Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
fd1df784
Commit
fd1df784
authored
Jun 26, 2003
by
Steve French
Committed by
Steve French
Jun 26, 2003
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Signing fixes part 1
parent
1b546146
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
94 additions
and
29 deletions
+94
-29
fs/cifs/cifs_unicode.c
fs/cifs/cifs_unicode.c
+1
-1
fs/cifs/smbdes.c
fs/cifs/smbdes.c
+1
-1
fs/cifs/smbencrypt.c
fs/cifs/smbencrypt.c
+92
-27
No files found.
fs/cifs/cifs_unicode.c
View file @
fd1df784
...
@@ -34,7 +34,7 @@
...
@@ -34,7 +34,7 @@
void
void
toUpper
(
const
struct
nls_table
*
n
,
char
*
mixed_string
)
toUpper
(
const
struct
nls_table
*
n
,
char
*
mixed_string
)
{
{
int
i
;
unsigned
int
i
;
char
temp
;
char
temp
;
for
(
i
=
0
;
i
<
strlen
(
mixed_string
);
i
++
)
{
for
(
i
=
0
;
i
<
strlen
(
mixed_string
);
i
++
)
{
...
...
fs/cifs/smbdes.c
View file @
fd1df784
...
@@ -399,7 +399,7 @@ SamOEMhash(unsigned char *data, unsigned char *key, int val)
...
@@ -399,7 +399,7 @@ SamOEMhash(unsigned char *data, unsigned char *key, int val)
s_box
[
ind
]
=
s_box
[
j
];
s_box
[
ind
]
=
s_box
[
j
];
s_box
[
j
]
=
tc
;
s_box
[
j
]
=
tc
;
}
}
for
(
ind
=
0
;
ind
<
(
val
?
516
:
16
)
;
ind
++
)
{
for
(
ind
=
0
;
ind
<
val
;
ind
++
)
{
unsigned
char
tc
;
unsigned
char
tc
;
unsigned
char
t
;
unsigned
char
t
;
...
...
fs/cifs/smbencrypt.c
View file @
fd1df784
...
@@ -5,7 +5,8 @@
...
@@ -5,7 +5,8 @@
Copyright (C) Andrew Tridgell 1992-2000
Copyright (C) Andrew Tridgell 1992-2000
Copyright (C) Luke Kenneth Casson Leighton 1996-2000
Copyright (C) Luke Kenneth Casson Leighton 1996-2000
Modified by Jeremy Allison 1995.
Modified by Jeremy Allison 1995.
Modified by Steve French (sfrench@us.ibm.com) 2002
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
Modified by Steve French (sfrench@us.ibm.com) 2002-2003
This program is free software; you can redistribute it and/or modify
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
it under the terms of the GNU General Public License as published by
...
@@ -104,6 +105,8 @@ SMBencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
...
@@ -104,6 +105,8 @@ SMBencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
dump_data
(
100
,
(
char
*
)
c8
,
8
);
dump_data
(
100
,
(
char
*
)
c8
,
8
);
dump_data
(
100
,
(
char
*
)
p24
,
24
);
dump_data
(
100
,
(
char
*
)
p24
,
24
);
#endif
#endif
memset
(
p14
,
0
,
15
);
memset
(
p21
,
0
,
21
);
}
}
/* Routines for Windows NT MD4 Hash functions. */
/* Routines for Windows NT MD4 Hash functions. */
...
@@ -161,6 +164,7 @@ E_md4hash(const unsigned char *passwd, unsigned char *p16)
...
@@ -161,6 +164,7 @@ E_md4hash(const unsigned char *passwd, unsigned char *p16)
len
=
_my_wcslen
(
wpwd
)
*
sizeof
(
__u16
);
len
=
_my_wcslen
(
wpwd
)
*
sizeof
(
__u16
);
mdfour
(
p16
,
(
unsigned
char
*
)
wpwd
,
len
);
mdfour
(
p16
,
(
unsigned
char
*
)
wpwd
,
len
);
memset
(
wpwd
,
0
,
129
*
2
);
}
}
/* Does both the NT and LM owfs of a user's password */
/* Does both the NT and LM owfs of a user's password */
...
@@ -222,7 +226,7 @@ ntv2_owf_gen(const unsigned char owf[16], const char *user_n,
...
