32_t min_sig_size
;
88 uint32_t used_sig_size
;
89 uint32_t checksum_length
;
90 uint32_t confounder_ofs
;
92 if (state
->creds
->negotiate_flags
& NETLOGON_NEG_SUPPORTS_AES
) {
96 * Note: windows has a bug here and uses the old values...
98 * checksum_length = 32;
99 * confounder_ofs = 48;
115 *_min_sig_size
= min_sig_size
;
118 if (_used_sig_size
) {
119 *_used_sig_size
= used_sig_size
;
122 if (_checksum_length
) {
123 *_checksum_length
= checksum_length
;
126 if (_confounder_ofs
) {
127 *_confounder_ofs
= confounder_ofs
;
131 /*******************************************************************
132 Encode or Decode the sequence number (which is symmetric)
133 ********************************************************************/
134 static void netsec_do_seq_num(struct schannel_state
*state
,
135 const uint8_t *checksum
,
136 uint32_t checksum_length
,
139 if (state
->creds
->negotiate_flags
& NETLOGON_NEG_SUPPORTS_AES
) {
141 uint8_t iv
[AES_BLOCK_SIZE
];
143 AES_set_encrypt_key(state
->creds
->session_key
, 128, &key
);
145 memcpy(iv
+0, checksum
, 8);
146 memcpy(iv
+8, checksum
, 8);
148 aes_cfb8_encrypt(seq_num
, seq_num
, 8, &key
, iv
, AES_ENCRYPT
);
150 static const uint8_t zeros
[4];
151 uint8_t sequence_key
[16];
154 hmac_md5(state
->creds
->session_key
, zeros
, sizeof(zeros
), digest1
);
155 hmac_md5(digest1
, checksum
, checksum_length
, sequence_key
);
156 arcfour_crypt(seq_num
, sequence_key
, 8);
162 static void netsec_do_seal(struct schannel_state
*state
,
163 const uint8_t seq_num
[8],
164 uint8_t confounder
[8],
165 uint8_t *data
, uint32_t length
,
168 if (state
->creds
->negotiate_flags
& NETLOGON_NEG_SUPPORTS_AES
) {
170 uint8_t iv
[AES_BLOCK_SIZE
];
171 uint8_t sess_kf0
[16];
174 for (i
= 0; i
< 16; i
++) {
175 sess_kf0
[i
] = state
->creds
->session_key
[i
] ^ 0xf0;
178 AES_set_encrypt_key(sess_kf0
, 128, &key
);
180 memcpy(iv
+0, seq_num
, 8);
181 memcpy(iv
+8, seq_num
, 8);
184 aes_cfb8_encrypt(confounder
, confounder
, 8, &key
, iv
, AES_ENCRYPT
);
185 aes_cfb8_encrypt(data
, data
, length
, &key
, iv
, AES_ENCRYPT
);
187 aes_cfb8_encrypt(confounder
, confounder
, 8, &key
, iv
, AES_DECRYPT
);
188 aes_cfb8_encrypt(data
, data
, length
, &key
, iv
, AES_DECRYPT
);
191 uint8_t sealing_key
[16];
192 static const uint8_t zeros
[4];
194 uint8_t sess_kf0
[16];
197 for (i
= 0; i
< 16; i
++) {
198 sess_kf0
[i
] = state
->creds
->session_key
[i
] ^ 0xf0;
201 hmac_md5(sess_kf0
, zeros
, 4, digest2
);
202 hmac_md5(digest2
, seq_num
, 8, sealing_key
);
204 arcfour_crypt(confounder
, sealing_key
, 8);
205 arcfour_crypt(data
, sealing_key
, length
);
