libcli/auth/credentials.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    code to manipulate domain credentials
   5
   6    Copyright (C) Andrew Tridgell 1997-2003
   7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22
  23 #include "includes.h"
  24 #include "system/time.h"
  25 #include "../lib/crypto/crypto.h"
  26 #include "libcli/auth/libcli_auth.h"
  27
  28 static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds,
  29                                       const struct netr_Credential *in,
  30                                       struct netr_Credential *out)
  31 {
  32         des_crypt112(out->data, in->data, creds->session_key, 1);
  33 }
  34
  35 /*
  36   initialise the credentials state for old-style 64 bit session keys
  37
  38   this call is made after the netr_ServerReqChallenge call
  39 */
  40 static void netlogon_creds_init_64bit(struct netlogon_creds_CredentialState *creds,
  41                                       const struct netr_Credential *client_challenge,
  42                                       const struct netr_Credential *server_challenge,
  43                                       const struct samr_Password *machine_password)
  44 {
  45         uint32_t sum[2];
  46         uint8_t sum2[8];
  47
  48         sum[0] = IVAL(client_challenge->data, 0) + IVAL(server_challenge->data, 0);
  49         sum[1] = IVAL(client_challenge->data, 4) + IVAL(server_challenge->data, 4);
  50
  51         SIVAL(sum2,0,sum[0]);
  52         SIVAL(sum2,4,sum[1]);
  53
  54         ZERO_STRUCT(creds->session_key);
  55
  56         des_crypt128(creds->session_key, sum2, machine_password->hash);
  57 }
  58
  59 /*
  60   initialise the credentials state for ADS-style 128 bit session keys
  61
  62   this call is made after the netr_ServerReqChallenge call
  63 */
  64 static void netlogon_creds_init_128bit(struct netlogon_creds_CredentialState *creds,
  65                                        const struct netr_Credential *client_challenge,
  66                                        const struct netr_Credential *server_challenge,
  67                                        const struct samr_Password *machine_password)
  68 {
  69         unsigned char zero[4], tmp[16];
  70         HMACMD5Context ctx;
  71         struct MD5Context md5;
  72
  73         ZERO_STRUCT(creds->session_key);
  74
  75         memset(zero, 0, sizeof(zero));
  76
  77         hmac_md5_init_rfc2104(machine_password->hash, sizeof(machine_password->hash), &ctx);
  78         MD5Init(&md5);
  79         MD5Update(&md5, zero, sizeof(zero));
  80         MD5Update(&md5, client_challenge->data, 8);
  81         MD5Update(&md5, server_challenge->data, 8);
  82         MD5Final(tmp, &md5);
  83         hmac_md5_update(tmp, sizeof(tmp), &ctx);
  84         hmac_md5_final(creds->session_key, &ctx);
  85 }
  86
  87 static void netlogon_creds_first_step(struct netlogon_creds_CredentialState *creds,
  88                                       const struct netr_Credential *client_challenge,
  89                                       const struct netr_Credential *server_challenge)
  90 {
  91         netlogon_creds_step_crypt(creds, client_challenge, &creds->client);
  92
  93         netlogon_creds_step_crypt(creds, server_challenge, &creds->server);
  94
  95         creds->seed = creds->client;
  96 }
  97
  98 /*
  99   step the credentials to the next element in the chain, updating the
 100   current client and server credentials and the seed
 101 */
 102 static void netlogon_creds_step(struct netlogon_creds_CredentialState *creds)
 103 {
 104         struct netr_Credential time_cred;
 105
 106         DEBUG(5,("\tseed        %08x:%08x\n",
 107                  IVAL(creds->seed.data, 0), IVAL(creds->seed.data, 4)));
 108
 109         SIVAL(time_cred.data, 0, IVAL(creds->seed.data, 0) + creds->sequence);
 110         SIVAL(time_cred.data, 4, IVAL(creds->seed.data, 4));
 111
 112         DEBUG(5,("\tseed+time   %08x:%08x\n", IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
 113
 114         netlogon_creds_step_crypt(creds, &time_cred, &creds->client);
 115
 116         DEBUG(5,("\tCLIENT      %08x:%08x\n",
 117                  IVAL(creds->client.data, 0), IVAL(creds->client.data, 4)));
 118
 119         SIVAL(time_cred.data, 0, IVAL(creds->seed.data, 0) + creds->sequence + 1);
 120         SIVAL(time_cred.data, 4, IVAL(creds->seed.data, 4));
 121
 122         DEBUG(5,("\tseed+time+1 %08x:%08x\n",
 123                  IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
 124
 125         netlogon_creds_step_crypt(creds, &time_cred, &creds->server);
 126
 127         DEBUG(5,("\tSERVER      %08x:%08x\n",
 128                  IVAL(creds->server.data, 0), IVAL(creds->server.data, 4)));
