first pass at updating head branch to be to be the same as the SAMBA_2_0 branch

[kai/samba.git] / source3 / libsmb / smbencrypt.c

diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 89c6eba810d7d3db2ea61c2911a785669f646752..b927e193dd7485ad9c403ddb997af703f237bedd 100644 (file)
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -32,15 +32,23 @@ extern int DEBUGLEVEL;
    encrypted password into p24 */
 void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24)
 {
-  uchar p14[15], p21[21];
+       uchar p14[15], p21[21];
 
-  memset(p21,'\0',21);
-  memset(p14,'\0',14);
-  StrnCpy((char *)p14,(char *)passwd,14);
+       memset(p21,'\0',21);
+       memset(p14,'\0',14);
+       StrnCpy((char *)p14,(char *)passwd,14);
+
+       strupper((char *)p14);
+       E_P16(p14, p21); 
+
+       SMBOWFencrypt(p21, c8, p24);
 
-  strupper((char *)p14);
-  E_P16(p14, p21); 
-  E_P24(p21, c8, p24);
+#ifdef DEBUG_PASSWORD
+       DEBUG(100,("SMBencrypt: lm#, challenge, response\n"));
+       dump_data(100, (char *)p21, 16);
+       dump_data(100, (char *)c8, 8);
+       dump_data(100, (char *)p24, 24);
+#endif
 }
 
 /* Routines for Windows NT MD4 Hash functions. */
@@ -102,13 +110,19 @@ void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16])
 {
        char passwd[130];
 
-    memset(passwd,'\0',130);
-    safe_strcpy( passwd, pwd, sizeof(passwd)-1);
+       memset(passwd,'\0',130);
+       safe_strcpy( passwd, pwd, sizeof(passwd)-1);
 
        /* Calculate the MD4 hash (NT compatible) of the password */
        memset(nt_p16, '\0', 16);
        E_md4hash((uchar *)passwd, nt_p16);
 
+#ifdef DEBUG_PASSWORD
+       DEBUG(100,("nt_lm_owf_gen: pwd, nt#\n"));
+       dump_data(120, passwd, strlen(passwd));
+       dump_data(100, (char *)nt_p16, 16);
+#endif
+
        /* Mangle the passwords into Lanman format */
        passwd[14] = '\0';
        strupper(passwd);
@@ -118,8 +132,13 @@ void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16])
        memset(p16, '\0', 16);
        E_P16((uchar *) passwd, (uchar *)p16);
 
+#ifdef DEBUG_PASSWORD
+       DEBUG(100,("nt_lm_owf_gen: pwd, lm#\n"));
+       dump_data(120, passwd, strlen(passwd));
+       dump_data(100, (char *)p16, 16);
+#endif
        /* clear out local copy of user's password (just being paranoid). */
-       bzero(passwd, sizeof(passwd));
+       memset(passwd, '\0', sizeof(passwd));
 }
 
 /* Does the des encryption from the NT or LM MD4 hash. */
@@ -133,6 +152,24 @@ void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24])
        E_P24(p21, c8, p24);
 }
 
+/* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */
+void NTLMSSPOWFencrypt(uchar passwd[8], uchar *ntlmchalresp, uchar p24[24])
+{
+       uchar p21[21];
+ 
+       memset(p21,'\0',21);
+       memcpy(p21, passwd, 8);    
+       memset(p21 + 8, 0xbd, 8);    
+
+       E_P24(p21, ntlmchalresp, p24);
+#ifdef DEBUG_PASSWORD
+       DEBUG(100,("NTLMSSPOWFencrypt: p21, c8, p24\n"));
+       dump_data(100, (char *)p21, 21);
+       dump_data(100, (char *)ntlmchalresp, 8);
+       dump_data(100, (char *)p24, 24);
+#endif
+}
+
 
 /* Does the NT MD4 hash then des encryption. */
  
@@ -143,7 +180,51 @@ void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24)
        memset(p21,'\0',21);
  
        E_md4hash(passwd, p21);    
-       E_P24(p21, c8, p24);
+       SMBOWFencrypt(p21, c8, p24);
+
+#ifdef DEBUG_PASSWORD
+       DEBUG(100,("SMBNTencrypt: nt#, challenge, response\n"));
+       dump_data(100, (char *)p21, 16);
+       dump_data(100, (char *)c8, 8);
+       dump_data(100, (char *)p24, 24);
+#endif
 }
 
+BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode)
+{
+       int new_pw_len = strlen(passwd) * (unicode ? 2 : 1);
+
+       if (new_pw_len > 512)
+       {
+               DEBUG(0,("make_oem_passwd_hash: new password is too long.\n"));
+               return False;
+       }
+
+       /*
+        * Now setup the data area.
+        * We need to generate a random fill
+        * for this area to make it harder to
+        * decrypt. JRA.
+        */
+       generate_random_buffer((unsigned char *)data, 516, False);
+       if (unicode)
+       {
+               /* Note that passwd should be in DOS oem character set. */
+               dos_struni2( &data[512 - new_pw_len], passwd, 512);
+       }
+       else
+       {
+               /* Note that passwd should be in DOS oem character set. */
+               fstrcpy( &data[512 - new_pw_len], passwd);
+       }
+       SIVAL(data, 512, new_pw_len);
+
+#ifdef DEBUG_PASSWORD
+       DEBUG(100,("make_oem_passwd_hash\n"));
+       dump_data(100, data, 516);
+#endif
+       SamOEMhash( (unsigned char *)data, (unsigned char *)old_pw_hash, True);
+
+       return True;
+}