1 #ifndef _LIBCLI_AUTH_PROTO_H__ 2 #define _LIBCLI_AUTH_PROTO_H__ 3 4 #undef _PRINTF_ATTRIBUTE 5 #define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2) 6 7 #include "lib/crypto/gnutls_helpers.h" 8 9 /* this file contains prototypes for functions that are private 10 * to this subsystem or library. These functions should not be 11 * used outside this particular subsystem! */ 12 13 14 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/credentials.c */ 15 16 bool netlogon_creds_is_random_challenge(const struct netr_Credential *challenge); 17 void netlogon_creds_random_challenge(struct netr_Credential *challenge); 18 19 NTSTATUS netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, 20 struct netr_LMSessionKey *key); 21 NTSTATUS netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, 22 struct netr_LMSessionKey *key); 23 NTSTATUS netlogon_creds_des_encrypt(struct netlogon_creds_CredentialState *creds, 24 struct samr_Password *pass); 25 NTSTATUS netlogon_creds_des_decrypt(struct netlogon_creds_CredentialState *creds, 26 struct samr_Password *pass); 27 NTSTATUS netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *creds, 28 uint8_t *data, 29 size_t len); 30 NTSTATUS netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds, 31 uint8_t *data, 32 size_t len); 33 NTSTATUS netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, 34 uint8_t *data, 35 size_t len); 36 37 /***************************************************************** 38 The above functions are common to the client and server interface 39 next comes the client specific functions 40 ******************************************************************/ 41 struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *mem_ctx, 42 const char *client_account, 43 const char *client_computer_name, 44 uint16_t secure_channel_type, 45 const struct netr_Credential *client_challenge, 46 const struct netr_Credential *server_challenge, 47 const struct samr_Password *machine_password, 48 struct netr_Credential *initial_credential, 49 uint32_t negotiate_flags); 50 struct netlogon_creds_CredentialState *netlogon_creds_client_init_session_key(TALLOC_CTX *mem_ctx, 51 const uint8_t session_key[16]); 52 NTSTATUS 53 netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds, 54 struct netr_Authenticator *next); 55 bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds, 56 const struct netr_Credential *received_credentials); 57 struct netlogon_creds_CredentialState *netlogon_creds_copy( 58 TALLOC_CTX *mem_ctx, 59 const struct netlogon_creds_CredentialState *creds_in); 60 61 /***************************************************************** 62 The above functions are common to the client and server interface 63 next comes the server specific functions 64 ******************************************************************/ 65 struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *mem_ctx, 66 const char *client_account, 67 const char *client_computer_name, 68 uint16_t secure_channel_type, 69 const struct netr_Credential *client_challenge, 70 const struct netr_Credential *server_challenge, 71 const struct samr_Password *machine_password, 72 const struct netr_Credential *credentials_in, 73 struct netr_Credential *credentials_out, 74 uint32_t negotiate_flags); 75 NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds, 76 const struct netr_Authenticator *received_authenticator, 77 struct netr_Authenticator *return_authenticator) ; 78 NTSTATUS netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, 79 uint16_t validation_level, 80 union netr_Validation *validation); 81 NTSTATUS netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, 82 uint16_t validation_level, 83 union netr_Validation *validation); 84 NTSTATUS netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds, 85 enum netr_LogonInfoClass level, 86 union netr_LogonLevel *logon); 87 NTSTATUS netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds, 88 enum netr_LogonInfoClass level, 89 union netr_LogonLevel *logon); 90 union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx, 91 enum netr_LogonInfoClass level, 92 const union netr_LogonLevel *in); 93 94 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */ 95 96 int sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key, 97 enum samba_gnutls_direction encrypt); 98 DATA_BLOB sess_encrypt_string(const char *str, const DATA_BLOB *session_key); 99 char *sess_decrypt_string(TALLOC_CTX *mem_ctx, 100 DATA_BLOB *blob, const DATA_BLOB *session_key); 101 DATA_BLOB sess_encrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob_in, const DATA_BLOB *session_key); 102 NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DATA_BLOB *session_key, 103 DATA_BLOB *ret); 104 105 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/smbencrypt.c */ 106 107 int SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[24]); 108 bool SMBencrypt(const char *passwd, const uint8_t *c8, uint8_t p24[24]); 109 110 /** 111 * Creates the MD4 Hash of the users password in NT UNICODE. 112 * @param passwd password in 'unix' charset. 113 * @param p16 return password hashed with md4, caller allocated 16 byte buffer 114 */ 115 bool E_md4hash(const char *passwd, uint8_t p16[16]); 116 117 /** 118 * Creates the DES forward-only Hash of the users password in DOS ASCII charset 119 * @param passwd password in 'unix' charset. 120 * @param p16 return password hashed with DES, caller allocated 16 byte buffer 121 * @return false if password was > 14 characters, and therefore may be incorrect, otherwise true 122 * @note p16 is filled in regardless 123 */ 124 bool E_deshash(const char *passwd, uint8_t p16[16]); 125 126 /** 127 * Creates the MD4 and DES (LM) Hash of the users password. 