source4/auth/ntlm/auth_util.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Authentication utility functions
   4    Copyright (C) Andrew Tridgell 1992-1998
   5    Copyright (C) Andrew Bartlett 2001
   6    Copyright (C) Jeremy Allison 2000-2001
   7    Copyright (C) Rafal Szczesniak 2002
   8    Copyright (C) Stefan Metzmacher 2005
   9
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License as published by
  12    the Free Software Foundation; either version 3 of the License, or
  13    (at your option) any later version.
  14
  15    This program is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU General Public License for more details.
  19
  20    You should have received a copy of the GNU General Public License
  21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22 */
  23
  24 #include "includes.h"
  25 #include "auth/auth.h"
  26 #include "libcli/auth/libcli_auth.h"
  27 #include "param/param.h"
  28 #include "auth/ntlm/auth_proto.h"
  29 #include "librpc/gen_ndr/drsuapi.h"
  30 #include "dsdb/samdb/samdb.h"
  31 #include "lib/crypto/gnutls_helpers.h"
  32
  33 #undef DBGC_CLASS
  34 #define DBGC_CLASS DBGC_AUTH
  35
  36 /****************************************************************************
  37  Create an auth_usersupplied_data structure after appropriate mapping.
  38 ****************************************************************************/
  39
  40 NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth4_context *auth_context,
  41                            enum auth_password_state to_state,
  42                            const struct auth_usersupplied_info *user_info_in,
  43                            const struct auth_usersupplied_info **user_info_encrypted)
  44 {
  45         int rc;
  46         NTSTATUS nt_status;
  47         struct auth_usersupplied_info *user_info_temp;
  48         switch (to_state) {
  49         case AUTH_PASSWORD_RESPONSE:
  50                 switch (user_info_in->password_state) {
  51                 case AUTH_PASSWORD_PLAIN:
  52                 {
  53                         const struct auth_usersupplied_info *user_info_temp2;
  54                         nt_status = encrypt_user_info(mem_ctx, auth_context,
  55                                                       AUTH_PASSWORD_HASH,
  56                                                       user_info_in, &user_info_temp2);
  57                         if (!NT_STATUS_IS_OK(nt_status)) {
  58                                 return nt_status;
  59                         }
  60                         user_info_in = user_info_temp2;
  61
  62                         FALL_THROUGH;
  63                 }
  64                 case AUTH_PASSWORD_HASH:
  65                 {
  66                         uint8_t chal[8];
  67                         DATA_BLOB chall_blob;
  68                         user_info_temp = talloc_zero(mem_ctx, struct auth_usersupplied_info);
  69                         if (!user_info_temp) {
  70                                 return NT_STATUS_NO_MEMORY;
  71                         }
  72                         if (!talloc_reference(user_info_temp, user_info_in)) {
  73                                 return NT_STATUS_NO_MEMORY;
  74                         }
  75                         *user_info_temp = *user_info_in;
  76                         user_info_temp->password_state = to_state;
  77
  78                         nt_status = auth_get_challenge(auth_context, chal);
  79                         if (!NT_STATUS_IS_OK(nt_status)) {
  80                                 return nt_status;
  81                         }
  82
  83                         chall_blob = data_blob_talloc(mem_ctx, chal, 8);
  84                         if (lpcfg_client_ntlmv2_auth(auth_context->lp_ctx)) {
  85                                 DATA_BLOB names_blob = NTLMv2_generate_names_blob(mem_ctx,  lpcfg_netbios_name(auth_context->lp_ctx), lpcfg_workgroup(auth_context->lp_ctx));
  86                                 DATA_BLOB lmv2_response, ntlmv2_response, lmv2_session_key, ntlmv2_session_key;
  87
  88                                 if (!SMBNTLMv2encrypt_hash(user_info_temp,
  89                                                            user_info_in->client.account_name,
  90                                                            user_info_in->client.domain_name,
  91                                                            user_info_in->password.hash.nt->hash,
  92                                                            &chall_blob,
  93                                                            NULL, /* server_timestamp */
  94                                                            &names_blob,
  95                                                            &lmv2_response, &ntlmv2_response,
