-#ifdef SMB_PASSWD
/*
Unix SMB/Netbios implementation.
Version 1.9.
SMB parameters and setup
- Copyright (C) Andrew Tridgell 1992-1995
+ Copyright (C) Andrew Tridgell 1992-1998
Modified by Jeremy Allison 1995.
This program is free software; you can redistribute it and/or modify
*/
#include "includes.h"
-#include "des.h"
-#include "md4.h"
extern int DEBUGLEVEL;
#include "byteorder.h"
-void str_to_key(uchar *str,uchar *key)
-{
- void des_set_odd_parity(des_cblock *);
- int i;
-
- key[0] = str[0]>>1;
- key[1] = ((str[0]&0x01)<<6) | (str[1]>>2);
- key[2] = ((str[1]&0x03)<<5) | (str[2]>>3);
- key[3] = ((str[2]&0x07)<<4) | (str[3]>>4);
- key[4] = ((str[3]&0x0F)<<3) | (str[4]>>5);
- key[5] = ((str[4]&0x1F)<<2) | (str[5]>>6);
- key[6] = ((str[5]&0x3F)<<1) | (str[6]>>7);
- key[7] = str[6]&0x7F;
- for (i=0;i<8;i++) {
- key[i] = (key[i]<<1);
- }
- des_set_odd_parity((des_cblock *)key);
-}
-
-void D1(uchar *k, uchar *d, uchar *out)
-{
- des_key_schedule ks;
- des_cblock deskey;
-
- str_to_key(k,(uchar *)deskey);
- des_set_key((des_cblock *)deskey,ks);
- des_ecb_encrypt((des_cblock *)d,(des_cblock *)out, ks, DES_DECRYPT);
-}
-
-void E1(uchar *k, uchar *d, uchar *out)
-{
- des_key_schedule ks;
- des_cblock deskey;
-
- str_to_key(k,(uchar *)deskey);
- des_set_key((des_cblock *)deskey,ks);
- des_ecb_encrypt((des_cblock *)d,(des_cblock *)out, ks, DES_ENCRYPT);
-}
-
-void E_P16(uchar *p14,uchar *p16)
-{
- uchar sp7[7];
- /* the following constant makes us compatible with other
- implementations. Note that publishing this constant does not reduce the
- security of the encryption mechanism */
- uchar sp8[] = {0xAA,0xD3,0xB4,0x35,0xB5,0x14,0x4,0xEE};
- uchar x[8];
-
- memset(sp7,'\0',7);
-
- D1(sp7, sp8, x);
- E1(p14, x, p16);
- E1(p14+7, x, p16+8);
-}
-
-void E_P24(uchar *p21, uchar *c8, uchar *p24)
-{
- E1(p21, c8, p24);
- E1(p21+7, c8, p24+8);
- E1(p21+14, c8, p24+16);
-}
-
-
/*
This implements the X/Open SMB password encryption
It takes a password, a 8 byte "crypt key" and puts 24 bytes of
encrypted password into p24 */
void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24)
{
- uchar p14[15], p21[21];
+ uchar p14[15], p21[21];
+
+ memset(p21,'\0',21);
+ memset(p14,'\0',14);
+ StrnCpy((char *)p14,(char *)passwd,14);
- memset(p21,'\0',21);
- memset(p14,'\0',14);
- StrnCpy((char *)p14,(char *)passwd,14);
+ strupper((char *)p14);
+ E_P16(p14, p21);
- strupper((char *)p14);
- E_P16(p14, p21);
- E_P24(p21, c8, p24);
+ SMBOWFencrypt(p21, c8, p24);
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("SMBencrypt: lm#, challenge, response\n"));
+ dump_data(100, p21, 16);
+ dump_data(100, c8, 8);
+ dump_data(100, p24, 24);
+#endif
}
/* Routines for Windows NT MD4 Hash functions. */
void E_md4hash(uchar *passwd, uchar *p16)
{
- int i, len;
+ int len;
int16 wpwd[129];
- MDstruct MD;
-
+
/* Password cannot be longer than 128 characters */
len = strlen((char *)passwd);
if(len > 128)
len = 128;
/* Password must be converted to NT unicode */
- _my_mbstowcs( wpwd, passwd, len);
+ _my_mbstowcs(wpwd, passwd, len);
wpwd[len] = 0; /* Ensure string is null terminated */
/* Calculate length in bytes */
len = _my_wcslen(wpwd) * sizeof(int16);
+
+ mdfour(p16, (unsigned char *)wpwd, len);
+}
+
+/* Does both the NT and LM owfs of a user's password */
+void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16])
+{
+ char passwd[130];
+
+ memset(passwd,'\0',130);
+ safe_strcpy( passwd, pwd, sizeof(passwd)-1);
+
+ /* Calculate the MD4 hash (NT compatible) of the password */
+ memset(nt_p16, '\0', 16);
+ E_md4hash((uchar *)passwd, nt_p16);
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("nt_lm_owf_gen: pwd, nt#\n"));