128 * MD4 is of the NT Unicode, DES is of the DOS UPPERCASE password. 129 * @param passwd password in 'unix' charset. 130 * @param nt_p16 return password hashed with md4, caller allocated 16 byte buffer 131 * @param p16 return password hashed with des, caller allocated 16 byte buffer 132 */ 133 void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], uint8_t p16[16]); 134 bool ntv2_owf_gen(const uint8_t owf[16], 135 const char *user_in, const char *domain_in, 136 uint8_t kr_buf[16]); 137 int SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]); 138 int SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p24); 139 int SMBNTencrypt(const char *passwd, const uint8_t *c8, uint8_t *p24); 140 NTSTATUS SMBOWFencrypt_ntv2(const uint8_t kr[16], 141 const DATA_BLOB *srv_chal, 142 const DATA_BLOB *smbcli_chal, 143 uint8_t resp_buf[16]); 144 NTSTATUS SMBsesskeygen_ntv2(const uint8_t kr[16], 145 const uint8_t *nt_resp, 146 uint8_t sess_key[16]); 147 void SMBsesskeygen_ntv1(const uint8_t kr[16], uint8_t sess_key[16]); 148 NTSTATUS SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16], 149 const uint8_t lm_resp[24], /* only uses 8 */ 150 uint8_t sess_key[16]); 151 DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx, 152 const char *hostname, 153 const char *domain); 154 bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx, 155 const char *user, const char *domain, const uint8_t nt_hash[16], 156 const DATA_BLOB *server_chal, 157 const NTTIME *server_timestamp, 158 const DATA_BLOB *names_blob, 159 DATA_BLOB *lm_response, DATA_BLOB *nt_response, 160 DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) ; 161 bool SMBNTLMv2encrypt(TALLOC_CTX *mem_ctx, 162 const char *user, const char *domain, 163 const char *password, 164 const DATA_BLOB *server_chal, 165 const DATA_BLOB *names_blob, 166 DATA_BLOB *lm_response, DATA_BLOB *nt_response, 167 DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) ; 168 NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name, 169 const char *account_domain, 170 const DATA_BLOB response, 171 const struct netlogon_creds_CredentialState *creds, 172 const char *workgroup); 173 174 /*********************************************************** 175 encode a password buffer with a unicode password. The buffer 176 is filled with random data to make it harder to attack. 177 ************************************************************/ 178 bool encode_pw_buffer(uint8_t buffer[516], const char *password, int string_flags); 179 180 /*********************************************************** 181 decode a password buffer 182 *new_pw_len is the length in bytes of the possibly mulitbyte 183 returned password including termination. 184 ************************************************************/ 185 bool decode_pw_buffer(TALLOC_CTX *ctx, 186 uint8_t in_buffer[516], 187 char **pp_new_pwrd, 188 size_t *new_pw_len, 189 charset_t string_charset); 190 191 /*********************************************************** 192 Encode an arc4 password change buffer. 193 ************************************************************/ 194 NTSTATUS encode_rc4_passwd_buffer(const char *passwd, 195 const DATA_BLOB *session_key, 196 struct samr_CryptPasswordEx *out_crypt_pwd); 197 198 /*********************************************************** 199 Decode an arc4 encrypted password change buffer. 200 ************************************************************/ 201 NTSTATUS decode_rc4_passwd_buffer(const DATA_BLOB *psession_key, 202 struct samr_CryptPasswordEx *inout_crypt_pwd); 203 204 /*********************************************************** 205 encode a password buffer with an already unicode password. The 206 rest of the buffer is filled with random data to make it harder to attack. 207 ************************************************************/ 208 bool set_pw_in_buffer(uint8_t buffer[516], const DATA_BLOB *password); 209 210 /*********************************************************** 211 decode a password buffer 212 *new_pw_size is the length in bytes of the extracted unicode password 213 ************************************************************/ 214 bool extract_pw_from_buffer(TALLOC_CTX *mem_ctx, 215 uint8_t in_buffer[516], DATA_BLOB *new_pass); 216 struct wkssvc_PasswordBuffer; 217 WERROR encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, 218 const char *pwd, 219 DATA_BLOB *session_key, 220 struct wkssvc_PasswordBuffer **pwd_buf); 221 WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, 222 struct wkssvc_PasswordBuffer *pwd_buf, 223 DATA_BLOB *session_key, 224 char **pwd); 225 226 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/smbdes.c */ 227 228 int des_crypt56_gnutls(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], 229 enum samba_gnutls_direction encrypt); 230 int E_P16(const uint8_t *p14,uint8_t *p16); 231 int E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24); 232 int E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out); 233 int des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]); 234 int des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14], 235 enum samba_gnutls_direction encrypt); 236 int des_crypt112_16(uint8_t out[16], const uint8_t in[16], const uint8_t key[14], 237 enum samba_gnutls_direction encrypt); 238 int sam_rid_crypt(unsigned int rid, const uint8_t *in, uint8_t *out, 239 enum samba_gnutls_direction encrypt); 240 #undef _PRINTF_ATTRIBUTE 241 #define _PRINTF_ATTRIBUTE(a1, a2) 242 243 #endif 244 245