 129
 130         creds->seed = time_cred;
 131 }
 132
 133
 134 /*
 135   DES encrypt a 8 byte LMSessionKey buffer using the Netlogon session key
 136 */
 137 void netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key)
 138 {
 139         struct netr_LMSessionKey tmp;
 140         des_crypt56(tmp.key, key->key, creds->session_key, 1);
 141         *key = tmp;
 142 }
 143
 144 /*
 145   DES decrypt a 8 byte LMSessionKey buffer using the Netlogon session key
 146 */
 147 void netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key)
 148 {
 149         struct netr_LMSessionKey tmp;
 150         des_crypt56(tmp.key, key->key, creds->session_key, 0);
 151         *key = tmp;
 152 }
 153
 154 /*
 155   DES encrypt a 16 byte password buffer using the session key
 156 */
 157 void netlogon_creds_des_encrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass)
 158 {
 159         struct samr_Password tmp;
 160         des_crypt112_16(tmp.hash, pass->hash, creds->session_key, 1);
 161         *pass = tmp;
 162 }
 163
 164 /*
 165   DES decrypt a 16 byte password buffer using the session key
 166 */
 167 void netlogon_creds_des_decrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass)
 168 {
 169         struct samr_Password tmp;
 170         des_crypt112_16(tmp.hash, pass->hash, creds->session_key, 0);
 171         *pass = tmp;
 172 }
 173
 174 /*
 175   ARCFOUR encrypt/decrypt a password buffer using the session key
 176 */
 177 void netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
 178 {
 179         DATA_BLOB session_key = data_blob(creds->session_key, 16);
 180
 181         arcfour_crypt_blob(data, len, &session_key);
 182
 183         data_blob_free(&session_key);
 184 }
 185
 186 /*****************************************************************
 187 The above functions are common to the client and server interface
 188 next comes the client specific functions
 189 ******************************************************************/
 190
 191 /*
 192   initialise the credentials chain and return the first client
 193   credentials
 194 */
 195
 196 struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *mem_ctx,
 197                                                                   const char *client_account,
 198                                                                   const char *client_computer_name,
 199                                                                   const struct netr_Credential *client_challenge,
 200                                                                   const struct netr_Credential *server_challenge,
 201                                                                   const struct samr_Password *machine_password,
 202                                                                   struct netr_Credential *initial_credential,
 203                                                                   uint32_t negotiate_flags)
 204 {
 205         struct netlogon_creds_CredentialState *creds = talloc(mem_ctx, struct netlogon_creds_CredentialState);
 206
 207         if (!creds) {
 208                 return NULL;
 209         }
 210
 211         creds->sequence = time(NULL);
 212         creds->negotiate_flags = negotiate_flags;
 213
 214         creds->computer_name = talloc_strdup(creds, client_computer_name);
 215         if (!creds->computer_name) {
 216                 talloc_free(creds);
 217                 return NULL;
 218         }
 219         creds->account_name = talloc_strdup(creds, client_account);
 220         if (!creds->account_name) {
 221                 talloc_free(creds);
 222                 return NULL;
 223         }
 224
 225         dump_data_pw("Client chall", client_challenge->data, sizeof(client_challenge->data));
 226         dump_data_pw("Server chall", server_challenge->data, sizeof(server_challenge->data));
 227         dump_data_pw("Machine Pass", machine_password->hash, sizeof(machine_password->hash));
 228
 229         if (negotiate_flags & NETLOGON_NEG_128BIT) {
 230                 netlogon_creds_init_128bit(creds, client_challenge, server_challenge, machine_password);
 231         } else {
 232                 netlogon_creds_init_64bit(creds, client_challenge, server_challenge, machine_password);
 233         }
 234
 235         netlogon_creds_first_step(creds, client_challenge, server_challenge);
 236
 237         dump_data_pw("Session key", creds->session_key, 16);
 238         dump_data_pw("Credential ", creds->client.data, 8);
 239
 240         *initial_credential = creds->client;
 241         return creds;
 242 }
 243
 244 /*
 245   initialise the credentials structure with only a session key.  The caller better know what they are doing!
