s3/torture: local_rbtree: avoid birthday collisions
[samba4-gss.git] / libcli / auth / proto.h
blobb202542068d179b1a5c32233a8802d545c078060
1 #ifndef _LIBCLI_AUTH_PROTO_H__
2 #define _LIBCLI_AUTH_PROTO_H__
4 #undef _PRINTF_ATTRIBUTE
5 #define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
7 #include "lib/crypto/gnutls_helpers.h"
9 /* this file contains prototypes for functions that are private
10 * to this subsystem or library. These functions should not be
11 * used outside this particular subsystem! */
14 /* The following definitions come from libcli/auth/credentials.c */
16 bool netlogon_creds_is_random_challenge(const struct netr_Credential *challenge);
17 void netlogon_creds_random_challenge(struct netr_Credential *challenge);
19 NTSTATUS netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds,
20 struct netr_LMSessionKey *key);
21 NTSTATUS netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds,
22 struct netr_LMSessionKey *key);
23 NTSTATUS netlogon_creds_des_encrypt(struct netlogon_creds_CredentialState *creds,
24 struct samr_Password *pass);
25 NTSTATUS netlogon_creds_des_decrypt(struct netlogon_creds_CredentialState *creds,
26 struct samr_Password *pass);
27 NTSTATUS netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *creds,
28 uint8_t *data,
29 size_t len);
30 NTSTATUS netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds,
31 uint8_t *data,
32 size_t len);
33 NTSTATUS netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds,
34 uint8_t *data,
35 size_t len);
37 /*****************************************************************
38 The above functions are common to the client and server interface
39 next comes the client specific functions
40 ******************************************************************/
41 struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *mem_ctx,
42 const char *client_account,
43 const char *client_computer_name,
44 uint16_t secure_channel_type,
45 const struct netr_Credential *client_challenge,
46 const struct netr_Credential *server_challenge,
47 const struct samr_Password *machine_password,
48 struct netr_Credential *initial_credential,
49 uint32_t negotiate_flags);
50 struct netlogon_creds_CredentialState *netlogon_creds_client_init_session_key(TALLOC_CTX *mem_ctx,
51 const uint8_t session_key[16]);
52 NTSTATUS
53 netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds,
54 struct netr_Authenticator *next);
55 bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
56 const struct netr_Credential *received_credentials);
57 struct netlogon_creds_CredentialState *netlogon_creds_copy(
58 TALLOC_CTX *mem_ctx,
59 const struct netlogon_creds_CredentialState *creds_in);
61 /*****************************************************************
62 The above functions are common to the client and server interface
63 next comes the server specific functions
64 ******************************************************************/
65 struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *mem_ctx,
66 const char *client_account,
67 const char *client_computer_name,
68 uint16_t secure_channel_type,
69 const struct netr_Credential *client_challenge,
70 const struct netr_Credential *server_challenge,
71 const struct samr_Password *machine_password,
72 const struct netr_Credential *credentials_in,
73 struct netr_Credential *credentials_out,
74 uint32_t negotiate_flags);
75 NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds,
76 const struct netr_Authenticator *received_authenticator,
77 struct netr_Authenticator *return_authenticator) ;
78 NTSTATUS netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
79 uint16_t validation_level,
80 union netr_Validation *validation);
81 NTSTATUS netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
82 uint16_t validation_level,
83 union netr_Validation *validation);
84 NTSTATUS netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
85 enum netr_LogonInfoClass level,
86 union netr_LogonLevel *logon);
87 NTSTATUS netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
88 enum netr_LogonInfoClass level,
89 union netr_LogonLevel *logon);
90 union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
91 enum netr_LogonInfoClass level,
92 const union netr_LogonLevel *in);
94 /* The following definitions come from libcli/auth/session.c */
96 int sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key,
97 enum samba_gnutls_direction encrypt);
98 DATA_BLOB sess_encrypt_string(const char *str, const DATA_BLOB *session_key);
99 char *sess_decrypt_string(TALLOC_CTX *mem_ctx,
100 DATA_BLOB *blob, const DATA_BLOB *session_key);
101 DATA_BLOB sess_encrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob_in, const DATA_BLOB *session_key);
102 NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DATA_BLOB *session_key,
103 DATA_BLOB *ret);
105 /* The following definitions come from libcli/auth/smbencrypt.c */
107 int SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[24]);
108 bool SMBencrypt(const char *passwd, const uint8_t *c8, uint8_t p24[24]);
111 * Creates the MD4 Hash of the users password in NT UNICODE.