209 /*******************************************************************
210 Create a digest over the entire packet (including the data), and
211 MD5 it with the session key.
212 ********************************************************************/
213 static void netsec_do_sign(struct schannel_state
*state
,
214 const uint8_t *confounder
,
215 const uint8_t *data
, size_t length
,
219 if (state
->creds
->negotiate_flags
& NETLOGON_NEG_SUPPORTS_AES
) {
220 struct HMACSHA256Context ctx
;
222 hmac_sha256_init(state
->creds
->session_key
,
223 sizeof(state
->creds
->session_key
),
227 SSVAL(header
, 0, NL_SIGN_HMAC_SHA256
);
228 SSVAL(header
, 2, NL_SEAL_AES128
);
229 SSVAL(header
, 4, 0xFFFF);
230 SSVAL(header
, 6, 0x0000);
232 hmac_sha256_update(header
, 8, &ctx
);
233 hmac_sha256_update(confounder
, 8, &ctx
);
235 SSVAL(header
, 0, NL_SIGN_HMAC_SHA256
);
236 SSVAL(header
, 2, NL_SEAL_NONE
);
237 SSVAL(header
, 4, 0xFFFF);
238 SSVAL(header
, 6, 0x0000);
240 hmac_sha256_update(header
, 8, &ctx
);
243 hmac_sha256_update(data
, length
, &ctx
);
245 hmac_sha256_final(checksum
, &ctx
);
247 uint8_t packet_digest
[16];
248 static const uint8_t zeros
[4];
252 MD5Update(&ctx
, zeros
, 4);
254 SSVAL(header
, 0, NL_SIGN_HMAC_MD5
);
255 SSVAL(header
, 2, NL_SEAL_RC4
);
256 SSVAL(header
, 4, 0xFFFF);
257 SSVAL(header
, 6, 0x0000);
259 MD5Update(&ctx
, header
, 8);
260 MD5Update(&ctx
, confounder
, 8);
262 SSVAL(header
, 0, NL_SIGN_HMAC_MD5
);
263 SSVAL(header
, 2, NL_SEAL_NONE
);
264 SSVAL(header
, 4, 0xFFFF);
265 SSVAL(header
, 6, 0x0000);
267 MD5Update(&ctx
, header
, 8);
269 MD5Update(&ctx
, data
, length
);
270 MD5Final(packet_digest
, &ctx
);
272 hmac_md5(state
->creds
->session_key
,
273 packet_digest
, sizeof(packet_digest
),
278 static NTSTATUS
netsec_incoming_packet(struct schannel_state
*state
,
280 uint8_t *data
, size_t length
,
281 const uint8_t *whole_pdu
, size_t pdu_length
,
282 const DATA_BLOB
*sig
)
284 uint32_t min_sig_size
= 0;
286 uint8_t checksum
[32];
287 uint32_t checksum_length
= sizeof(checksum_length
);
288 uint8_t _confounder
[8];
289 uint8_t *confounder
= NULL
;
290 uint32_t confounder_ofs
= 0;
293 const uint8_t *sign_data
= NULL
;
294 size_t sign_length
= 0;
296 netsec_offset_and_sizes(state
,
303 if (sig
->length
< min_sig_size
) {
304 return NT_STATUS_ACCESS_DENIED
;
308 confounder
= _confounder
;
309 memcpy(confounder
, sig
->data
+confounder_ofs
, 8);
314 SETUP_SEQNUM(state
, seq_num
, !state
->initiator
);
317 netsec_do_seal(state
, seq_num
,
323 if (state
->gensec
->want_features
& GENSEC_FEATURE_SIGN_PKT_HEADER
) {
324 sign_data
= whole_pdu
;
325 sign_length
= pdu_length
;
328 sign_length
= length
;
331 netsec_do_sign(state
, confounder
,
332 sign_data
, sign_length
,
335 ret
= memcmp(checksum
, sig
->data
+16, checksum_length
);
337 dump_data_pw("calc digest:", checksum
, checksum_length
);
338 dump_data_pw("wire digest:", sig
->data
+16, checksum_length
);
339 return NT_STATUS_ACCESS_DENIED
;
342 netsec_do_seq_num(state
, checksum
, checksum_length
, seq_num
);
344 ret
= memcmp(seq_num
, sig
->data
+8, 8);
346 dump_data_pw("calc seq num:", seq_num
, 8);
347 dump_data_pw("wire seq num:", sig
->data
+8, 8);
348 return NT_STATUS_ACCESS_DENIED
;
354 static uint32_t netsec_outgoing_sig_size(struct schannel_state
*state
)
356 uint32_t sig_size
= 0;
