2 Unix SMB/CIFS implementation.
4 code to manipulate domain credentials
6 Copyright (C) Andrew Tridgell 1997-2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "system/time.h"
25 #include "../lib/crypto/crypto.h"
26 #include "libcli/auth/libcli_auth.h"
27 #include "../libcli/security/dom_sid.h"
29 static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState
*creds
,
30 const struct netr_Credential
*in
,
31 struct netr_Credential
*out
)
33 des_crypt112(out
->data
, in
->data
, creds
->session_key
, 1);
37 initialise the credentials state for old-style 64 bit session keys
39 this call is made after the netr_ServerReqChallenge call
41 static void netlogon_creds_init_64bit(struct netlogon_creds_CredentialState
*creds
,
42 const struct netr_Credential
*client_challenge
,
43 const struct netr_Credential
*server_challenge
,
44 const struct samr_Password
*machine_password
)
49 sum
[0] = IVAL(client_challenge
->data
, 0) + IVAL(server_challenge
->data
, 0);
50 sum
[1] = IVAL(client_challenge
->data
, 4) + IVAL(server_challenge
->data
, 4);
55 ZERO_STRUCT(creds
->session_key
);
57 des_crypt128(creds
->session_key
, sum2
, machine_password
->hash
);
61 initialise the credentials state for ADS-style 128 bit session keys
63 this call is made after the netr_ServerReqChallenge call
65 static void netlogon_creds_init_128bit(struct netlogon_creds_CredentialState
*creds
,
66 const struct netr_Credential
*client_challenge
,
67 const struct netr_Credential
*server_challenge
,
68 const struct samr_Password
*machine_password
)
70 unsigned char zero
[4], tmp
[16];
72 struct MD5Context md5
;
74 ZERO_STRUCT(creds
->session_key
);
76 memset(zero
, 0, sizeof(zero
));
78 hmac_md5_init_rfc2104(machine_password
->hash
, sizeof(machine_password
->hash
), &ctx
);
80 MD5Update(&md5
, zero
, sizeof(zero
));
81 MD5Update(&md5
, client_challenge
->data
, 8);
82 MD5Update(&md5
, server_challenge
->data
, 8);
84 hmac_md5_update(tmp
, sizeof(tmp
), &ctx
);
85 hmac_md5_final(creds
->session_key
, &ctx
);
88 static void netlogon_creds_first_step(struct netlogon_creds_CredentialState
*creds
,
89 const struct netr_Credential
*client_challenge
,
90 const struct netr_Credential
*server_challenge
)
92 netlogon_creds_step_crypt(creds
, client_challenge
, &creds
->client
);
94 netlogon_creds_step_crypt(creds
, server_challenge
, &creds
->server
);
96 creds
->seed
= creds
->client
;
100 step the credentials to the next element in the chain, updating the
101 current client and server credentials and the seed
103 static void netlogon_creds_step(struct netlogon_creds_CredentialState
*creds
)
105 struct netr_Credential time_cred
;
107 DEBUG(5,("\tseed %08x:%08x\n",
108 IVAL(creds
->seed
.data
, 0), IVAL(creds
->seed
.data
, 4)));
110 SIVAL(time_cred
.data
, 0, IVAL(creds
->seed
.data
, 0) + creds
->sequence
);
111 SIVAL(time_cred
.data
, 4, IVAL(creds
->seed
.data
, 4));
113 DEBUG(5,("\tseed+time %08x:%08x\n", IVAL(time_cred
.data
, 0), IVAL(time_cred
.data
, 4)));
115 netlogon_creds_step_crypt(creds
, &time_cred
, &creds
->client
);
117 DEBUG(5,("\tCLIENT %08x:%08x\n",
118 IVAL(creds
->client
.data
, 0), IVAL(creds
->client
.data
, 4)));
120 SIVAL(time_cred
.data
, 0, IVAL(creds
->seed
.data
, 0) + creds
->sequence
+ 1);
121 SIVAL(time_cred
.data
, 4, IVAL(creds
->seed
.data
, 4));
123 DEBUG(5,("\tseed+time+1 %08x:%08x\n",
124 IVAL(time_cred
.data
, 0), IVAL(time_cred
.data
, 4)));
126 netlogon_creds_step_crypt(creds
, &time_cred
, &creds
->server
);
128 DEBUG(5,("\tSERVER %08x:%08x\n",
129 IVAL(creds
->server
.data
, 0), IVAL(creds
->server
.data
, 4)));
131 creds
->seed
= time_cred
;
136 DES encrypt a 8 byte LMSessionKey buffer using the Netlogon session key
138 void netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState
*creds
, struct netr_LMSessionKey
*key
)
140 struct netr_LMSessionKey tmp
;
141 des_crypt56(tmp
.key
, key
->key
, creds
->session_key
, 1);
146 DES decrypt a 8 byte LMSessionKey buffer using the Netlogon session key
148 void netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState
*creds
, struct netr_LMSessionKey
*key
)
150 struct netr_LMSessionKey tmp
;
151 des_crypt56(tmp
.key
, key
->key
, creds
->session_key
, 0);
156 DES encrypt a 16 byte password buffer using the session key
158 void netlogon_creds_des_encrypt(struct netlogon_creds_CredentialState
*creds
, struct samr_Password
*pass
)
160 struct samr_Password tmp
;
161 des_crypt112_16(tmp
.hash
, pass
->hash
, creds
->session_key
, 1);
166 DES decrypt a 16 byte password buffer using the session key