  96                                                            &lmv2_session_key, &ntlmv2_session_key)) {
  97                                         data_blob_free(&names_blob);
  98                                         return NT_STATUS_NO_MEMORY;
  99                                 }
 100                                 data_blob_free(&names_blob);
 101                                 user_info_temp->password.response.lanman = lmv2_response;
 102                                 user_info_temp->password.response.nt = ntlmv2_response;
 103
 104                                 data_blob_free(&lmv2_session_key);
 105                                 data_blob_free(&ntlmv2_session_key);
 106                         } else {
 107                                 DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, 24);
 108                                 rc = SMBOWFencrypt(user_info_in->password.hash.nt->hash, chal, blob.data);
 109                                 if (rc != 0) {
 110                                         return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
 111                                 }
 112                                 user_info_temp->password.response.nt = blob;
 113                                 if (lpcfg_client_lanman_auth(auth_context->lp_ctx) && user_info_in->password.hash.lanman) {
 114                                         DATA_BLOB lm_blob = data_blob_talloc(mem_ctx, NULL, 24);
 115                                         rc = SMBOWFencrypt(user_info_in->password.hash.lanman->hash, chal, blob.data);
 116                                         if (rc != 0) {
 117                                                 return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
 118                                         }
 119                                         user_info_temp->password.response.lanman = lm_blob;
 120                                 } else {
 121                                         /* if not sending the LM password, send the NT password twice */
 122                                         user_info_temp->password.response.lanman = user_info_temp->password.response.nt;
 123                                 }
 124                         }
 125
 126                         user_info_in = user_info_temp;
 127
 128                         FALL_THROUGH;
 129                 }
 130                 case AUTH_PASSWORD_RESPONSE:
 131                         *user_info_encrypted = user_info_in;
 132                 }
 133                 break;
 134         case AUTH_PASSWORD_HASH:
 135         {
 136                 switch (user_info_in->password_state) {
 137                 case AUTH_PASSWORD_PLAIN:
 138                 {
 139                         struct samr_Password lanman;
 140                         struct samr_Password nt;
 141
 142                         user_info_temp = talloc_zero(mem_ctx, struct auth_usersupplied_info);
 143                         if (!user_info_temp) {
 144                                 return NT_STATUS_NO_MEMORY;
 145                         }
 146                         if (!talloc_reference(user_info_temp, user_info_in)) {
 147                                 return NT_STATUS_NO_MEMORY;
 148                         }
 149                         *user_info_temp = *user_info_in;
 150                         user_info_temp->password_state = to_state;
 151
 152                         if (E_deshash(user_info_in->password.plaintext, lanman.hash)) {
 153                                 user_info_temp->password.hash.lanman = talloc(user_info_temp,
 154                                                                               struct samr_Password);
 155                                 *user_info_temp->password.hash.lanman = lanman;
 156                         } else {
 157                                 user_info_temp->password.hash.lanman = NULL;
 158                         }
 159
 160                         E_md4hash(user_info_in->password.plaintext, nt.hash);
 161                         user_info_temp->password.hash.nt = talloc(user_info_temp,
 162                                                                    struct samr_Password);
 163                         *user_info_temp->password.hash.nt = nt;
 164
 165                         user_info_in = user_info_temp;
 166
 167                         FALL_THROUGH;
 168                 }
 169                 case AUTH_PASSWORD_HASH:
 170                         *user_info_encrypted = user_info_in;
 171                         break;
 172                 default:
 173                         return NT_STATUS_INVALID_PARAMETER;
 174                         break;
 175                 }
 176                 break;
 177         }
 178         default:
 179                 return NT_STATUS_INVALID_PARAMETER;
 180         }
 181
 182         return NT_STATUS_OK;
 183 }