358 netsec_offset_and_sizes(state
,
368 static NTSTATUS
netsec_outgoing_packet(struct schannel_state
*state
,
371 uint8_t *data
, size_t length
,
372 const uint8_t *whole_pdu
, size_t pdu_length
,
375 uint32_t min_sig_size
= 0;
376 uint32_t used_sig_size
= 0;
378 uint8_t checksum
[32];
379 uint32_t checksum_length
= sizeof(checksum_length
);
380 uint8_t _confounder
[8];
381 uint8_t *confounder
= NULL
;
382 uint32_t confounder_ofs
= 0;
384 const uint8_t *sign_data
= NULL
;
385 size_t sign_length
= 0;
387 netsec_offset_and_sizes(state
,
394 SETUP_SEQNUM(state
, seq_num
, state
->initiator
);
397 confounder
= _confounder
;
398 generate_random_buffer(confounder
, 8);
403 if (state
->gensec
->want_features
& GENSEC_FEATURE_SIGN_PKT_HEADER
) {
404 sign_data
= whole_pdu
;
405 sign_length
= pdu_length
;
408 sign_length
= length
;
411 netsec_do_sign(state
, confounder
,
412 sign_data
, sign_length
,
416 netsec_do_seal(state
, seq_num
,
422 netsec_do_seq_num(state
, checksum
, checksum_length
, seq_num
);
424 (*sig
) = data_blob_talloc_zero(mem_ctx
, used_sig_size
);
426 memcpy(sig
->data
, header
, 8);
427 memcpy(sig
->data
+8, seq_num
, 8);
428 memcpy(sig
->data
+16, checksum
, checksum_length
);
431 memcpy(sig
->data
+confounder_ofs
, confounder
, 8);
434 dump_data_pw("signature:", sig
->data
+ 0, 8);
435 dump_data_pw("seq_num :", sig
->data
+ 8, 8);
436 dump_data_pw("digest :", sig
->data
+16, checksum_length
);
437 dump_data_pw("confound :", sig
->data
+confounder_ofs
, 8);
442 _PUBLIC_ NTSTATUS
gensec_schannel_init(void);
444 static size_t schannel_sig_size(struct gensec_security
*gensec_security
, size_t data_size
)
446 struct schannel_state
*state
=
447 talloc_get_type_abort(gensec_security
->private_data
,
448 struct schannel_state
);
450 return netsec_outgoing_sig_size(state
);
453 static NTSTATUS
schannel_update(struct gensec_security
*gensec_security
, TALLOC_CTX
*out_mem_ctx
,
454 struct tevent_context
*ev
,
455 const DATA_BLOB in
, DATA_BLOB
*out
)
457 struct schannel_state
*state
=
458 talloc_get_type(gensec_security
->private_data
,
459 struct schannel_state
);
461 enum ndr_err_code ndr_err
;
462 struct NL_AUTH_MESSAGE bind_schannel
= {};
463 struct NL_AUTH_MESSAGE bind_schannel_ack
;
464 struct netlogon_creds_CredentialState
*creds
;
465 const char *workstation
;
468 *out
= data_blob(NULL
, 0);
470 switch (gensec_security
->gensec_role
) {
473 /* we could parse the bind ack, but we don't know what it is yet */
477 creds
= cli_credentials_get_netlogon_creds(gensec_security
->credentials
);
479 return NT_STATUS_INVALID_PARAMETER_MIX
;
482 state
= netsec_create_state(gensec_security
,
483 creds
, true /* initiator */);
485 return NT_STATUS_NO_MEMORY
;
488 bind_schannel
.MessageType
= NL_NEGOTIATE_REQUEST
;
490 bind_schannel
.Flags
= NL_FLAG_OEM_NETBIOS_DOMAIN_NAME
|
491 NL_FLAG_OEM_NETBIOS_COMPUTER_NAME
;
492 bind_schannel
.oem_netbios_domain
.a
= cli_credentials_get_domain(gensec_security
->credentials
);
493 bind_schannel
.oem_netbios_computer
.a
= creds
->computer_name
;
495 if (creds
->secure_channel_type
== SEC_CHAN_DNS_DOMAIN
) {
496 bind_schannel
.Flags
|= NL_FLAG_UTF8_DNS_DOMAIN_NAME
;
497 bind_schannel
.utf8_dns_domain
.u
= cli_credentials_get_realm(gensec_security
->credentials
);
499 bind_schannel
.Flags
|= NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME
;
