/*
- Unix SMB/Netbios implementation.
- Version 1.9.
+ Unix SMB/CIFS implementation.
Password cacheing. obfuscation is planned
Copyright (C) Luke Kenneth Casson Leighton 1996-1998
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
#include "includes.h"
-extern int DEBUGLEVEL;
-
-
/****************************************************************************
-initialises a password structure
+ Initialises a password structure.
****************************************************************************/
-void pwd_init(struct pwd_info *pwd)
-{
- ZERO_STRUCT(pwd->password );
- ZERO_STRUCT(pwd->smb_lm_pwd);
- ZERO_STRUCT(pwd->smb_nt_pwd);
- ZERO_STRUCT(pwd->smb_lm_owf);
- ZERO_STRUCT(pwd->smb_nt_owf);
- ZERO_STRUCT(pwd->sess_key );
- pwd->nt_owf_len = 0;
-
- pwd->null_pwd = True; /* safest option... */
- pwd->cleartext = False;
- pwd->crypted = False;
-}
-
-/****************************************************************************
-returns NULL password flag
-****************************************************************************/
-BOOL pwd_is_nullpwd(const struct pwd_info *pwd)
-{
- return pwd->null_pwd;
-}
-
-/****************************************************************************
-de-obfuscates a password
-****************************************************************************/
-static void pwd_deobfuscate(const struct pwd_info *pwd)
-{
-}
-/****************************************************************************
-obfuscates a password
-****************************************************************************/
-static void pwd_obfuscate(const struct pwd_info *pwd)
+static void pwd_init(struct pwd_info *pwd)
{
-}
+ memset((char *)pwd->password , '\0', sizeof(pwd->password ));
-/****************************************************************************
-sets the obfuscation key info
-****************************************************************************/
-void pwd_obfuscate_key(struct pwd_info *pwd, uint32 int_key, char *str_key)
-{
+ pwd->null_pwd = True; /* safest option... */
}
/****************************************************************************
-compares two passwords. hmm, not as trivial as expected. hmm.
+ Stores a cleartext password.
****************************************************************************/
-BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2)
-{
- pwd_deobfuscate(pwd1);
- pwd_deobfuscate(pwd2);
- if (pwd1->cleartext && pwd2->cleartext)
- {
- if (strequal(pwd1->password, pwd2->password))
- {
- pwd_obfuscate(pwd1);
- pwd_obfuscate(pwd2);
- return True;
- }
- }
- if (pwd1->null_pwd && pwd2->null_pwd)
- {
- pwd_obfuscate(pwd1);
- pwd_obfuscate(pwd2);
- return True;
- }
- if (!pwd1->null_pwd && !pwd2->null_pwd &&
- !pwd1->cleartext && !pwd2->cleartext)
- {
- if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0)
- {
- pwd_obfuscate(pwd1);
- pwd_obfuscate(pwd2);
- return True;
- }
- if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0)
- {
- pwd_obfuscate(pwd1);
- pwd_obfuscate(pwd2);
- return True;
- }
- }
- pwd_obfuscate(pwd1);
- pwd_obfuscate(pwd2);
- return False;
-}
-/****************************************************************************
-reads a password
-****************************************************************************/
-void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt)
+void pwd_set_cleartext(struct pwd_info *pwd, const char *clr)
{
- /* grab a password */
- char *user_pass;
-
pwd_init(pwd);
-
- user_pass = (char*)getpass(passwd_report);
-
- if (user_pass == NULL || user_pass[0] == 0)
- {
- pwd_set_nullpwd(pwd);
- }
- else if (do_encrypt)
- {
- pwd_make_lm_nt_16(pwd, user_pass);
+ if (clr) {
+ fstrcpy(pwd->password, clr);
+ pwd->null_pwd = False;
+ } else {
+ pwd->null_pwd = True;
}
- else
- {
- pwd_set_cleartext(pwd, user_pass);
- }
-}
-/****************************************************************************
- stores a cleartext password
- ****************************************************************************/
-void pwd_set_nullpwd(struct pwd_info *pwd)
-{
- pwd_init(pwd);
-
- pwd->cleartext = False;
- pwd->null_pwd = True;
- pwd->crypted = False;
-}
-
-/****************************************************************************
- stores a cleartext password
- ****************************************************************************/
-void pwd_set_cleartext(struct pwd_info *pwd, char *clr)
-{
- pwd_init(pwd);
- fstrcpy(pwd->password, clr);
pwd->cleartext = True;
- pwd->null_pwd = False;
- pwd->crypted = False;
-
- pwd_obfuscate(pwd);
}
/****************************************************************************
- gets a cleartext password
- ****************************************************************************/
-void pwd_get_cleartext(struct pwd_info *pwd, char *clr)
+ Gets a cleartext password.
