search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r15834: fixed a memory leak in the session code
[Samba/aatanasov.git] / source4 / libcli / auth / session.c
blob280a0d282c072830ab44486798b234cde9f070f0
1 /*
2 Unix SMB/CIFS implementation.
3
4 code to encrypt/decrypt data using the user session key
5
6 Copyright (C) Andrew Tridgell 2004
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include "includes.h"
24 #include "libcli/auth/libcli_auth.h"
25
26 /*
27 encrypt or decrypt a blob of data using the user session key
28 as used in lsa_SetSecret
29
30 before calling, the out blob must be initialised to be the same size
31 as the in blob
32 */
33 void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key,
34 BOOL forward)
35 {
36 int i, k;
37
38 for (i=0,k=0;
39 i<in->length;
40 i += 8, k += 7) {
41 uint8_t bin[8], bout[8], key[7];
42
43 memset(bin, 0, 8);
44 memcpy(bin, &in->data[i], MIN(8, in->length-i));
45
46 if (k + 7 > session_key->length) {
47 k = (session_key->length - k);
48 }
49 memcpy(key, &session_key->data[k], 7);
50
51 des_crypt56(bout, bin, key, forward?1:0);
52
53 memcpy(&out->data[i], bout, MIN(8, in->length-i));
54 }
55 }
56
57
58 /*
59 a convenient wrapper around sess_crypt_blob() for strings, using the LSA convention
60
61 note that we round the length to a multiple of 8. This seems to be needed for
62 compatibility with windows
63
64 caller should free using data_blob_free()
65 */
66 DATA_BLOB sess_encrypt_string(const char *str, const DATA_BLOB *session_key)
67 {
68 DATA_BLOB ret, src;
69 int slen = strlen(str);
70 int dlen = (slen+7) & ~7;
71
72 src = data_blob(NULL, 8+dlen);
73 if (!src.data) {
74 return data_blob(NULL, 0);
75 }
76
77 ret = data_blob(NULL, 8+dlen);
78 if (!ret.data) {
79 data_blob_free(&src);
80 return data_blob(NULL, 0);
81 }
82
83 SIVAL(src.data, 0, slen);
84 SIVAL(src.data, 4, 1);
85 memset(src.data+8, 0, dlen);
86 memcpy(src.data+8, str, slen);
87
88 sess_crypt_blob(&ret, &src, session_key, True);
89
90 data_blob_free(&src);
91
92 return ret;
93 }
94
95 /*
96 a convenient wrapper around sess_crypt_blob() for strings, using the LSA convention
97
98 caller should free the returned string
99 */
100 char *sess_decrypt_string(DATA_BLOB *blob, const DATA_BLOB *session_key)
101 {
102 DATA_BLOB out;
103 int slen;
104 char *ret;
105
106 if (blob->length < 8) {
107 return NULL;
108 }
109
110 out = data_blob(NULL, blob->length);
111 if (!out.data) {
112 return NULL;
113 }
114
115 sess_crypt_blob(&out, blob, session_key, False);
116
117 if (IVAL(out.data, 4) != 1) {
118 DEBUG(0,("Unexpected revision number %d in session crypted string\n",
119 IVAL(out.data, 4)));
120 return NULL;
121 }
122
123 slen = IVAL(out.data, 0);
124 if (slen > blob->length - 8) {
125 DEBUG(0,("Invalid crypt length %d\n", slen));
126 return NULL;
127 }
128
129 ret = strndup((const char *)(out.data+8), slen);
130
131 data_blob_free(&out);
132
133 return ret;
134 }
135
136 /*
137 a convenient wrapper around sess_crypt_blob() for DATA_BLOBs, using the LSA convention
138
139 note that we round the length to a multiple of 8. This seems to be needed for
140 compatibility with windows
141
142 caller should free using data_blob_free()
143 */
144 DATA_BLOB sess_encrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob_in, const DATA_BLOB *session_key)
145 {
146 DATA_BLOB ret, src;
147 int dlen = (blob_in->length+7) & ~7;
148
149 src = data_blob_talloc(mem_ctx, NULL, 8+dlen);
150 if (!src.data) {
151 return data_blob(NULL, 0);
152 }
153
154 ret = data_blob_talloc(mem_ctx, NULL, 8+dlen);
155 if (!ret.data) {
156 data_blob_free(&src);
157 return data_blob(NULL, 0);
158 }
159
160 SIVAL(src.data, 0, blob_in->length);
161 SIVAL(src.data, 4, 1);
162 memset(src.data+8, 0, dlen);
163 memcpy(src.data+8, blob_in->data, blob_in->length);
164
165 sess_crypt_blob(&ret, &src, session_key, True);
166
167 data_blob_free(&src);
168
169 return ret;
170 }
171
172 /*
173 Decrypt a DATA_BLOB using the LSA convention
174 */
175 NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DATA_BLOB *session_key,
176 DATA_BLOB *ret)
177 {
178 DATA_BLOB out;
179 int slen;
180
181 if (blob->length < 8) {
182 DEBUG(0, ("Unexpected length %d in session crypted secret (BLOB)\n",
183 (int)blob->length));
184 return NT_STATUS_INVALID_PARAMETER;
185 }
186
187 out = data_blob_talloc(mem_ctx, NULL, blob->length);
188 if (!out.data) {
189 return NT_STATUS_NO_MEMORY;
190 }
191
192 sess_crypt_blob(&out, blob, session_key, False);
193
194 if (IVAL(out.data, 4) != 1) {
195 DEBUG(2,("Unexpected revision number %d in session crypted secret (BLOB)\n",
196 IVAL(out.data, 4)));
197 return NT_STATUS_UNKNOWN_REVISION;
198 }
199
200 slen = IVAL(out.data, 0);
201 if (slen > blob->length - 8) {
202 DEBUG(0,("Invalid crypt length %d in session crypted secret (BLOB)\n", slen));
203 return NT_STATUS_WRONG_PASSWORD;
204 }
205
206 *ret = data_blob_talloc(mem_ctx, out.data+8, slen);
207 if (slen && !ret->data) {
208 return NT_STATUS_NO_MEMORY;
209 }
210
211 data_blob_free(&out);
212
213 return NT_STATUS_OK;
214 }
aatanasov's samba4 branch