 246  */
 247
 248 struct netlogon_creds_CredentialState *netlogon_creds_client_init_session_key(TALLOC_CTX *mem_ctx,
 249                                                                               const uint8_t session_key[16])
 250 {
 251         struct netlogon_creds_CredentialState *creds;
 252
 253         creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
 254         if (!creds) {
 255                 return NULL;
 256         }
 257
 258         memcpy(creds->session_key, session_key, 16);
 259
 260         return creds;
 261 }
 262
 263 /*
 264   step the credentials to the next element in the chain, updating the
 265   current client and server credentials and the seed
 266
 267   produce the next authenticator in the sequence ready to send to
 268   the server
 269 */
 270 void netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds,
 271                                 struct netr_Authenticator *next)
 272 {
 273         creds->sequence += 2;
 274         netlogon_creds_step(creds);
 275
 276         next->cred = creds->client;
 277         next->timestamp = creds->sequence;
 278 }
 279
 280 /*
 281   check that a credentials reply from a server is correct
 282 */
 283 bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
 284                         const struct netr_Credential *received_credentials)
 285 {
 286         if (!received_credentials ||
 287             memcmp(received_credentials->data, creds->server.data, 8) != 0) {
 288                 DEBUG(2,("credentials check failed\n"));
 289                 return false;
 290         }
 291         return true;
 292 }
 293
 294
 295 /*****************************************************************
 296 The above functions are common to the client and server interface
 297 next comes the server specific functions
 298 ******************************************************************/
 299
 300 /*
 301   check that a credentials reply from a server is correct
 302 */
 303 static bool netlogon_creds_server_check_internal(const struct netlogon_creds_CredentialState *creds,
 304                                                  const struct netr_Credential *received_credentials)
 305 {
 306         if (memcmp(received_credentials->data, creds->client.data, 8) != 0) {
 307                 DEBUG(2,("credentials check failed\n"));
 308                 dump_data_pw("client creds", creds->client.data, 8);
 309                 dump_data_pw("calc   creds", received_credentials->data, 8);
 310                 return false;
 311         }
 312         return true;
 313 }
 314
 315 /*
 316   initialise the credentials chain and return the first server
 317   credentials
 318 */
 319 struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *mem_ctx,
 320                                                                   const char *client_account,
 321                                                                   const char *client_computer_name,
 322                                                                   uint16_t secure_channel_type,
 323                                                                   const struct netr_Credential *client_challenge,
 324                                                                   const struct netr_Credential *server_challenge,
 325                                                                   const struct samr_Password *machine_password,
 326                                                                   struct netr_Credential *credentials_in,
 327                                                                   struct netr_Credential *credentials_out,
 328                                                                   uint32_t negotiate_flags)
 329 {
 330
 331         struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
 332
 333         if (!creds) {
 334                 return NULL;
 335         }
 336
 337         creds->negotiate_flags = negotiate_flags;
 338         creds->secure_channel_type = secure_channel_type;
 339
 340         creds->computer_name = talloc_strdup(creds, client_computer_name);
 341         if (!creds->computer_name) {
 342                 talloc_free(creds);
 343                 return NULL;
 344         }
 345         creds->account_name = talloc_strdup(creds, client_account);
 346         if (!creds->account_name) {
 347                 talloc_free(creds);
 348                 return NULL;
 349         }
 350
 351         if (negotiate_flags & NETLOGON_NEG_128BIT) {
 352                 netlogon_creds_init_128bit(creds, client_challenge, server_challenge,
 353                                            machine_password);
 354         } else {
 355                 netlogon_creds_init_64bit(creds, client_challenge, server_challenge,
 356                                           machine_password);
 357         }
 358
 359         netlogon_creds_first_step(creds, client_challenge, server_challenge);
 360
 361         /* And before we leak information about the machine account
 362          * password, check that they got the first go right */
 363         if (!netlogon_creds_server_check_internal(creds, credentials_in)) {
 364                 talloc_free(creds);
 365                 return NULL;
 366         }
 367
 368         *credentials_out = creds->server;
 369
 370         return creds;
 371 }
 372
 373 NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds,
 374                                  struct netr_Authenticator *received_authenticator,
 375                                  struct netr_Authenticator *return_authenticator)
 376 {
 377         if (!received_authenticator || !return_authenticator) {
 378                 return NT_STATUS_INVALID_PARAMETER;
 379         }
 380
 381         if (!creds) {
 382                 return NT_STATUS_ACCESS_DENIED;
 383         }
 384
 385         /* TODO: this may allow the a replay attack on a non-signed
 386            connection. Should we check that this is increasing? */
 387         creds->sequence = received_authenticator->timestamp;
 388         netlogon_creds_step(creds);
 389         if (netlogon_creds_server_check_internal(creds, &received_authenticator->cred)) {
 390                 return_authenticator->cred = creds->server;
 391                 return_authenticator->timestamp = creds->sequence;
 392                 return NT_STATUS_OK;
 393         } else {
 394                 ZERO_STRUCTP(return_authenticator);
 395                 return NT_STATUS_ACCESS_DENIED;
 396         }
 397 }
 398
 399 void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *creds,
 400                             uint16_t validation_level,
 401                             union netr_Validation *validation)
 402 {
 403         static const char zeros[16];
 404
 405         struct netr_SamBaseInfo *base = NULL;
 406         switch (validation_level) {
 407         case 2:
 408                 if (validation->sam2) {
 409                         base = &validation->sam2->base;
 410                 }
 411                 break;
 412         case 3:
 413                 if (validation->sam3) {
 414                         base = &validation->sam3->base;
 415                 }
 416                 break;
 417         case 6:
 418                 if (validation->sam6) {
 419                         base = &validation->sam6->base;
 420                 }
 421                 break;
 422         default:
 423                 /* If we can't find it, we can't very well decrypt it */
 424                 return;
 425         }
 426
 427         if (!base) {
 428                 return;
 429         }
 430
 431         /* find and decyrpt the session keys, return in parameters above */
 432         if (validation_level == 6) {
 433                 /* they aren't encrypted! */
 434         } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
 435                 if (memcmp(base->key.key, zeros,
 436                            sizeof(base->key.key)) != 0) {
 437                         netlogon_creds_arcfour_crypt(creds,
 438                                             base->key.key,
 439                                             sizeof(base->key.key));
 440                 }
 441
 442                 if (memcmp(base->LMSessKey.key, zeros,
 443                            sizeof(base->LMSessKey.key)) != 0) {
 444                         netlogon_creds_arcfour_crypt(creds,
 445                                             base->LMSessKey.key,
 446                                             sizeof(base->LMSessKey.key));
 447                 }
 448         } else {
 449                 if (memcmp(base->LMSessKey.key, zeros,
 450                            sizeof(base->LMSessKey.key)) != 0) {
 451                         netlogon_creds_des_decrypt_LMKey(creds,
 452                                                 &base->LMSessKey);
 453                 }
 454         }
 455 }
 456