112 * @param passwd password in 'unix' charset.
113 * @param p16 return password hashed with md4, caller allocated 16 byte buffer
115 bool E_md4hash(const char *passwd, uint8_t p16[16]);
118 * Creates the DES forward-only Hash of the users password in DOS ASCII charset
119 * @param passwd password in 'unix' charset.
120 * @param p16 return password hashed with DES, caller allocated 16 byte buffer
121 * @return false if password was > 14 characters, and therefore may be incorrect, otherwise true
122 * @note p16 is filled in regardless
124 bool E_deshash(const char *passwd, uint8_t p16[16]);
127 * Creates the MD4 and DES (LM) Hash of the users password.
128 * MD4 is of the NT Unicode, DES is of the DOS UPPERCASE password.
129 * @param passwd password in 'unix' charset.
130 * @param nt_p16 return password hashed with md4, caller allocated 16 byte buffer
131 * @param p16 return password hashed with des, caller allocated 16 byte buffer
133 void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], uint8_t p16[16]);
134 bool ntv2_owf_gen(const uint8_t owf[16],
135 const char *user_in, const char *domain_in,
136 uint8_t kr_buf[16]);
137 int SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]);
138 int SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p24);
139 int SMBNTencrypt(const char *passwd, const uint8_t *c8, uint8_t *p24);
140 NTSTATUS SMBOWFencrypt_ntv2(const uint8_t kr[16],
141 const DATA_BLOB *srv_chal,
142 const DATA_BLOB *smbcli_chal,
143 uint8_t resp_buf[16]);
144 NTSTATUS SMBsesskeygen_ntv2(const uint8_t kr[16],
145 const uint8_t *nt_resp,
146 uint8_t sess_key[16]);
147 void SMBsesskeygen_ntv1(const uint8_t kr[16], uint8_t sess_key[16]);
148 NTSTATUS SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
149 const uint8_t lm_resp[24], /* only uses 8 */
150 uint8_t sess_key[16]);
151 DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx,
152 const char *hostname,
153 const char *domain);
154 bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx,
155 const char *user, const char *domain, const uint8_t nt_hash[16],
156 const DATA_BLOB *server_chal,
157 const NTTIME *server_timestamp,
158 const DATA_BLOB *names_blob,
159 DATA_BLOB *lm_response, DATA_BLOB *nt_response,
160 DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) ;
161 bool SMBNTLMv2encrypt(TALLOC_CTX *mem_ctx,
162 const char *user, const char *domain,
163 const char *password,
164 const DATA_BLOB *server_chal,
165 const DATA_BLOB *names_blob,
166 DATA_BLOB *lm_response, DATA_BLOB *nt_response,
167 DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) ;
168 NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name,
169 const char *account_domain,
170 const DATA_BLOB response,
171 const struct netlogon_creds_CredentialState *creds,
172 const char *workgroup);
174 /***********************************************************
175 encode a password buffer with a unicode password. The buffer
176 is filled with random data to make it harder to attack.
177 ************************************************************/
178 bool encode_pw_buffer(uint8_t buffer[516], const char *password, int string_flags);
180 /***********************************************************
181 decode a password buffer
182 *new_pw_len is the length in bytes of the possibly mulitbyte
183 returned password including termination.
184 ************************************************************/
185 bool decode_pw_buffer(TALLOC_CTX *ctx,
186 uint8_t in_buffer[516],
187 char **pp_new_pwrd,
188 size_t *new_pw_len,
189 charset_t string_charset);
192 * @brief Encode an password buffer before we encrypt it.