+****************************************************************************/
+
+void pwd_get_cleartext(struct pwd_info *pwd, fstring clr)
{
- pwd_deobfuscate(pwd);
if (pwd->cleartext)
- {
fstrcpy(clr, pwd->password);
- }
else
- {
clr[0] = 0;
- }
- pwd_obfuscate(pwd);
-}
-
-/****************************************************************************
- stores lm and nt hashed passwords
- ****************************************************************************/
-void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16])
-{
- pwd_init(pwd);
-
- if (lm_pwd)
- {
- memcpy(pwd->smb_lm_pwd, lm_pwd, 16);
- }
- else
- {
- bzero(pwd->smb_lm_pwd, 16);
- }
- if (nt_pwd)
- {
- memcpy(pwd->smb_nt_pwd, nt_pwd, 16);
- }
- else
- {
- bzero(pwd->smb_nt_pwd, 16);
- }
-
- pwd->null_pwd = False;
- pwd->cleartext = False;
- pwd->crypted = False;
-
- pwd_obfuscate(pwd);
-}
-
-/****************************************************************************
- gets lm and nt hashed passwords
- ****************************************************************************/
-void pwd_get_lm_nt_16(const struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16])
-{
- pwd_deobfuscate(pwd);
- if (lm_pwd != NULL)
- {
- memcpy(lm_pwd, pwd->smb_lm_pwd, 16);
- }
- if (nt_pwd != NULL)
- {
- memcpy(nt_pwd, pwd->smb_nt_pwd, 16);
- }
- pwd_obfuscate(pwd);
-}
-
-/****************************************************************************
- makes lm and nt hashed passwords
- ****************************************************************************/
-void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr)
-{
- pwd_init(pwd);
-
- nt_lm_owf_gen(clr, pwd->smb_nt_pwd, pwd->smb_lm_pwd);
- pwd->null_pwd = False;
- pwd->cleartext = False;
- pwd->crypted = False;
-
- pwd_obfuscate(pwd);
}
-
-/****************************************************************************
- makes lm and nt OWF crypts
- ****************************************************************************/
-void pwd_make_lm_nt_owf2(struct pwd_info *pwd, const uchar srv_key[8],
- const char *user, const char *server, const char *domain)
-{
- uchar kr[16];
-
- DEBUG(10,("pwd_make_lm_nt_owf2: user %s, srv %s, dom %s\n",
- user, server, domain));
-
- pwd_deobfuscate(pwd);
-
- SMBgenclientchals(pwd->lm_cli_chal,
- pwd->nt_cli_chal,
- &pwd->nt_cli_chal_len,
- server, domain);
-
- ntv2_owf_gen(pwd->smb_nt_pwd, user, domain, kr);
-
- /* lm # */
- SMBOWFencrypt_ntv2(kr,
- srv_key, 8,
- pwd->lm_cli_chal, 8,
- pwd->smb_lm_owf);
- memcpy(&pwd->smb_lm_owf[16], pwd->lm_cli_chal, 8);
-
- /* nt # */
- SMBOWFencrypt_ntv2(kr,
- srv_key, 8,
- pwd->nt_cli_chal, pwd->nt_cli_chal_len,
- pwd->smb_nt_owf);
- memcpy(&pwd->smb_nt_owf[16], pwd->nt_cli_chal, pwd->nt_cli_chal_len);
- pwd->nt_owf_len = pwd->nt_cli_chal_len + 16;
-
- SMBsesskeygen_ntv2(kr, pwd->smb_nt_owf, pwd->sess_key);
-
-#if DEBUG_PASSWORD
-#endif
-
-#ifdef DEBUG_PASSWORD
- DEBUG(100,("server cryptkey: "));
