source4/auth/ntlm/auth_util.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Authentication utility functions
   4    Copyright (C) Andrew Tridgell 1992-1998
   5    Copyright (C) Andrew Bartlett 2001
   6    Copyright (C) Jeremy Allison 2000-2001
   7    Copyright (C) Rafal Szczesniak 2002
   8    Copyright (C) Stefan Metzmacher 2005
   9
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License as published by
  12    the Free Software Foundation; either version 3 of the License, or
  13    (at your option) any later version.
  14
  15    This program is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU General Public License for more details.
  19
  20    You should have received a copy of the GNU General Public License
  21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22 */
  23
  24 #include "includes.h"
  25 #include "auth/auth.h"
  26 #include "libcli/auth/libcli_auth.h"
  27 #include "param/param.h"
  28
  29 /* this default function can be used by mostly all backends
  30  * which don't want to set a challenge
  31  */
  32 NTSTATUS auth_get_challenge_not_implemented(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, uint8_t chal[8])
  33 {
  34         /* we don't want to set a challenge */
  35         return NT_STATUS_NOT_IMPLEMENTED;
  36 }
  37
  38 /****************************************************************************
  39  Create an auth_usersupplied_data structure after appropriate mapping.
  40 ****************************************************************************/
  41
  42 NTSTATUS map_user_info(TALLOC_CTX *mem_ctx,
  43                        const char *default_domain,
  44                        const struct auth_usersupplied_info *user_info,
  45                        struct auth_usersupplied_info **user_info_mapped)
  46 {
  47         const char *domain;
  48         char *account_name;
  49         char *d;
  50         DEBUG(5,("map_user_info: Mapping user [%s]\\[%s] from workstation [%s]\n",
  51                 user_info->client.domain_name, user_info->client.account_name, user_info->workstation_name));
  52
  53         account_name = talloc_strdup(mem_ctx, user_info->client.account_name);
  54         if (!account_name) {
  55                 return NT_STATUS_NO_MEMORY;
  56         }
  57
  58         /* don't allow "" as a domain, fixes a Win9X bug
  59            where it doesn't supply a domain for logon script
  60            'net use' commands.                                 */
  61
  62         /* Split user@realm names into user and realm components.  This is TODO to fix with proper userprincipalname support */
  63         if (user_info->client.domain_name && *user_info->client.domain_name) {
  64                 domain = user_info->client.domain_name;
  65         } else if (strchr_m(user_info->client.account_name, '@')) {
  66                 d = strchr_m(account_name, '@');
  67                 if (!d) {
  68                         return NT_STATUS_INTERNAL_ERROR;
  69                 }
  70                 d[0] = '\0';
  71                 d++;
  72                 domain = d;
  73         } else {
  74                 domain = default_domain;
  75         }
  76
  77         *user_info_mapped = talloc_zero(mem_ctx, struct auth_usersupplied_info);
  78         if (!*user_info_mapped) {
  79                 return NT_STATUS_NO_MEMORY;
  80         }
  81         if (!talloc_reference(*user_info_mapped, user_info)) {
  82                 return NT_STATUS_NO_MEMORY;
  83         }
  84         **user_info_mapped = *user_info;
  85         (*user_info_mapped)->mapped_state = true;
  86         (*user_info_mapped)->mapped.domain_name = talloc_strdup(*user_info_mapped, domain);
  87         (*user_info_mapped)->mapped.account_name = talloc_strdup(*user_info_mapped, account_name);
  88         talloc_free(account_name);
  89         if (!(*user_info_mapped)->mapped.domain_name
  90             || !(*user_info_mapped)->mapped.account_name) {
  91                 return NT_STATUS_NO_MEMORY;
  92         }
  93
  94         return NT_STATUS_OK;