500 bind_schannel
.utf8_netbios_computer
.u
= creds
->computer_name
;
503 ndr_err
= ndr_push_struct_blob(out
, out_mem_ctx
, &bind_schannel
,
504 (ndr_push_flags_fn_t
)ndr_push_NL_AUTH_MESSAGE
);
505 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
506 status
= ndr_map_error2ntstatus(ndr_err
);
507 DEBUG(3, ("Could not create schannel bind: %s\n",
512 return NT_STATUS_MORE_PROCESSING_REQUIRED
;
516 /* no third leg on this protocol */
517 return NT_STATUS_INVALID_PARAMETER
;
520 /* parse the schannel startup blob */
521 ndr_err
= ndr_pull_struct_blob(&in
, out_mem_ctx
, &bind_schannel
,
522 (ndr_pull_flags_fn_t
)ndr_pull_NL_AUTH_MESSAGE
);
523 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
524 status
= ndr_map_error2ntstatus(ndr_err
);
525 DEBUG(3, ("Could not parse incoming schannel bind: %s\n",
530 if (bind_schannel
.Flags
& NL_FLAG_OEM_NETBIOS_DOMAIN_NAME
) {
531 domain
= bind_schannel
.oem_netbios_domain
.a
;
532 if (strcasecmp_m(domain
, lpcfg_workgroup(gensec_security
->settings
->lp_ctx
)) != 0) {
533 DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
534 domain
, lpcfg_workgroup(gensec_security
->settings
->lp_ctx
)));
535 return NT_STATUS_LOGON_FAILURE
;
537 } else if (bind_schannel
.Flags
& NL_FLAG_UTF8_DNS_DOMAIN_NAME
) {
538 domain
= bind_schannel
.utf8_dns_domain
.u
;
539 if (strcasecmp_m(domain
, lpcfg_dnsdomain(gensec_security
->settings
->lp_ctx
)) != 0) {
540 DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
541 domain
, lpcfg_dnsdomain(gensec_security
->settings
->lp_ctx
)));
542 return NT_STATUS_LOGON_FAILURE
;
545 DEBUG(3, ("Request for schannel to without domain\n"));
546 return NT_STATUS_LOGON_FAILURE
;
549 if (bind_schannel
.Flags
& NL_FLAG_OEM_NETBIOS_COMPUTER_NAME
) {
550 workstation
= bind_schannel
.oem_netbios_computer
.a
;
551 } else if (bind_schannel
.Flags
& NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME
) {
552 workstation
= bind_schannel
.utf8_netbios_computer
.u
;
554 DEBUG(3, ("Request for schannel to without netbios workstation\n"));
555 return NT_STATUS_LOGON_FAILURE
;
558 status
= schannel_get_creds_state(out_mem_ctx
,
559 gensec_security
->settings
->lp_ctx
,
560 workstation
, &creds
);
561 if (!NT_STATUS_IS_OK(status
)) {
562 DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
563 workstation
, nt_errstr(status
)));
564 if (NT_STATUS_EQUAL(status
, NT_STATUS_INVALID_HANDLE
)) {
565 return NT_STATUS_LOGON_FAILURE
;
570 state
= netsec_create_state(gensec_security
,
571 creds
, false /* not initiator */);
573 return NT_STATUS_NO_MEMORY
;
576 status
= auth_anonymous_user_info_dc(state
,
577 lpcfg_netbios_name(gensec_security
->settings
->lp_ctx
),
578 &state
->user_info_dc
);
579 if (!NT_STATUS_IS_OK(status
)) {
583 bind_schannel_ack
.MessageType
= NL_NEGOTIATE_RESPONSE
;
584 bind_schannel_ack
.Flags
= 0;
585 bind_schannel_ack
.Buffer
.dummy
= 0x6c0000; /* actually I think
590 ndr_err
= ndr_push_struct_blob(out
, out_mem_ctx
, &bind_schannel_ack
,
591 (ndr_push_flags_fn_t
)ndr_push_NL_AUTH_MESSAGE
);
592 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
593 status
= ndr_map_error2ntstatus(ndr_err
);
594 DEBUG(3, ("Could not return schannel bind ack for client %s: %s\n",
595 workstation
, nt_errstr(status
)));
601 return NT_STATUS_INVALID_PARAMETER
;
605 * Returns anonymous credentials for schannel, matching Win2k3.