+ dump_data(120, passwd, strlen(passwd));
+ dump_data(100, nt_p16, 16);
+#endif
+
+ /* Mangle the passwords into Lanman format */
+ passwd[14] = '\0';
+ strupper(passwd);
+
+ /* Calculate the SMB (lanman) hash functions of the password */
+
+ memset(p16, '\0', 16);
+ E_P16((uchar *) passwd, (uchar *)p16);
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("nt_lm_owf_gen: pwd, lm#\n"));
+ dump_data(120, passwd, strlen(passwd));
+ dump_data(100, p16, 16);
+#endif
+ /* clear out local copy of user's password (just being paranoid). */
+ bzero(passwd, sizeof(passwd));
+}
+
+/* Does the des encryption from the NT or LM MD4 hash. */
+void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24])
+{
+ uchar p21[21];
- MDbegin(&MD);
- for(i = 0; i + 64 <= len; i += 64)
- MDupdate(&MD,wpwd + (i/2), 512);
- MDupdate(&MD,wpwd + (i/2),(len-i)*8);
- SIVAL(p16,0,MD.buffer[0]);
- SIVAL(p16,4,MD.buffer[1]);
- SIVAL(p16,8,MD.buffer[2]);
- SIVAL(p16,12,MD.buffer[3]);
+ memset(p21,'\0',21);
+
+ memcpy(p21, passwd, 16);
+ E_P24(p21, c8, p24);
+}
+
+/* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */
+void NTLMSSPOWFencrypt(uchar passwd[8], uchar *ntlmchalresp, uchar p24[24])
+{
+ uchar p21[21];
+
+ memset(p21,'\0',21);
+ memcpy(p21, passwd, 8);
+ memset(p21 + 8, 0xbd, 8);
+
+ E_P24(p21, ntlmchalresp, p24);
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("NTLMSSPOWFencrypt: p21, c8, p24\n"));
+ dump_data(100, p21, 21);
+ dump_data(100, ntlmchalresp, 8);
+ dump_data(100, p24, 24);
+#endif
}
+
/* Does the NT MD4 hash then des encryption. */
void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24)
memset(p21,'\0',21);
E_md4hash(passwd, p21);
- E_P24(p21, c8, p24);
+ SMBOWFencrypt(p21, c8, p24);
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("SMBNTencrypt: nt#, challenge, response\n"));
+ dump_data(100, p21, 16);
+ dump_data(100, c8, 8);
+ dump_data(100, p24, 24);
+#endif
}
-#else
- void smbencrypt_dummy(void){}
+BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode)
+{
+ int new_pw_len = strlen(passwd) * (unicode ? 2 : 1);
+
+ if (new_pw_len > 512)
+ {
+ DEBUG(0,("make_oem_passwd_hash: new password is too long.\n"));
+ return False;
+ }
+
+ /*
+ * Now setup the data area.
+ * We need to generate a random fill
+ * for this area to make it harder to
+ * decrypt. JRA.
+ */
+ generate_random_buffer((unsigned char *)data, 516, False);
+ if (unicode)
+ {
+ ascii_to_unibuf(&data[512 - new_pw_len], passwd, new_pw_len);
+ }
+ else
+ {
+ fstrcpy( &data[512 - new_pw_len], passwd);
+ }
+ SIVAL(data, 512, new_pw_len);
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("make_oem_passwd_hash\n"));
+ dump_data(100, data, 516);
#endif
+ SamOEMhash( (unsigned char *)data, (unsigned char *)old_pw_hash, True);
+
+ return True;
+}
+
+int nt_decrypt_string2(STRING2 *out, STRING2 *in, char nt_hash[16])
+{
+ uchar bufhdr[8];
+ int datalen;
+
+ uchar key[16];
+ uchar *keyptr = key;
+ uchar *keyend = key + sizeof(key);
+
+ uchar *outbuf = (uchar *)out->buffer;
+ uchar *inbuf = (uchar *)in->buffer;
+ uchar *inbufend;
+
+
+ mdfour(key, nt_hash, 16);
+
+ smbhash(bufhdr, inbuf, keyptr, 0);
+ datalen = IVAL(bufhdr, 0);
+
+ if ((datalen > in->str_str_len) || (datalen > MAX_STRINGLEN))
+ {
+ DEBUG(0, ("nt_decrypt_string2: failed\n"));
+ return False;
+ }
+
+ out->str_max_len = out->str_str_len = datalen;
+ inbuf += 8;
+ inbufend = inbuf + datalen;
+
+ while (inbuf < inbufend)
+ {
+ keyptr += 7;
+ if (keyptr + 7 > keyend)
+ {
+ keyptr = (keyend - keyptr) + key;
+ }
+
+ smbhash(outbuf, inbuf, keyptr, 0);
+
+ inbuf += 8;
+ outbuf += 8;
+ }
+
+ return True;
+}