  95 }
  96
  97 /****************************************************************************
  98  Create an auth_usersupplied_data structure after appropriate mapping.
  99 ****************************************************************************/
 100
 101 NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_context,
 102                            enum auth_password_state to_state,
 103                            const struct auth_usersupplied_info *user_info_in,
 104                            const struct auth_usersupplied_info **user_info_encrypted)
 105 {
 106         NTSTATUS nt_status;
 107         struct auth_usersupplied_info *user_info_temp;
 108         switch (to_state) {
 109         case AUTH_PASSWORD_RESPONSE:
 110                 switch (user_info_in->password_state) {
 111                 case AUTH_PASSWORD_PLAIN:
 112                 {
 113                         const struct auth_usersupplied_info *user_info_temp2;
 114                         nt_status = encrypt_user_info(mem_ctx, auth_context,
 115                                                       AUTH_PASSWORD_HASH,
 116                                                       user_info_in, &user_info_temp2);
 117                         if (!NT_STATUS_IS_OK(nt_status)) {
 118                                 return nt_status;
 119                         }
 120                         user_info_in = user_info_temp2;
 121                         /* fall through */
 122                 }
 123                 case AUTH_PASSWORD_HASH:
 124                 {
 125                         uint8_t chal[8];
 126                         DATA_BLOB chall_blob;
 127                         user_info_temp = talloc_zero(mem_ctx, struct auth_usersupplied_info);
 128                         if (!user_info_temp) {
 129                                 return NT_STATUS_NO_MEMORY;
 130                         }
 131                         if (!talloc_reference(user_info_temp, user_info_in)) {
 132                                 return NT_STATUS_NO_MEMORY;
 133                         }
 134                         *user_info_temp = *user_info_in;
 135                         user_info_temp->mapped_state = to_state;
 136
 137                         nt_status = auth_get_challenge(auth_context, chal);
 138                         if (!NT_STATUS_IS_OK(nt_status)) {
 139                                 return nt_status;
 140                         }
 141
 142                         chall_blob = data_blob_talloc(mem_ctx, chal, 8);
 143                         if (lpcfg_client_ntlmv2_auth(auth_context->lp_ctx)) {
 144                                 DATA_BLOB names_blob = NTLMv2_generate_names_blob(mem_ctx,  lpcfg_netbios_name(auth_context->lp_ctx), lpcfg_workgroup(auth_context->lp_ctx));
 145                                 DATA_BLOB lmv2_response, ntlmv2_response, lmv2_session_key, ntlmv2_session_key;
 146
 147                                 if (!SMBNTLMv2encrypt_hash(user_info_temp,
 148                                                            user_info_in->client.account_name,
 149                                                            user_info_in->client.domain_name,
 150                                                            user_info_in->password.hash.nt->hash, &chall_blob,
 151                                                            &names_blob,
 152                                                            &lmv2_response, &ntlmv2_response,
 153                                                            &lmv2_session_key, &ntlmv2_session_key)) {
 154                                         data_blob_free(&names_blob);
 155                                         return NT_STATUS_NO_MEMORY;
 156                                 }
 157                                 data_blob_free(&names_blob);
 158                                 user_info_temp->password.response.lanman = lmv2_response;
 159                                 user_info_temp->password.response.nt = ntlmv2_response;
 160
 161                                 data_blob_free(&lmv2_session_key);
 162                                 data_blob_free(&ntlmv2_session_key);
 163                         } else {
 164                                 DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, 24);
 165                                 SMBOWFencrypt(user_info_in->password.hash.nt->hash, chal, blob.data);
 166
 167                                 user_info_temp->password.response.nt = blob;
 168                                 if (lpcfg_client_lanman_auth(auth_context->lp_ctx) && user_info_in->password.hash.lanman) {
 169                                         DATA_BLOB lm_blob = data_blob_talloc(mem_ctx, NULL, 24);
 170                                         SMBOWFencrypt(user_info_in->password.hash.lanman->hash, chal, blob.data);
 171                                         user_info_temp->password.response.lanman = lm_blob;
 172                                 } else {
 173                                         /* if not sending the LM password, send the NT password twice */
 174                                         user_info_temp->password.response.lanman = user_info_temp->password.response.nt;
 175                                 }
 176                         }
 177
 178                         user_info_in = user_info_temp;
 179                         /* fall through */
 180                 }
 181                 case AUTH_PASSWORD_RESPONSE:
 182                         *user_info_encrypted = user_info_in;
 183                 }
 184                 break;
 185         case AUTH_PASSWORD_HASH:
 186         {
 187                 switch (user_info_in->password_state) {
 188                 case AUTH_PASSWORD_PLAIN:
 189                 {
 190                         struct samr_Password lanman;
 191                         struct samr_Password nt;
 192
 193                         user_info_temp = talloc_zero(mem_ctx, struct auth_usersupplied_info);
 194                         if (!user_info_temp) {
 195                                 return NT_STATUS_NO_MEMORY;
 196                         }
 197                         if (!talloc_reference(user_info_temp, user_info_in)) {
 198                                 return NT_STATUS_NO_MEMORY;
 199                         }
 200                         *user_info_temp = *user_info_in;
 201                         user_info_temp->mapped_state = to_state;
 202
 203                         if (E_deshash(user_info_in->password.plaintext, lanman.hash)) {
 204                                 user_info_temp->password.hash.lanman = talloc(user_info_temp,
 205                                                                               struct samr_Password);
 206                                 *user_info_temp->password.hash.lanman = lanman;
 207                         } else {
 208                                 user_info_temp->password.hash.lanman = NULL;
 209                         }
 210
 211                         E_md4hash(user_info_in->password.plaintext, nt.hash);
 212                         user_info_temp->password.hash.nt = talloc(user_info_temp,
 213                                                                    struct samr_Password);
 214                         *user_info_temp->password.hash.nt = nt;
 215
 216                         user_info_in = user_info_temp;
 217                         /* fall through */
 218                 }
 219                 case AUTH_PASSWORD_HASH:
 220                         *user_info_encrypted = user_info_in;
 221                         break;
 222                 default:
 223                         return NT_STATUS_INVALID_PARAMETER;
 224                         break;
 225                 }
 226                 break;
 227         }
 228         default:
 229                 return NT_STATUS_INVALID_PARAMETER;
 230         }
 231
 232         return NT_STATUS_OK;
 233 }