Commit fd1df784 authored by Steve French's avatar Steve French Committed by Steve French

Signing fixes part 1

parent 1b546146
...@@ -34,7 +34,7 @@ ...@@ -34,7 +34,7 @@
void void
toUpper(const struct nls_table *n, char *mixed_string) toUpper(const struct nls_table *n, char *mixed_string)
{ {
int i; unsigned int i;
char temp; char temp;
for (i = 0; i < strlen(mixed_string); i++) { for (i = 0; i < strlen(mixed_string); i++) {
......
...@@ -399,7 +399,7 @@ SamOEMhash(unsigned char *data, unsigned char *key, int val) ...@@ -399,7 +399,7 @@ SamOEMhash(unsigned char *data, unsigned char *key, int val)
s_box[ind] = s_box[j]; s_box[ind] = s_box[j];
s_box[j] = tc; s_box[j] = tc;
} }
for (ind = 0; ind < (val ? 516 : 16); ind++) { for (ind = 0; ind < val; ind++) {
unsigned char tc; unsigned char tc;
unsigned char t; unsigned char t;
......
...@@ -5,7 +5,8 @@ ...@@ -5,7 +5,8 @@
Copyright (C) Andrew Tridgell 1992-2000 Copyright (C) Andrew Tridgell 1992-2000
Copyright (C) Luke Kenneth Casson Leighton 1996-2000 Copyright (C) Luke Kenneth Casson Leighton 1996-2000
Modified by Jeremy Allison 1995. Modified by Jeremy Allison 1995.
Modified by Steve French (sfrench@us.ibm.com) 2002 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
Modified by Steve French (sfrench@us.ibm.com) 2002-2003
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
...@@ -104,6 +105,8 @@ SMBencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24) ...@@ -104,6 +105,8 @@ SMBencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
dump_data(100, (char *) c8, 8); dump_data(100, (char *) c8, 8);
dump_data(100, (char *) p24, 24); dump_data(100, (char *) p24, 24);
#endif #endif
memset(p14,0,15);
memset(p21,0,21);
} }
/* Routines for Windows NT MD4 Hash functions. */ /* Routines for Windows NT MD4 Hash functions. */
...@@ -161,6 +164,7 @@ E_md4hash(const unsigned char *passwd, unsigned char *p16) ...@@ -161,6 +164,7 @@ E_md4hash(const unsigned char *passwd, unsigned char *p16)
len = _my_wcslen(wpwd) * sizeof (__u16); len = _my_wcslen(wpwd) * sizeof (__u16);
mdfour(p16, (unsigned char *) wpwd, len); mdfour(p16, (unsigned char *) wpwd, len);
memset(wpwd,0,129 * 2);
} }
/* Does both the NT and LM owfs of a user's password */ /* Does both the NT and LM owfs of a user's password */
...@@ -222,7 +226,7 @@ ntv2_owf_gen(const unsigned char owf[16], const char *user_n, ...@@ -222,7 +226,7 @@ ntv2_owf_gen(const unsigned char owf[16], const char *user_n,
/* push_ucs2(NULL, user_u, user_n, (user_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER); /* push_ucs2(NULL, user_u, user_n, (user_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER);
push_ucs2(NULL, dom_u, domain_n, (domain_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER); */ push_ucs2(NULL, dom_u, domain_n, (domain_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER); */
/* do not think it is supposed to be uppercased */ /* BB user and domain may need to be uppercased */
user_l = cifs_strtoUCS(user_u, user_n, 511, nls_codepage); user_l = cifs_strtoUCS(user_u, user_n, 511, nls_codepage);
domain_l = cifs_strtoUCS(dom_u, domain_n, 511, nls_codepage); domain_l = cifs_strtoUCS(dom_u, domain_n, 511, nls_codepage);
...@@ -297,8 +301,52 @@ SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24) ...@@ -297,8 +301,52 @@ SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
#endif #endif
} }
int /* Does the md5 encryption from the NT hash for NTLMv2. */
make_oem_passwd_hash(char data[516], const char *passwd, void
SMBOWFencrypt_ntv2(const unsigned char kr[16],
const struct data_blob * srv_chal,
const struct data_blob * cli_chal, unsigned char resp_buf[16])
{
struct HMACMD5Context ctx;
hmac_md5_init_limK_to_64(kr, 16, &ctx);
hmac_md5_update(srv_chal->data, srv_chal->length, &ctx);
hmac_md5_update(cli_chal->data, cli_chal->length, &ctx);
hmac_md5_final(resp_buf, &ctx);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("SMBOWFencrypt_ntv2: srv_chal, cli_chal, resp_buf\n"));
dump_data(100, srv_chal->data, srv_chal->length);
dump_data(100, cli_chal->data, cli_chal->length);
dump_data(100, resp_buf, 16);
#endif
}
static struct data_blob LMv2_generate_response(const unsigned char ntlm_v2_hash[16],
