1 #ifndef _LIBCLI_AUTH_PROTO_H__
2 #define _LIBCLI_AUTH_PROTO_H__
4 #undef _PRINTF_ATTRIBUTE
5 #define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
7 #include "lib/crypto/gnutls_helpers.h"
9 /* this file contains prototypes for functions that are private
10 * to this subsystem or library. These functions should not be
11 * used outside this particular subsystem! */
14 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/credentials.c */
16 bool netlogon_creds_is_random_challenge(const struct netr_Credential
*challenge
);
17 void netlogon_creds_random_challenge(struct netr_Credential
*challenge
);
19 NTSTATUS
netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState
*creds
,
20 struct netr_LMSessionKey
*key
);
21 NTSTATUS
netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState
*creds
,
22 struct netr_LMSessionKey
*key
);
23 NTSTATUS
netlogon_creds_des_encrypt(struct netlogon_creds_CredentialState
*creds
,
24 struct samr_Password
*pass
);
25 NTSTATUS
netlogon_creds_des_decrypt(struct netlogon_creds_CredentialState
*creds
,
26 struct samr_Password
*pass
);
27 NTSTATUS
netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState
*creds
,
30 NTSTATUS
netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState
*creds
,
33 NTSTATUS
netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState
*creds
,
37 /*****************************************************************
38 The above functions are common to the client and server interface
39 next comes the client specific functions
40 ******************************************************************/
41 struct netlogon_creds_CredentialState
*netlogon_creds_client_init(TALLOC_CTX
*mem_ctx
,
42 const char *client_account
,
43 const char *client_computer_name
,
44 uint16_t secure_channel_type
,
45 const struct netr_Credential
*client_challenge
,
46 const struct netr_Credential
*server_challenge
,
47 const struct samr_Password
*machine_password
,
48 struct netr_Credential
*initial_credential
,
49 uint32_t negotiate_flags
);
50 struct netlogon_creds_CredentialState
*netlogon_creds_client_init_session_key(TALLOC_CTX
*mem_ctx
,
51 const uint8_t session_key
[16]);
53 netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState
*creds
,
54 struct netr_Authenticator
*next
);
55 bool netlogon_creds_client_check(struct netlogon_creds_CredentialState
*creds
,
56 const struct netr_Credential
*received_credentials
);
57 struct netlogon_creds_CredentialState
*netlogon_creds_copy(
59 const struct netlogon_creds_CredentialState
*creds_in
);
61 /*****************************************************************
62 The above functions are common to the client and server interface
63 next comes the server specific functions
64 ******************************************************************/
65 struct netlogon_creds_CredentialState
*netlogon_creds_server_init(TALLOC_CTX
*mem_ctx
,
66 const char *client_account
,
67 const char *client_computer_name
,
68 uint16_t secure_channel_type
,
69 const struct netr_Credential
*client_challenge
,
70 const struct netr_Credential
*server_challenge
,
71 const struct samr_Password
*machine_password
,
72 const struct netr_Credential
*credentials_in
,
73 struct netr_Credential
*credentials_out
,
74 uint32_t negotiate_flags
);
75 NTSTATUS
netlogon_creds_server_step_check(struct netlogon_creds_CredentialState
*creds
,
76 const struct netr_Authenticator
*received_authenticator
,
77 struct netr_Authenticator
*return_authenticator
) ;
78 NTSTATUS
netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState
*creds
,
79 uint16_t validation_level
,
80 union netr_Validation
*validation
);
81 NTSTATUS
netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState
*creds
,
82 uint16_t validation_level
,
83 union netr_Validation
*validation
);
84 NTSTATUS
netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState
*creds
,
85 enum netr_LogonInfoClass level
,
86 union netr_LogonLevel
*logon
);
87 NTSTATUS
netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState
*creds
,
88 enum netr_LogonInfoClass level
,
89 union netr_LogonLevel
*logon
);
90 union netr_LogonLevel
*netlogon_creds_shallow_copy_logon(TALLOC_CTX
*mem_ctx
,
91 enum netr_LogonInfoClass level
,
92 const union netr_LogonLevel
*in
);
94 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */
96 int sess_crypt_blob(DATA_BLOB
*out
, const DATA_BLOB
*in
, const DATA_BLOB
*session_key
,
97 enum samba_gnutls_direction encrypt
);
98 DATA_BLOB
sess_encrypt_string(const char *str
, const DATA_BLOB
*session_key
);
99 char *sess_decrypt_string(TALLOC_CTX
*mem_ctx
,
100 DATA_BLOB
*blob
, const DATA_BLOB
*session_key
);
101 DATA_BLOB
sess_encrypt_blob(TALLOC_CTX
*mem_ctx
, DATA_BLOB
*blob_in
, const DATA_BLOB
*session_key
);
102 NTSTATUS
sess_decrypt_blob(TALLOC_CTX
*mem_ctx
, const DATA_BLOB
*blob
, const DATA_BLOB
*session_key
,
105 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/smbencrypt.c */
107 int SMBencrypt_hash(const uint8_t lm_hash
[16], const uint8_t *c8
, uint8_t p24
[24]);
108 bool SMBencrypt(const char *passwd
, const uint8_t *c8
, uint8_t p24
[24]);
111 * Creates the MD4 Hash of the users password in NT UNICODE.