168 void netlogon_creds_des_decrypt(struct netlogon_creds_CredentialState
*creds
, struct samr_Password
*pass
)
170 struct samr_Password tmp
;
171 des_crypt112_16(tmp
.hash
, pass
->hash
, creds
->session_key
, 0);
176 ARCFOUR encrypt/decrypt a password buffer using the session key
178 void netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState
*creds
, uint8_t *data
, size_t len
)
180 DATA_BLOB session_key
= data_blob(creds
->session_key
, 16);
182 arcfour_crypt_blob(data
, len
, &session_key
);
184 data_blob_free(&session_key
);
187 /*****************************************************************
188 The above functions are common to the client and server interface
189 next comes the client specific functions
190 ******************************************************************/
193 initialise the credentials chain and return the first client
197 struct netlogon_creds_CredentialState
*netlogon_creds_client_init(TALLOC_CTX
*mem_ctx
,
198 const char *client_account
,
199 const char *client_computer_name
,
200 const struct netr_Credential
*client_challenge
,
201 const struct netr_Credential
*server_challenge
,
202 const struct samr_Password
*machine_password
,
203 struct netr_Credential
*initial_credential
,
204 uint32_t negotiate_flags
)
206 struct netlogon_creds_CredentialState
*creds
= talloc_zero(mem_ctx
, struct netlogon_creds_CredentialState
);
212 creds
->sequence
= time(NULL
);
213 creds
->negotiate_flags
= negotiate_flags
;
215 creds
->computer_name
= talloc_strdup(creds
, client_computer_name
);
216 if (!creds
->computer_name
) {
220 creds
->account_name
= talloc_strdup(creds
, client_account
);
221 if (!creds
->account_name
) {
226 dump_data_pw("Client chall", client_challenge
->data
, sizeof(client_challenge
->data
));
227 dump_data_pw("Server chall", server_challenge
->data
, sizeof(server_challenge
->data
));
228 dump_data_pw("Machine Pass", machine_password
->hash
, sizeof(machine_password
->hash
));
230 if (negotiate_flags
& NETLOGON_NEG_128BIT
) {
231 netlogon_creds_init_128bit(creds
, client_challenge
, server_challenge
, machine_password
);
233 netlogon_creds_init_64bit(creds
, client_challenge
, server_challenge
, machine_password
);
236 netlogon_creds_first_step(creds
, client_challenge
, server_challenge
);
238 dump_data_pw("Session key", creds
->session_key
, 16);
239 dump_data_pw("Credential ", creds
->client
.data
, 8);
241 *initial_credential
= creds
->client
;
246 initialise the credentials structure with only a session key. The caller better know what they are doing!
249 struct netlogon_creds_CredentialState
*netlogon_creds_client_init_session_key(TALLOC_CTX
*mem_ctx
,
250 const uint8_t session_key
[16])
252 struct netlogon_creds_CredentialState
*creds
;
254 creds
= talloc_zero(mem_ctx
, struct netlogon_creds_CredentialState
);
259 memcpy(creds
->session_key
, session_key
, 16);
265 step the credentials to the next element in the chain, updating the
266 current client and server credentials and the seed
268 produce the next authenticator in the sequence ready to send to
271 void netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState
*creds
,
272 struct netr_Authenticator
*next
)
274 creds
->sequence
+= 2;
275 netlogon_creds_step(creds
);
277 next
->cred
= creds
->client
;
278 next
->timestamp
= creds
->sequence
;
282 check that a credentials reply from a server is correct
284 bool netlogon_creds_client_check(struct netlogon_creds_CredentialState
*creds
,
285 const struct netr_Credential
*received_credentials
)
287 if (!received_credentials
||
288 memcmp(received_credentials
->data
, creds
->server
.data
, 8) != 0) {
289 DEBUG(2,("credentials check failed\n"));
296 /*****************************************************************
297 The above functions are common to the client and server interface
298 next comes the server specific functions
299 ******************************************************************/
302 check that a credentials reply from a server is correct
304 static bool netlogon_creds_server_check_internal(const struct netlogon_creds_CredentialState
*creds
,
305 const struct netr_Credential
*received_credentials
)
307 if (memcmp(received_credentials
->data
, creds
->client
.data
, 8) != 0) {
308 DEBUG(2,("credentials check failed\n"));
309 dump_data_pw("client creds", creds
->client
.data
, 8);
310 dump_data_pw("calc creds", received_credentials
->data
, 8);
317 initialise the credentials chain and return the first server
320 struct netlogon_creds_CredentialState