const struct data_blob * server_chal)
{
unsigned char lmv2_response[16];
struct data_blob lmv2_client_data/* = data_blob(NULL, 8)*/; /* BB Fix BB */
struct data_blob final_response /* = data_blob(NULL, 24)*/; /* BB Fix BB */
/* LMv2 */
/* client-supplied random data */
get_random_bytes(lmv2_client_data.data, lmv2_client_data.length);
/* Given that data, and the challenge from the server, generate a response */
SMBOWFencrypt_ntv2(ntlm_v2_hash, server_chal, &lmv2_client_data, lmv2_response);
memcpy(final_response.data, lmv2_response, sizeof(lmv2_response));
/* after the first 16 bytes is the random data we generated above,
so the server can verify us with it */
memcpy(final_response.data+sizeof(lmv2_response),
lmv2_client_data.data, lmv2_client_data.length);
/* data_blob_free(&lmv2_client_data); */ /* BB fix BB */
return final_response;
}
int make_oem_passwd_hash(char data[516], const char *passwd,
unsigned char old_pw_hash[16], int unicode) unsigned char old_pw_hash[16], int unicode)
{ {
int new_pw_len = strlen(passwd) * (unicode ? 2 : 1); int new_pw_len = strlen(passwd) * (unicode ? 2 : 1);
...@@ -333,32 +381,11 @@ make_oem_passwd_hash(char data[516], const char *passwd, ...@@ -333,32 +381,11 @@ make_oem_passwd_hash(char data[516], const char *passwd,
DEBUG(100, ("make_oem_passwd_hash\n")); DEBUG(100, ("make_oem_passwd_hash\n"));
dump_data(100, data, 516); dump_data(100, data, 516);
#endif #endif
SamOEMhash((unsigned char *) data, (unsigned char *) old_pw_hash, TRUE); SamOEMhash((unsigned char *) data, (unsigned char *) old_pw_hash, 516);
return TRUE; return TRUE;
} }
/* Does the md5 encryption from the NT hash for NTLMv2. */
void
SMBOWFencrypt_ntv2(const unsigned char kr[16],
const struct data_blob srv_chal,
const struct data_blob cli_chal, unsigned char resp_buf[16])
{
struct HMACMD5Context ctx;
hmac_md5_init_limK_to_64(kr, 16, &ctx);
hmac_md5_update(srv_chal.data, srv_chal.length, &ctx);
hmac_md5_update(cli_chal.data, cli_chal.length, &ctx);
hmac_md5_final(resp_buf, &ctx);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("SMBOWFencrypt_ntv2: srv_chal, cli_chal, resp_buf\n"));
dump_data(100, srv_chal.data, srv_chal.length);
dump_data(100, cli_chal.data, cli_chal.length);
dump_data(100, resp_buf, 16);
#endif
}
void void
SMBsesskeygen_ntv2(const unsigned char kr[16], SMBsesskeygen_ntv2(const unsigned char kr[16],
const unsigned char *nt_resp, __u8 sess_key[16]) const unsigned char *nt_resp, __u8 sess_key[16])
...@@ -407,6 +434,44 @@ encode_pw_buffer(char buffer[516], char *new_pw, int new_pw_length) ...@@ -407,6 +434,44 @@ encode_pw_buffer(char buffer[516], char *new_pw, int new_pw_length)
return TRUE; return TRUE;
} }
int SMBNTLMv2encrypt(const char *user, const char *domain, const char *password,
const struct data_blob *server_chal,
const struct data_blob *names_blob,
struct data_blob *lm_response, struct data_blob *nt_response,
struct data_blob *nt_session_key,struct nls_table * nls_codepage)
{
unsigned char nt_hash[16];
unsigned char ntlm_v2_hash[16];
E_md4hash(password, nt_hash);
/* We don't use the NT# directly. Instead we use it mashed up with
the username and domain.
This prevents username swapping during the auth exchange
*/
ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash,nls_codepage);
if (nt_response) {
/* *nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal,
names_blob); */ /* BB fix BB */
if (nt_session_key) {
/* *nt_session_key = data_blob(NULL, 16); */ /* BB fix BB */
/* The NTLMv2 calculations also provide a session key, for signing etc later */
/* use only the first 16 bytes of nt_response for session key */
SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, nt_session_key->data);
}
}
/* LMv2 */
if (lm_response) {
*lm_response = LMv2_generate_response(ntlm_v2_hash, server_chal);
}
return TRUE;
}
/*********************************************************** /***********************************************************
SMB signing - setup the MAC key. SMB signing - setup the MAC key.
************************************************************/ ************************************************************/
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment