source3/libsmb/pwd_cache.c

   1 /*
   2    Unix SMB/Netbios implementation.
   3    Version 1.9.
   4    Password cacheing.  obfuscation is planned
   5    Copyright (C) Luke Kenneth Casson Leighton 1996-1998
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 2 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program; if not, write to the Free Software
  19    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  20 */
  21
  22 #include "includes.h"
  23
  24 extern int DEBUGLEVEL;
  25
  26
  27 /****************************************************************************
  28 initialises a password structure
  29 ****************************************************************************/
  30 void pwd_init(struct pwd_info *pwd)
  31 {
  32         bzero(pwd->password  , sizeof(pwd->password  ));
  33         bzero(pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd));
  34         bzero(pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd));
  35         bzero(pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf));
  36         bzero(pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf));
  37         bzero(pwd->sess_key  , sizeof(pwd->sess_key  ));
  38         pwd->nt_owf_len = 0;
  39
  40         pwd->null_pwd  = True; /* safest option... */
  41         pwd->cleartext = False;
  42         pwd->crypted   = False;
  43 }
  44
  45 /****************************************************************************
  46 de-obfuscates a password
  47 ****************************************************************************/
  48 static void pwd_deobfuscate(struct pwd_info *pwd)
  49 {
  50 }
  51
  52 /****************************************************************************
  53 obfuscates a password
  54 ****************************************************************************/
  55 static void pwd_obfuscate(struct pwd_info *pwd)
  56 {
  57 }
  58
  59 /****************************************************************************
  60 sets the obfuscation key info
  61 ****************************************************************************/
  62 void pwd_obfuscate_key(struct pwd_info *pwd, uint32 int_key, char *str_key)
  63 {
  64 }
  65
  66 /****************************************************************************
  67 reads a password
  68 ****************************************************************************/
  69 void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt)
  70 {
  71         /* grab a password */
  72         char *user_pass;
  73
  74         pwd_init(pwd);
  75
  76         user_pass = (char*)getpass(passwd_report);
  77
  78         if (user_pass == NULL || user_pass[0] == 0)
  79         {
  80                 pwd_set_nullpwd(pwd);
  81         }
  82         else if (do_encrypt)
  83         {
  84                 pwd_make_lm_nt_16(pwd, user_pass);
  85         }
  86         else
  87         {
  88                 pwd_set_cleartext(pwd, user_pass);
  89         }
  90 }
  91
  92 /****************************************************************************
  93  stores a cleartext password
  94  ****************************************************************************/
  95 void pwd_set_nullpwd(struct pwd_info *pwd)
  96 {
  97         pwd_init(pwd);
  98
  99         pwd->cleartext = False;
 100         pwd->null_pwd  = True;
 101         pwd->crypted   = False;
 102 }
 103
 104 /****************************************************************************
 105  stores a cleartext password
 106  ****************************************************************************/
 107 void pwd_set_cleartext(struct pwd_info *pwd, char *clr)
 108 {
 109         pwd_init(pwd);
 110         fstrcpy(pwd->password, clr);
 111         pwd->cleartext = True;
 112         pwd->null_pwd  = False;
 113         pwd->crypted   = False;
 114
 115         pwd_obfuscate(pwd);
 116 }
 117
 118 /****************************************************************************
 119  gets a cleartext password
 120  ****************************************************************************/
 121 void pwd_get_cleartext(struct pwd_info *pwd, char *clr)
 122 {
 123         pwd_deobfuscate(pwd);
 124         if (pwd->cleartext)
 125         {
 126                 fstrcpy(clr, pwd->password);
 127         }
 128         else
 129         {
 130                 clr[0] = 0;
 131         }
 132         pwd_obfuscate(pwd);
 133 }
 134
 135 /****************************************************************************
 136  stores lm and nt hashed passwords
 137  ****************************************************************************/
 138 void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16])
 139 {
 140         pwd_init(pwd);
 141
 142         if (lm_pwd)
 143         {
 144                 memcpy(pwd->smb_lm_pwd, lm_pwd, 16);
 145         }
 146         else
 147         {
 148                 bzero(pwd->smb_lm_pwd, 16);
 149         }
 150
 151         if (nt_pwd)
 152         {
 153                 memcpy(pwd->smb_nt_pwd, nt_pwd, 16);
 154         }
 155         else
 156         {
 157                 bzero(pwd->smb_nt_pwd, 16);
 158         }
 159
 160         pwd->null_pwd  = False;
 161         pwd->cleartext = False;
 162         pwd->crypted   = False;
 163
 164         pwd_obfuscate(pwd);
 165 }
 166
 167 /****************************************************************************
 168  gets lm and nt hashed passwords
 169  ****************************************************************************/
 170 void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16])
 171 {
 172         pwd_deobfuscate(pwd);
 173         if (lm_pwd != NULL)
 174         {
 175                 memcpy(lm_pwd, pwd->smb_lm_pwd, 16);
 176         }
 177         if (nt_pwd != NULL)
 178         {
 179                 memcpy(nt_pwd, pwd->smb_nt_pwd, 16);
 180         }
 181         pwd_obfuscate(pwd);
 182 }
 183
 184 /****************************************************************************
 185  makes lm and nt hashed passwords
 186  ****************************************************************************/
 187 void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr)
 188 {
 189         pwd_init(pwd);
 190
 191         nt_lm_owf_gen(clr, pwd->smb_nt_pwd, pwd->smb_lm_pwd);
 192         pwd->null_pwd  = False;
 193         pwd->cleartext = False;
 194         pwd->crypted = False;
 195
 196         pwd_obfuscate(pwd);
 197 }
 198
 199 /****************************************************************************
 200  makes lm and nt OWF crypts
 201  ****************************************************************************/
 202 void pwd_make_lm_nt_owf2(struct pwd_info *pwd, const uchar srv_key[8],
 203                 const char *user, const char *server, const char *domain)
 204 {
 205         uchar kr[16];
 206
 207         DEBUG(10,("pwd_make_lm_nt_owf2: user %s, srv %s, dom %s\n",
 208                 user, server, domain));
 209
 210         pwd_deobfuscate(pwd);
 211
 212         SMBgenclientchals(pwd->lm_cli_chal,
 213                           pwd->nt_cli_chal,
 214                           &pwd->nt_cli_chal_len,
 215                           server, domain);
 216
 217         ntv2_owf_gen(pwd->smb_nt_pwd, user, domain, kr);
 218
 219         /* lm # */
 220         SMBOWFencrypt_ntv2(kr,
 221                            srv_key, 8,
 222                            pwd->lm_cli_chal, 8,
 223                            pwd->smb_lm_owf);
 224         memcpy(&pwd->smb_lm_owf[16], pwd->lm_cli_chal, 8);
 225
 226         /* nt # */
 227         SMBOWFencrypt_ntv2(kr,
 228                        srv_key, 8,
 229                        pwd->nt_cli_chal, pwd->nt_cli_chal_len,
 230                        pwd->smb_nt_owf);
 231         memcpy(&pwd->smb_nt_owf[16], pwd->nt_cli_chal, pwd->nt_cli_chal_len);
 232         pwd->nt_owf_len = pwd->nt_cli_chal_len + 16;
 233
 234         SMBsesskeygen_ntv2(kr, pwd->smb_nt_owf, pwd->sess_key);
 235
 236 #if DEBUG_PASSWORD
 237 #endif
 238
 239 #ifdef DEBUG_PASSWORD