*netlogon_creds_server_init(TALLOC_CTX
*mem_ctx
,
321 const char *client_account
,
322 const char *client_computer_name
,
323 uint16_t secure_channel_type
,
324 const struct netr_Credential
*client_challenge
,
325 const struct netr_Credential
*server_challenge
,
326 const struct samr_Password
*machine_password
,
327 struct netr_Credential
*credentials_in
,
328 struct netr_Credential
*credentials_out
,
329 uint32_t negotiate_flags
)
332 struct netlogon_creds_CredentialState
*creds
= talloc_zero(mem_ctx
, struct netlogon_creds_CredentialState
);
338 creds
->negotiate_flags
= negotiate_flags
;
339 creds
->secure_channel_type
= secure_channel_type
;
341 creds
->computer_name
= talloc_strdup(creds
, client_computer_name
);
342 if (!creds
->computer_name
) {
346 creds
->account_name
= talloc_strdup(creds
, client_account
);
347 if (!creds
->account_name
) {
352 if (negotiate_flags
& NETLOGON_NEG_128BIT
) {
353 netlogon_creds_init_128bit(creds
, client_challenge
, server_challenge
,
356 netlogon_creds_init_64bit(creds
, client_challenge
, server_challenge
,
360 netlogon_creds_first_step(creds
, client_challenge
, server_challenge
);
362 /* And before we leak information about the machine account
363 * password, check that they got the first go right */
364 if (!netlogon_creds_server_check_internal(creds
, credentials_in
)) {
369 *credentials_out
= creds
->server
;
374 NTSTATUS
netlogon_creds_server_step_check(struct netlogon_creds_CredentialState
*creds
,
375 struct netr_Authenticator
*received_authenticator
,
376 struct netr_Authenticator
*return_authenticator
)
378 if (!received_authenticator
|| !return_authenticator
) {
379 return NT_STATUS_INVALID_PARAMETER
;
383 return NT_STATUS_ACCESS_DENIED
;
386 /* TODO: this may allow the a replay attack on a non-signed
387 connection. Should we check that this is increasing? */
388 creds
->sequence
= received_authenticator
->timestamp
;
389 netlogon_creds_step(creds
);
390 if (netlogon_creds_server_check_internal(creds
, &received_authenticator
->cred
)) {
391 return_authenticator
->cred
= creds
->server
;
392 return_authenticator
->timestamp
= creds
->sequence
;
395 ZERO_STRUCTP(return_authenticator
);
396 return NT_STATUS_ACCESS_DENIED
;
400 void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState
*creds
,
401 uint16_t validation_level
,
402 union netr_Validation
*validation
)
404 static const char zeros
[16];
406 struct netr_SamBaseInfo
*base
= NULL
;
407 switch (validation_level
) {
409 if (validation
->sam2
) {
410 base
= &validation
->sam2
->base
;
414 if (validation
->sam3
) {
415 base
= &validation
->sam3
->base
;
419 if (validation
->sam6
) {
420 base
= &validation
->sam6
->base
;
424 /* If we can't find it, we can't very well decrypt it */
432 /* find and decyrpt the session keys, return in parameters above */
433 if (validation_level
== 6) {
434 /* they aren't encrypted! */
435 } else if (creds
->negotiate_flags
& NETLOGON_NEG_ARCFOUR
) {
436 if (memcmp(base
->key
.key
, zeros
,
437 sizeof(base
->key
.key
)) != 0) {
438 netlogon_creds_arcfour_crypt(creds
,
440 sizeof(base
->key
.key
));
443 if (memcmp(base
->LMSessKey
.key
, zeros
,
444 sizeof(base
->LMSessKey
.key
)) != 0) {
445 netlogon_creds_arcfour_crypt(creds
,
447 sizeof(base
->LMSessKey
.key
));
450 if (memcmp(base
->LMSessKey
.key
, zeros
,
451 sizeof(base
->LMSessKey
.key
)) != 0) {
452 netlogon_creds_des_decrypt_LMKey(creds
,
459 copy a netlogon_creds_CredentialState struct
462 struct netlogon_creds_CredentialState
*netlogon_creds_copy(TALLOC_CTX
*mem_ctx
,
463 struct netlogon_creds_CredentialState
*creds_in
)
465 struct netlogon_creds_CredentialState
*creds
= talloc_zero(mem_ctx
, struct netlogon_creds_CredentialState
);
471 creds
->sequence
= creds_in
->sequence
;
472 creds
->negotiate_flags
= creds_in
->negotiate_flags
;
473 creds
->secure_channel_type
= creds_in
->secure_channel_type
;
475 creds
->computer_name
= talloc_strdup(creds
, creds_in
->computer_name
);
476 if (!creds
->computer_name
) {
480 creds
->account_name
= talloc_strdup(creds
, creds_in
->account_name
);
481 if (!creds
->account_name
) {
487 creds
->sid
= dom_sid_dup(creds
, creds_in
->sid
);
494 memcpy(creds
->session_key
, creds_in
->session_key
, sizeof(creds
->session_key
));
495 memcpy(creds
->seed
.data
, creds_in
->seed
.data
, sizeof(creds
->seed
.data
));
496 memcpy(creds
->client
.data
, creds_in
->client
.data
, sizeof(creds
->client
.data
));
497 memcpy(creds
->server
.data
, creds_in
->server
.data
, sizeof(creds
->server
.data
));