1#ifndef _LIBCLI_AUTH_PROTO_H__ 2#define _LIBCLI_AUTH_PROTO_H__ 3 4#undef _PRINTF_ATTRIBUTE 5#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2) 6 7/* this file contains prototypes for functions that are private 8 * to this subsystem or library. These functions should not be 9 * used outside this particular subsystem! */ 10 11 12/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/credentials.c */ 13 14void netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key); 15void netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key); 16void netlogon_creds_des_encrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass); 17void netlogon_creds_des_decrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass); 18void netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len); 19 20/***************************************************************** 21The above functions are common to the client and server interface 22next comes the client specific functions 23******************************************************************/ 24struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *mem_ctx, 25 const char *client_account, 26 const char *client_computer_name, 27 const struct netr_Credential *client_challenge, 28 const struct netr_Credential *server_challenge, 29 const struct samr_Password *machine_password, 30 struct netr_Credential *initial_credential, 31 uint32_t negotiate_flags); 32struct netlogon_creds_CredentialState *netlogon_creds_client_init_session_key(TALLOC_CTX *mem_ctx, 33 const uint8_t session_key[16]); 34void netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds, 35 struct netr_Authenticator *next); 36bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds, 37 const struct netr_Credential *received_credentials); 38struct netlogon_creds_CredentialState *netlogon_creds_copy(TALLOC_CTX *mem_ctx, 39 struct netlogon_creds_CredentialState *creds_in); 40 41/***************************************************************** 42The above functions are common to the client and server interface 43next comes the server specific functions 44******************************************************************/ 45struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *mem_ctx, 46 const char *client_account, 47 const char *client_computer_name, 48 uint16_t secure_channel_type, 49 const struct netr_Credential *client_challenge, 50 const struct netr_Credential *server_challenge, 51 const struct samr_Password *machine_password, 52 struct netr_Credential *credentials_in, 53 struct netr_Credential *credentials_out, 54 uint32_t negotiate_flags); 55NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds, 56 struct netr_Authenticator *received_authenticator, 57 struct netr_Authenticator *return_authenticator) ; 58void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *creds, 59 uint16_t validation_level, 60 union netr_Validation *validation) ; 61 62/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */ 63 64void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key, 65 bool forward); 66DATA_BLOB sess_encrypt_string(const char *str, const DATA_BLOB *session_key); 67char *sess_decrypt_string(TALLOC_CTX *mem_ctx, 68 DATA_BLOB *blob, const DATA_BLOB *session_key); 69DATA_BLOB sess_encrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob_in, const DATA_BLOB *session_key); 70NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DATA_BLOB *session_key, 71 DATA_BLOB *ret); 72 73/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/smbencrypt.c */ 74 75void SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[24]); 76bool SMBencrypt(const char *passwd, const uint8_t *c8, uint8_t p24[24]); 77 78/** 79 * Creates the MD4 Hash of the users password in NT UNICODE. 80 * @param passwd password in 'unix' charset. 81 * @param p16 return password hashed with md4, caller allocated 16 byte buffer 82 */ 83bool E_md4hash(const char *passwd, uint8_t p16[16]); 84 85/** 86 * Creates the MD5 Hash of a combination of 16 byte salt and 16 byte NT hash. 87 * @param 16 byte salt. 88 * @param 16 byte NT hash. 89 * @param 16 byte return hashed with md5, caller allocated 16 byte buffer 90 */ 91void E_md5hash(const uint8_t salt[16], const uint8_t nthash[16], uint8_t hash_out[16]); 92 93/** 94 * Creates the DES forward-only Hash of the users password in DOS ASCII charset 95 * @param passwd password in 'unix' charset. 96 * @param p16 return password hashed with DES, caller allocated 16 byte buffer 97 * @return false if password was > 14 characters, and therefore may be incorrect, otherwise true 98 * @note p16 is filled in regardless 99 */ 100bool E_deshash(const char *passwd, uint8_t p16[16]); 101 102/** 103 * Creates the MD4 and DES (LM) Hash of the users password. 104 * MD4 is of the NT Unicode, DES is of the DOS UPPERCASE password. 