112 * @param passwd password in 'unix' charset.
113 * @param p16 return password hashed with md4, caller allocated 16 byte buffer
115 bool E_md4hash(const char *passwd
, uint8_t p16
[16]);
118 * Creates the DES forward-only Hash of the users password in DOS ASCII charset
119 * @param passwd password in 'unix' charset.
120 * @param p16 return password hashed with DES, caller allocated 16 byte buffer
121 * @return false if password was > 14 characters, and therefore may be incorrect, otherwise true
122 * @note p16 is filled in regardless
124 bool E_deshash(const char *passwd
, uint8_t p16
[16]);
127 * Creates the MD4 and DES (LM) Hash of the users password.
128 * MD4 is of the NT Unicode, DES is of the DOS UPPERCASE password.
129 * @param passwd password in 'unix' charset.
130 * @param nt_p16 return password hashed with md4, caller allocated 16 byte buffer
131 * @param p16 return password hashed with des, caller allocated 16 byte buffer
133 void nt_lm_owf_gen(const char *pwd
, uint8_t nt_p16
[16], uint8_t p16
[16]);
134 bool ntv2_owf_gen(const uint8_t owf
[16],
135 const char *user_in
, const char *domain_in
,
137 int SMBOWFencrypt(const uint8_t passwd
[16], const uint8_t *c8
, uint8_t p24
[24]);
138 int SMBNTencrypt_hash(const uint8_t nt_hash
[16], const uint8_t *c8
, uint8_t *p24
);
139 int SMBNTencrypt(const char *passwd
, const uint8_t *c8
, uint8_t *p24
);
140 NTSTATUS
SMBOWFencrypt_ntv2(const uint8_t kr
[16],
141 const DATA_BLOB
*srv_chal
,
142 const DATA_BLOB
*smbcli_chal
,
143 uint8_t resp_buf
[16]);
144 NTSTATUS
SMBsesskeygen_ntv2(const uint8_t kr
[16],
145 const uint8_t *nt_resp
,
146 uint8_t sess_key
[16]);
147 void SMBsesskeygen_ntv1(const uint8_t kr
[16], uint8_t sess_key
[16]);
148 NTSTATUS
SMBsesskeygen_lm_sess_key(const uint8_t lm_hash
[16],
149 const uint8_t lm_resp
[24], /* only uses 8 */
150 uint8_t sess_key
[16]);
151 DATA_BLOB
NTLMv2_generate_names_blob(TALLOC_CTX
*mem_ctx
,
152 const char *hostname
,
154 bool SMBNTLMv2encrypt_hash(TALLOC_CTX
*mem_ctx
,
155 const char *user
, const char *domain
, const uint8_t nt_hash
[16],
156 const DATA_BLOB
*server_chal
,
157 const NTTIME
*server_timestamp
,
158 const DATA_BLOB
*names_blob
,
159 DATA_BLOB
*lm_response
, DATA_BLOB
*nt_response
,
160 DATA_BLOB
*lm_session_key
, DATA_BLOB
*user_session_key
) ;
161 bool SMBNTLMv2encrypt(TALLOC_CTX
*mem_ctx
,
162 const char *user
, const char *domain
,
163 const char *password
,
164 const DATA_BLOB
*server_chal
,
165 const DATA_BLOB
*names_blob
,
166 DATA_BLOB
*lm_response
, DATA_BLOB
*nt_response
,
167 DATA_BLOB
*lm_session_key
, DATA_BLOB
*user_session_key
) ;
168 NTSTATUS
NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name
,
169 const char *account_domain
,
170 const DATA_BLOB response
,
171 const struct netlogon_creds_CredentialState
*creds
,
172 const char *workgroup
);
174 /***********************************************************
175 encode a password buffer with a unicode password. The buffer
176 is filled with random data to make it harder to attack.
