Implemented encryption algorithm used for a number of RPC buffers.

(actually, decryption only currently because I need to get some sleep).

Basically another Microsoft twist on DES; the "master key" is the user's
NT hash MD4'd and subsets of this are chosen as the 56-bit DES keys.
(This used to be commit f09388fa6f41a13ca035b5b2ff40be804608f619)

diff --git a/source3/include/proto.h b/source3/include/proto.h
index e64a7a92aae473edd6b0a81739d7dac0e936a46e..5ad1959677d0f984ec6ca140d4ece0c32146f907 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -739,6 +739,7 @@ void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24])
 
 /*The following definitions come from  libsmb/smbdes.c  */
 
+void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int forw);
 void E_P16(unsigned char *p14,unsigned char *p16);
 void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24);
 void D_P16(unsigned char *p14, unsigned char *in, unsigned char *out);
@@ -757,6 +758,7 @@ void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]);
 void NTLMSSPOWFencrypt(uchar passwd[8], uchar *ntlmchalresp, uchar p24[24]);
 void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24);
 BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode);
+int nt_decrypt_string2(STRING2 *out, STRING2 *in, char nt_hash[16]);
 
 /*The following definitions come from  libsmb/smberr.c  */
 
@@ -1568,8 +1570,8 @@ BOOL lsa_open_secret(struct cli_state *cli, uint16 fnum,
                     POLICY_HND *hnd_pol, char *secret_name, uint32 des_access,
                     POLICY_HND *hnd_secret);
 BOOL lsa_query_secret(struct cli_state *cli, uint16 fnum,
-                     POLICY_HND *pol, unsigned char secret[24],
-                     NTTIME *lastupdate);
+                     POLICY_HND *pol, STRING2 *enc_secret,
+                     NTTIME *last_update);
 BOOL lsa_lookup_names(struct cli_state *cli, uint16 fnum,
                        POLICY_HND *hnd,
                        int num_names,

diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h
index 6129c3bf01e4b038a0ab6dbc94487f8e1255f887..1bd18bc7e86789950b79ccca1f21f1d240ee6a3f 100644 (file)
--- a/source3/include/rpc_lsa.h
+++ b/source3/include/rpc_lsa.h
@@ -176,7 +176,7 @@ typedef struct lsa_secret_value_info
 {
        uint32 ptr_secret;
        STRHDR2 hdr_secret;
-       STRING2 secret;
+       STRING2 enc_secret; /* encrypted, see nt_encrypt_string2 */
 
 } LSA_SECRET_VALUE;
 

diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c
index d0e1c6e85fb00d0c91c0af57f5f1d74dc018f04e..08bc929f01ac8f05eb7325dbd58d650a1fac9425 100644 (file)
--- a/source3/libsmb/smbdes.c
+++ b/source3/libsmb/smbdes.c
@@ -277,7 +277,7 @@ static void str_to_key(unsigned char *str,unsigned char *key)
 }
 
 
-static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int forw)
+void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int forw)
 {
        int i;
        char outb[64];

diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index e35cccd7348e1cda4467efc363d87680d40bec47..3835c998152e189054ff7737df5cb876f7b76dc3 100644 (file)
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -226,3 +226,48 @@ BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[
        return True;
 }
 
+int nt_decrypt_string2(STRING2 *out, STRING2 *in, char nt_hash[16])
+{
+       uchar bufhdr[8];
+       int datalen;
+
+       uchar key[16];
+       uchar *keyptr = key;
+       uchar *keyend = key + sizeof(key);
+
+       uchar *outbuf = (uchar *)out->buffer;
+       uchar *inbuf = (uchar *)in->buffer;
+       uchar *inbufend;
+
+
+       mdfour(key, nt_hash, 16);
+
+       smbhash(bufhdr, inbuf, keyptr, 0);
+       datalen = IVAL(bufhdr, 0);
+
+       if ((datalen > in->str_str_len) || (datalen > MAX_STRINGLEN))
+       {
+               DEBUG(0, ("nt_decrypt_string2: failed\n"));
+               return False;
+       }
+
+       out->str_max_len = out->str_str_len = datalen;
+       inbuf += 8;
+       inbufend = inbuf + datalen;
+
+       while (inbuf < inbufend)
+       {
+               keyptr += 7;
+               if (keyptr + 7 > keyend)
+               {
+                       keyptr = (keyend - keyptr) + key;
+               }
+
+               smbhash(outbuf, inbuf, keyptr, 0);
+
+               inbuf += 8;
+               outbuf += 8;
+       }
+
+       return True;
+}