@@ -222,7 +226,7 @@ ntv2_owf_gen(const unsigned char owf[16], const char *user_n,
/* push_ucs2(NULL, user_u, user_n, (user_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER);
/* push_ucs2(NULL, user_u, user_n, (user_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER);
push_ucs2(NULL, dom_u, domain_n, (domain_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER); */
push_ucs2(NULL, dom_u, domain_n, (domain_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER); */
/*
do not think it is suppos
ed to be uppercased */
/*
BB user and domain may ne
ed to be uppercased */
user_l
=
cifs_strtoUCS
(
user_u
,
user_n
,
511
,
nls_codepage
);
user_l
=
cifs_strtoUCS
(
user_u
,
user_n
,
511
,
nls_codepage
);
domain_l
=
cifs_strtoUCS
(
dom_u
,
domain_n
,
511
,
nls_codepage
);
domain_l
=
cifs_strtoUCS
(
dom_u
,
domain_n
,
511
,
nls_codepage
);
...
@@ -297,8 +301,52 @@ SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
...
@@ -297,8 +301,52 @@ SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
#endif
#endif
}
}
int
/* Does the md5 encryption from the NT hash for NTLMv2. */
make_oem_passwd_hash
(
char
data
[
516
],
const
char
*
passwd
,
void
SMBOWFencrypt_ntv2
(
const
unsigned
char
kr
[
16
],
const
struct
data_blob
*
srv_chal
,
const
struct
data_blob
*
cli_chal
,
unsigned
char
resp_buf
[
16
])
{
struct
HMACMD5Context
ctx
;
hmac_md5_init_limK_to_64
(
kr
,
16
,
&
ctx
);
hmac_md5_update
(
srv_chal
->
data
,
srv_chal
->
length
,
&
ctx
);
hmac_md5_update
(
cli_chal
->
data
,
cli_chal
->
length
,
&
ctx
);
hmac_md5_final
(
resp_buf
,
&
ctx
);
#ifdef DEBUG_PASSWORD
DEBUG
(
100
,
(
"SMBOWFencrypt_ntv2: srv_chal, cli_chal, resp_buf
\n
"
));
dump_data
(
100
,
srv_chal
->
data
,
srv_chal
->
length
);
dump_data
(
100
,
cli_chal
->
data
,
cli_chal
->
length
);
dump_data
(
100
,
resp_buf
,
16
);
#endif
}
static
struct
data_blob
LMv2_generate_response
(
const
unsigned
char
ntlm_v2_hash
[
16
],
const
struct
data_blob
*
server_chal
)
{
unsigned
char
lmv2_response
[
16
];
struct
data_blob
lmv2_client_data
/* = data_blob(NULL, 8)*/
;
/* BB Fix BB */
struct
data_blob
final_response
/* = data_blob(NULL, 24)*/
;
/* BB Fix BB */
/* LMv2 */
/* client-supplied random data */
get_random_bytes
(
lmv2_client_data
.
data
,
lmv2_client_data
.
length
);
/* Given that data, and the challenge from the server, generate a response */
SMBOWFencrypt_ntv2
(
ntlm_v2_hash
,
server_chal
,
&
lmv2_client_data
,
lmv2_response
);
memcpy
(
final_response
.
data
,
lmv2_response
,
sizeof
(
lmv2_response
));
/* after the first 16 bytes is the random data we generated above,
so the server can verify us with it */
memcpy
(
final_response
.
data
+
sizeof
(
lmv2_response
),
lmv2_client_data
.
data
,
lmv2_client_data
.
length
);
/* data_blob_free(&lmv2_client_data); */
/* BB fix BB */
return
final_response
;
}
int
make_oem_passwd_hash
(
char
data
[
516
],
const
char
*
passwd
,
unsigned
char
old_pw_hash
[
16
],
int
unicode
)
unsigned
char
old_pw_hash
[
16
],
int
unicode
)
{
{
int
new_pw_len
=
strlen
(
passwd
)
*
(
unicode
?
2
:
1
);
int
new_pw_len
=
strlen
(
passwd
)
*
(
unicode
?
2
:
1
);
...
@@ -333,32 +381,11 @@ make_oem_passwd_hash(char data[516], const char *passwd,
...