194 * @param buffer[514] The buffer to encode into.
196 * @param password The password we want to encode into the buffer.
198 * @param string_flags String flags for encoding (e.g. STR_UNICODE).
200 * @return true on success, false otherwise.
202 bool encode_pwd_buffer514_from_str(uint8_t buffer[514],
203 const char *password,
204 uint32_t string_flags);
207 * @brief Extract AES password blob from buffer.
209 * This extracts the password from the in_buffer as a data blob. It should
210 * then contain an UTF-16 encoded password.
212 * @param mem_ctx The memory context to allowcate the password on.
214 * @param in_buffer[514] The input buffer to extract the password from.
216 * @param new_password A pointer to the store the extracted password blob.
218 * @return true on success, false otherwise.
220 bool extract_pwd_blob_from_buffer514(TALLOC_CTX *mem_ctx,
221 const uint8_t in_buffer[514],
222 DATA_BLOB *new_password);
225 * @brief Decode AES password buffer to password in the given charset.
227 * @param mem_ctx The memory context to allocate the decoded password on.
229 * @param in_buffer[514] The in buffer with the decrypted password data.
231 * @param string_charset The charset to decode to.
233 * @param decoded_password A pointer to store the blob for the decoded password.
234 * It ensures that the password is NULL terminated.
236 * @return true on success, false otherwise.
238 bool decode_pwd_string_from_buffer514(TALLOC_CTX *mem_ctx,
239 const uint8_t in_buffer[514],
240 charset_t string_charset,
241 DATA_BLOB *decoded_password);
243 /***********************************************************
244 Encode an arc4 password change buffer.
245 ************************************************************/
246 NTSTATUS encode_rc4_passwd_buffer(const char *passwd,
247 const DATA_BLOB *session_key,
248 struct samr_CryptPasswordEx *out_crypt_pwd);
250 /***********************************************************
251 Decode an arc4 encrypted password change buffer.
252 ************************************************************/
253 NTSTATUS decode_rc4_passwd_buffer(const DATA_BLOB *psession_key,
254 struct samr_CryptPasswordEx *inout_crypt_pwd);
256 /***********************************************************
257 encode a password buffer with an already unicode password. The
258 rest of the buffer is filled with random data to make it harder to attack.
259 ************************************************************/
260 bool set_pw_in_buffer(uint8_t buffer[516], const DATA_BLOB *password);
262 /***********************************************************
263 decode a password buffer
264 *new_pw_size is the length in bytes of the extracted unicode password
265 ************************************************************/
266 bool extract_pw_from_buffer(TALLOC_CTX *mem_ctx,
267 uint8_t in_buffer[516], DATA_BLOB *new_pass);
268 struct wkssvc_PasswordBuffer;
269 WERROR encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
270 const char *pwd,
271 DATA_BLOB *session_key,
272 struct wkssvc_PasswordBuffer **pwd_buf);
273 WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
274 struct wkssvc_PasswordBuffer *pwd_buf,
275 DATA_BLOB *session_key,
276 char **pwd);
278 /* The following definitions come from libcli/auth/smbdes.c */
280 int des_crypt56_gnutls(uint8_t out[8], const uint8_t in[8], const uint8_t key[7],
281 enum samba_gnutls_direction encrypt);
282 int E_P16(const uint8_t *p14,uint8_t *p16);
283 int E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24);
284 int E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out);
285 int des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]);
286 int des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14],
287 enum samba_gnutls_direction encrypt);
288 int des_crypt112_16(uint8_t out[16], const uint8_t in[16], const uint8_t key[14],
289 enum samba_gnutls_direction encrypt);
290 int sam_rid_crypt(unsigned int rid, const uint8_t *in, uint8_t *out,
291 enum samba_gnutls_direction encrypt);
292 #undef _PRINTF_ATTRIBUTE
293 #define _PRINTF_ATTRIBUTE(a1, a2)
295 #endif