- dump_data(100, srv_key, 8);
-
- DEBUG(100,("client lmv2 cryptkey: "));
- dump_data(100, pwd->lm_cli_chal, 8);
-
- DEBUG(100,("client ntv2 cryptkey: "));
- dump_data(100, pwd->nt_cli_chal, pwd->nt_cli_chal_len);
-
- DEBUG(100,("ntv2_owf_passwd: "));
- dump_data(100, pwd->smb_nt_owf, pwd->nt_owf_len);
- DEBUG(100,("nt_sess_pwd: "));
- dump_data(100, pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd));
-
- DEBUG(100,("lmv2_owf_passwd: "));
- dump_data(100, pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf));
- DEBUG(100,("lm_sess_pwd: "));
- dump_data(100, pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd));
-
- DEBUG(100,("session key:\n"));
- dump_data(100, pwd->sess_key, sizeof(pwd->sess_key));
-#endif
- pwd->crypted = True;
-
- pwd_obfuscate(pwd);
-}
-
-/****************************************************************************
- makes lm and nt OWF crypts
- ****************************************************************************/
-void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8])
-{
- if (pwd->null_pwd)
- {
-#ifdef DEBUG_PASSWORD
- DEBUG(100,("pwd_make_lm_nt_owf: NULL password\n"));
-#endif
- pwd->nt_owf_len = 0;
- return;
- }
- pwd_deobfuscate(pwd);
-
- /* generate 24-byte hashes */
- SMBOWFencrypt(pwd->smb_lm_pwd, cryptkey, pwd->smb_lm_owf);
- SMBOWFencrypt(pwd->smb_nt_pwd, cryptkey, pwd->smb_nt_owf);
- pwd->nt_owf_len = 24;
-
- SMBsesskeygen_ntv1(pwd->smb_nt_pwd, pwd->smb_nt_owf, pwd->sess_key);
-
-#ifdef DEBUG_PASSWORD
- DEBUG(100,("client cryptkey: "));
- dump_data(100, cryptkey, 8);
-
- DEBUG(100,("nt_owf_passwd: "));
- dump_data(100, pwd->smb_nt_owf, pwd->nt_owf_len);
- DEBUG(100,("nt_sess_pwd: "));
- dump_data(100, pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd));
-
- DEBUG(100,("lm_owf_passwd: "));
- dump_data(100, pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf));
- DEBUG(100,("lm_sess_pwd: "));
- dump_data(100, pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd));
-
- DEBUG(100,("session key:\n"));
- dump_data(100, pwd->sess_key, sizeof(pwd->sess_key));
-#endif
-
- pwd->crypted = True;
-
- pwd_obfuscate(pwd);
-}
-
-/****************************************************************************
- gets lm and nt crypts
- ****************************************************************************/
-void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24],
- uchar *nt_owf, size_t *nt_owf_len,
- uchar *sess_key)
-{
- if (pwd->null_pwd)
- {
-#ifdef DEBUG_PASSWORD
- DEBUG(100,("pwd_get_lm_nt_owf: NULL password\n"));
-#endif
- if (nt_owf_len != NULL)
- {
- *nt_owf_len = 0;
- }
- return;
- }
-
- pwd_deobfuscate(pwd);
- if (lm_owf != NULL)
- {
- memcpy(lm_owf, pwd->smb_lm_owf, 24);
- }
- if (nt_owf != NULL)
- {
- memcpy(nt_owf, pwd->smb_nt_owf, pwd->nt_owf_len);
- }
- if (sess_key != NULL)
- {
- memcpy(sess_key, pwd->sess_key, 16);
- }
- if (nt_owf_len != NULL)
- {
- *nt_owf_len = pwd->nt_owf_len;
- }
- pwd_obfuscate(pwd);
-}
-