105 * @param passwd password in 'unix' charset. 106 * @param nt_p16 return password hashed with md4, caller allocated 16 byte buffer 107 * @param p16 return password hashed with des, caller allocated 16 byte buffer 108 */ 109void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], uint8_t p16[16]); 110bool ntv2_owf_gen(const uint8_t owf[16], 111 const char *user_in, const char *domain_in, 112 bool upper_case_domain, /* Transform the domain into UPPER case */ 113 uint8_t kr_buf[16]); 114void SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]); 115void SMBNTencrypt_hash(const uint8_t nt_hash[16], uint8_t *c8, uint8_t *p24); 116void SMBNTencrypt(const char *passwd, uint8_t *c8, uint8_t *p24); 117void SMBOWFencrypt_ntv2(const uint8_t kr[16], 118 const DATA_BLOB *srv_chal, 119 const DATA_BLOB *smbcli_chal, 120 uint8_t resp_buf[16]); 121void SMBsesskeygen_ntv2(const uint8_t kr[16], 122 const uint8_t * nt_resp, uint8_t sess_key[16]); 123void SMBsesskeygen_ntv1(const uint8_t kr[16], uint8_t sess_key[16]); 124void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16], 125 const uint8_t lm_resp[24], /* only uses 8 */ 126 uint8_t sess_key[16]); 127DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx, 128 const char *hostname, 129 const char *domain); 130bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx, 131 const char *user, const char *domain, const uint8_t nt_hash[16], 132 const DATA_BLOB *server_chal, 133 const DATA_BLOB *names_blob, 134 DATA_BLOB *lm_response, DATA_BLOB *nt_response, 135 DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) ; 136bool SMBNTLMv2encrypt(TALLOC_CTX *mem_ctx, 137 const char *user, const char *domain, 138 const char *password, 139 const DATA_BLOB *server_chal, 140 const DATA_BLOB *names_blob, 141 DATA_BLOB *lm_response, DATA_BLOB *nt_response, 142 DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) ; 143 144/*********************************************************** 145 encode a password buffer with a unicode password. The buffer 146 is filled with random data to make it harder to attack. 147************************************************************/ 148bool encode_pw_buffer(uint8_t buffer[516], const char *password, int string_flags); 149 150/*********************************************************** 151 decode a password buffer 152 *new_pw_len is the length in bytes of the possibly mulitbyte 153 returned password including termination. 154************************************************************/ 155bool decode_pw_buffer(TALLOC_CTX *ctx, 156 uint8_t in_buffer[516], 157 char **pp_new_pwrd, 158 size_t *new_pw_len, 159 charset_t string_charset); 160 161/*********************************************************** 162 Decode an arc4 encrypted password change buffer. 163************************************************************/ 164void encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532], const DATA_BLOB *psession_key); 165 166/*********************************************************** 167 encode a password buffer with an already unicode password. The 168 rest of the buffer is filled with random data to make it harder to attack. 169************************************************************/ 170bool set_pw_in_buffer(uint8_t buffer[516], DATA_BLOB *password); 171 172/*********************************************************** 173 decode a password buffer 174 *new_pw_size is the length in bytes of the extracted unicode password 175************************************************************/ 176bool extract_pw_from_buffer(TALLOC_CTX *mem_ctx, 177 uint8_t in_buffer[516], DATA_BLOB *new_pass); 178void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, 179 const char *pwd, 180 DATA_BLOB *session_key, 181 struct wkssvc_PasswordBuffer **pwd_buf); 182WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, 183 struct wkssvc_PasswordBuffer *pwd_buf, 184 DATA_BLOB *session_key, 185 char **pwd); 186 187/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/smbdes.c */ 188 189void des_crypt56(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], int forw); 190void E_P16(const uint8_t *p14,uint8_t *p16); 191void E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24); 192void D_P16(const uint8_t *p14, const uint8_t *in, uint8_t *out); 193void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out); 194void des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]); 195void des_crypt64(uint8_t out[8], const uint8_t in[8], const uint8_t key[8], int forw); 196void des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14], int forw); 197void des_crypt112_16(uint8_t out[16], uint8_t in[16], const uint8_t key[14], int forw); 198void sam_rid_crypt(uint_t rid, const uint8_t *in, uint8_t *out, int forw); 199#undef _PRINTF_ATTRIBUTE 200#define _PRINTF_ATTRIBUTE(a1, a2) 201 202#endif 203 204