609 static NTSTATUS
schannel_session_info(struct gensec_security
*gensec_security
,
611 struct auth_session_info
**_session_info
)
613 struct schannel_state
*state
=
614 talloc_get_type(gensec_security
->private_data
,
615 struct schannel_state
);
616 struct auth4_context
*auth_ctx
= gensec_security
->auth_context
;
617 struct auth_session_info
*session_info
= NULL
;
618 uint32_t session_info_flags
= 0;
621 if (auth_ctx
== NULL
) {
622 DEBUG(0, ("Cannot generate a session_info without the auth_context\n"));
623 return NT_STATUS_INTERNAL_ERROR
;
626 if (auth_ctx
->generate_session_info
== NULL
) {
627 DEBUG(0, ("Cannot generate a session_info without the generate_session_info hook\n"));
628 return NT_STATUS_INTERNAL_ERROR
;
631 if (gensec_security
->want_features
& GENSEC_FEATURE_UNIX_TOKEN
) {
632 session_info_flags
|= AUTH_SESSION_INFO_UNIX_TOKEN
;
635 session_info_flags
|= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES
;
637 status
= auth_ctx
->generate_session_info(
641 state
->user_info_dc
->info
->account_name
,
644 if (!NT_STATUS_IS_OK(status
)) {
648 *_session_info
= session_info
;
652 static NTSTATUS
schannel_server_start(struct gensec_security
*gensec_security
)
657 static NTSTATUS
schannel_client_start(struct gensec_security
*gensec_security
)
662 static bool schannel_have_feature(struct gensec_security
*gensec_security
,
665 if (feature
& (GENSEC_FEATURE_SIGN
|
666 GENSEC_FEATURE_SEAL
)) {
669 if (feature
& GENSEC_FEATURE_DCE_STYLE
) {
672 if (feature
& GENSEC_FEATURE_SIGN_PKT_HEADER
) {
681 static NTSTATUS
schannel_unseal_packet(struct gensec_security
*gensec_security
,
682 uint8_t *data
, size_t length
,
683 const uint8_t *whole_pdu
, size_t pdu_length
,
684 const DATA_BLOB
*sig
)
686 struct schannel_state
*state
=
687 talloc_get_type_abort(gensec_security
->private_data
,
688 struct schannel_state
);
690 return netsec_incoming_packet(state
, true,
691 discard_const_p(uint8_t, data
),
693 whole_pdu
, pdu_length
,
698 check the signature on a packet
700 static NTSTATUS
schannel_check_packet(struct gensec_security
*gensec_security
,
701 const uint8_t *data
, size_t length
,
702 const uint8_t *whole_pdu
, size_t pdu_length
,
703 const DATA_BLOB
*sig
)
705 struct schannel_state
*state
=
706 talloc_get_type_abort(gensec_security
->private_data
,
707 struct schannel_state
);
709 return netsec_incoming_packet(state
, false,
710 discard_const_p(uint8_t, data
),
712 whole_pdu
, pdu_length
,
718 static NTSTATUS
schannel_seal_packet(struct gensec_security
*gensec_security
,
720 uint8_t *data
, size_t length
,
721 const uint8_t *whole_pdu
, size_t pdu_length
,
724 struct schannel_state
*state
=
725 talloc_get_type_abort(gensec_security
->private_data
,
726 struct schannel_state
);
728 return netsec_outgoing_packet(state
, mem_ctx
, true,
730 whole_pdu
, pdu_length
,
737 static NTSTATUS
schannel_sign_packet(struct gensec_security
*gensec_security
,
739 const uint8_t *data
, size_t length
,
740 const uint8_t *whole_pdu
, size_t pdu_length
,
743 struct schannel_state
*state
=
744 talloc_get_type_abort(gensec_security
->private_data
,
745 struct schannel_state
);
747 return netsec_outgoing_packet(state
, mem_ctx
, false,
748 discard_const_p(uint8_t, data
),
750 whole_pdu
, pdu_length
,
754 static const struct gensec_security_ops gensec_schannel_security_ops
= {
756 .auth_type
= DCERPC_AUTH_TYPE_SCHANNEL
,
757 .client_start
= schannel_client_start
,
758 .server_start
= schannel_server_start
,
759 .update
= schannel_update
,
760 .seal_packet
= schannel_seal_packet
,
761 .sign_packet
= schannel_sign_packet
,
762 .check_packet
= schannel_check_packet
,
763 .unseal_packet
= schannel_unseal_packet
,
764 .session_info
= schannel_session_info
,
765 .sig_size
= schannel_sig_size
,
766 .have_feature
= schannel_have_feature
,
768 .priority
= GENSEC_SCHANNEL
771 _PUBLIC_ NTSTATUS
gensec_schannel_init(void)
774 ret
= gensec_register(&gensec_schannel_security_ops
);
775 if (!NT_STATUS_IS_OK(ret
)) {
776 DEBUG(0,("Failed to register '%s' gensec backend!\n",
777 gensec_schannel_security_ops
.name
));