177 ************************************************************/
178 bool encode_pw_buffer(uint8_t buffer
[516], const char *password
, int string_flags
);
180 /***********************************************************
181 decode a password buffer
182 *new_pw_len is the length in bytes of the possibly mulitbyte
183 returned password including termination.
184 ************************************************************/
185 bool decode_pw_buffer(TALLOC_CTX
*ctx
,
186 uint8_t in_buffer
[516],
189 charset_t string_charset
);
191 /***********************************************************
192 Encode an arc4 password change buffer.
193 ************************************************************/
194 NTSTATUS
encode_rc4_passwd_buffer(const char *passwd
,
195 const DATA_BLOB
*session_key
,
196 struct samr_CryptPasswordEx
*out_crypt_pwd
);
198 /***********************************************************
199 Decode an arc4 encrypted password change buffer.
200 ************************************************************/
201 NTSTATUS
decode_rc4_passwd_buffer(const DATA_BLOB
*psession_key
,
202 struct samr_CryptPasswordEx
*inout_crypt_pwd
);
204 /***********************************************************
205 encode a password buffer with an already unicode password. The
206 rest of the buffer is filled with random data to make it harder to attack.
207 ************************************************************/
208 bool set_pw_in_buffer(uint8_t buffer
[516], const DATA_BLOB
*password
);
210 /***********************************************************
211 decode a password buffer
212 *new_pw_size is the length in bytes of the extracted unicode password
213 ************************************************************/
214 bool extract_pw_from_buffer(TALLOC_CTX
*mem_ctx
,
215 uint8_t in_buffer
[516], DATA_BLOB
*new_pass
);
216 struct wkssvc_PasswordBuffer
;
217 WERROR
encode_wkssvc_join_password_buffer(TALLOC_CTX
*mem_ctx
,
219 DATA_BLOB
*session_key
,
220 struct wkssvc_PasswordBuffer
**pwd_buf
);
221 WERROR
decode_wkssvc_join_password_buffer(TALLOC_CTX
*mem_ctx
,
222 struct wkssvc_PasswordBuffer
*pwd_buf
,
223 DATA_BLOB
*session_key
,
226 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/smbdes.c */
228 int des_crypt56_gnutls(uint8_t out
[8], const uint8_t in
[8], const uint8_t key
[7],
229 enum samba_gnutls_direction encrypt
);
230 int E_P16(const uint8_t *p14
,uint8_t *p16
);
231 int E_P24(const uint8_t *p21
, const uint8_t *c8
, uint8_t *p24
);
232 int E_old_pw_hash( uint8_t *p14
, const uint8_t *in
, uint8_t *out
);
233 int des_crypt128(uint8_t out
[8], const uint8_t in
[8], const uint8_t key
[16]);
234 int des_crypt112(uint8_t out
[8], const uint8_t in
[8], const uint8_t key
[14],
235 enum samba_gnutls_direction encrypt
);
236 int des_crypt112_16(uint8_t out
[16], const uint8_t in
[16], const uint8_t key
[14],
237 enum samba_gnutls_direction encrypt
);
238 int sam_rid_crypt(unsigned int rid
, const uint8_t *in
, uint8_t *out
,
239 enum samba_gnutls_direction encrypt
);
240 #undef _PRINTF_ATTRIBUTE
241 #define _PRINTF_ATTRIBUTE(a1, a2)