 240         DEBUG(100,("server cryptkey: "));
 241         dump_data(100, srv_key, 8);
 242
 243         DEBUG(100,("client lmv2 cryptkey: "));
 244         dump_data(100, pwd->lm_cli_chal, 8);
 245
 246         DEBUG(100,("client ntv2 cryptkey: "));
 247         dump_data(100, pwd->nt_cli_chal, pwd->nt_cli_chal_len);
 248
 249         DEBUG(100,("ntv2_owf_passwd: "));
 250         dump_data(100, pwd->smb_nt_owf, pwd->nt_owf_len);
 251         DEBUG(100,("nt_sess_pwd: "));
 252         dump_data(100, pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd));
 253
 254         DEBUG(100,("lmv2_owf_passwd: "));
 255         dump_data(100, pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf));
 256         DEBUG(100,("lm_sess_pwd: "));
 257         dump_data(100, pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd));
 258
 259         DEBUG(100,("session key:\n"));
 260         dump_data(100, pwd->sess_key, sizeof(pwd->sess_key));
 261 #endif
 262         pwd->crypted = True;
 263
 264         pwd_obfuscate(pwd);
 265 }
 266
 267 /****************************************************************************
 268  makes lm and nt OWF crypts
 269  ****************************************************************************/
 270 void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8])
 271 {
 272         if (pwd->null_pwd)
 273         {
 274 #ifdef DEBUG_PASSWORD
 275                 DEBUG(100,("pwd_make_lm_nt_owf: NULL password\n"));
 276 #endif
 277                 pwd->nt_owf_len = 0;
 278                 return;
 279         }
 280         pwd_deobfuscate(pwd);
 281
 282         /* generate 24-byte hashes */
 283         SMBOWFencrypt(pwd->smb_lm_pwd, cryptkey, pwd->smb_lm_owf);
 284         SMBOWFencrypt(pwd->smb_nt_pwd, cryptkey, pwd->smb_nt_owf);
 285         pwd->nt_owf_len = 24;
 286
 287         SMBsesskeygen_ntv1(pwd->smb_nt_pwd, pwd->smb_nt_owf, pwd->sess_key);
 288
 289 #ifdef DEBUG_PASSWORD
 290         DEBUG(100,("client cryptkey: "));
 291         dump_data(100, cryptkey, 8);
 292
 293         DEBUG(100,("nt_owf_passwd: "));
 294         dump_data(100, pwd->smb_nt_owf, pwd->nt_owf_len);
 295         DEBUG(100,("nt_sess_pwd: "));
 296         dump_data(100, pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd));
 297
 298         DEBUG(100,("lm_owf_passwd: "));
 299         dump_data(100, pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf));
 300         DEBUG(100,("lm_sess_pwd: "));
 301         dump_data(100, pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd));
 302
 303         DEBUG(100,("session key:\n"));
 304         dump_data(100, pwd->sess_key, sizeof(pwd->sess_key));
 305 #endif
 306
 307         pwd->crypted = True;
 308
 309         pwd_obfuscate(pwd);
 310 }
 311
 312 /****************************************************************************
 313  gets lm and nt crypts
 314  ****************************************************************************/
 315 void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24],
 316                                 uchar *nt_owf, size_t *nt_owf_len,
 317                                 uchar *sess_key)
 318 {
 319         if (pwd->null_pwd)
 320         {
 321 #ifdef DEBUG_PASSWORD
 322                 DEBUG(100,("pwd_get_lm_nt_owf: NULL password\n"));
 323 #endif
 324                 if (nt_owf_len != NULL)
 325                 {
 326                         *nt_owf_len = 0;
 327                 }
 328                 return;
 329         }
 330
 331         pwd_deobfuscate(pwd);
 332         if (lm_owf != NULL)
 333         {
 334                 memcpy(lm_owf, pwd->smb_lm_owf, 24);
 335         }
 336         if (nt_owf != NULL)
 337         {
 338                 memcpy(nt_owf, pwd->smb_nt_owf, pwd->nt_owf_len);
 339         }
 340         if (sess_key != NULL)
 341         {
 342                 memcpy(sess_key, pwd->sess_key, 16);
 343         }
 344         if (nt_owf_len != NULL)
 345         {
 346                 *nt_owf_len = pwd->nt_owf_len;
 347         }
 348         pwd_obfuscate(pwd);
 349 }
 350