@@ -333,32 +381,11 @@ make_oem_passwd_hash(char data[516], const char *passwd,
DEBUG
(
100
,
(
"make_oem_passwd_hash
\n
"
));
DEBUG
(
100
,
(
"make_oem_passwd_hash
\n
"
));
dump_data
(
100
,
data
,
516
);
dump_data
(
100
,
data
,
516
);
#endif
#endif
SamOEMhash
((
unsigned
char
*
)
data
,
(
unsigned
char
*
)
old_pw_hash
,
TRUE
);
SamOEMhash
((
unsigned
char
*
)
data
,
(
unsigned
char
*
)
old_pw_hash
,
516
);
return
TRUE
;
return
TRUE
;
}
}
/* Does the md5 encryption from the NT hash for NTLMv2. */
void
SMBOWFencrypt_ntv2
(
const
unsigned
char
kr
[
16
],
const
struct
data_blob
srv_chal
,
const
struct
data_blob
cli_chal
,
unsigned
char
resp_buf
[
16
])
{
struct
HMACMD5Context
ctx
;
hmac_md5_init_limK_to_64
(
kr
,
16
,
&
ctx
);
hmac_md5_update
(
srv_chal
.
data
,
srv_chal
.
length
,
&
ctx
);
hmac_md5_update
(
cli_chal
.
data
,
cli_chal
.
length
,
&
ctx
);
hmac_md5_final
(
resp_buf
,
&
ctx
);
#ifdef DEBUG_PASSWORD
DEBUG
(
100
,
(
"SMBOWFencrypt_ntv2: srv_chal, cli_chal, resp_buf
\n
"
));
dump_data
(
100
,
srv_chal
.
data
,
srv_chal
.
length
);
dump_data
(
100
,
cli_chal
.
data
,
cli_chal
.
length
);
dump_data
(
100
,
resp_buf
,
16
);
#endif
}
void
void
SMBsesskeygen_ntv2
(
const
unsigned
char
kr
[
16
],
SMBsesskeygen_ntv2
(
const
unsigned
char
kr
[
16
],
const
unsigned
char
*
nt_resp
,
__u8
sess_key
[
16
])
const
unsigned
char
*
nt_resp
,
__u8
sess_key
[
16
])
...
@@ -407,6 +434,44 @@ encode_pw_buffer(char buffer[516], char *new_pw, int new_pw_length)
...
@@ -407,6 +434,44 @@ encode_pw_buffer(char buffer[516], char *new_pw, int new_pw_length)
return
TRUE
;
return
TRUE
;
}
}
int
SMBNTLMv2encrypt
(
const
char
*
user
,
const
char
*
domain
,
const
char
*
password
,
const
struct
data_blob
*
server_chal
,
const
struct
data_blob
*
names_blob
,
struct
data_blob
*
lm_response
,
struct
data_blob
*
nt_response
,
struct
data_blob
*
nt_session_key
,
struct
nls_table
*
nls_codepage
)
{
unsigned
char
nt_hash
[
16
];
unsigned
char
ntlm_v2_hash
[
16
];
E_md4hash
(
password
,
nt_hash
);
/* We don't use the NT# directly. Instead we use it mashed up with
the username and domain.
This prevents username swapping during the auth exchange
*/
ntv2_owf_gen
(
nt_hash
,
user
,
domain
,
ntlm_v2_hash
,
nls_codepage
);
if
(
nt_response
)
{
/* *nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal,
names_blob); */
/* BB fix BB */
if
(
nt_session_key
)
{
/* *nt_session_key = data_blob(NULL, 16); */
/* BB fix BB */
/* The NTLMv2 calculations also provide a session key, for signing etc later */
/* use only the first 16 bytes of nt_response for session key */
SMBsesskeygen_ntv2
(
ntlm_v2_hash
,
nt_response
->
data
,
nt_session_key
->
data
);
}
}
/* LMv2 */
if
(
lm_response
)
{
*
lm_response
=
LMv2_generate_response
(
ntlm_v2_hash
,
server_chal
);
}
return
TRUE
;
}
/***********************************************************
/***********************************************************
SMB signing - setup the MAC key.
SMB signing - setup the MAC key.
************************************************************/
************************************************************/
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment