libcli/auth/proto.h

   1 #ifndef _LIBCLI_AUTH_PROTO_H__
   2 #define _LIBCLI_AUTH_PROTO_H__
   3
   4 #undef _PRINTF_ATTRIBUTE
   5 #define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
   6
   7 /* this file contains prototypes for functions that are private
   8  * to this subsystem or library. These functions should not be
   9  * used outside this particular subsystem! */
  10
  11
  12 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/credentials.c  */
  13
  14 void netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key);
  15 void netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key);
  16 void netlogon_creds_des_encrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass);
  17 void netlogon_creds_des_decrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass);
  18 void netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len);
  19 void netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len);
  20 void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len);
  21
  22 /*****************************************************************
  23 The above functions are common to the client and server interface
  24 next comes the client specific functions
  25 ******************************************************************/
  26 struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *mem_ctx,
  27                                                                   const char *client_account,
  28                                                                   const char *client_computer_name,
  29                                                                   uint16_t secure_channel_type,
  30                                                                   const struct netr_Credential *client_challenge,
  31                                                                   const struct netr_Credential *server_challenge,
  32                                                                   const struct samr_Password *machine_password,
  33                                                                   struct netr_Credential *initial_credential,
  34                                                                   uint32_t negotiate_flags);
  35 struct netlogon_creds_CredentialState *netlogon_creds_client_init_session_key(TALLOC_CTX *mem_ctx,
  36                                                                               const uint8_t session_key[16]);
  37 void netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds,
  38                                 struct netr_Authenticator *next);
  39 bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
  40                         const struct netr_Credential *received_credentials);
  41 struct netlogon_creds_CredentialState *netlogon_creds_copy(TALLOC_CTX *mem_ctx,
  42                                                            struct netlogon_creds_CredentialState *creds_in);
  43
  44 /*****************************************************************
  45 The above functions are common to the client and server interface
  46 next comes the server specific functions
  47 ******************************************************************/
  48 struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *mem_ctx,
  49                                                                   const char *client_account,
  50                                                                   const char *client_computer_name,
  51                                                                   uint16_t secure_channel_type,
  52                                                                   const struct netr_Credential *client_challenge,
  53                                                                   const struct netr_Credential *server_challenge,
  54                                                                   const struct samr_Password *machine_password,
  55                                                                   struct netr_Credential *credentials_in,
  56                                                                   struct netr_Credential *credentials_out,
  57                                                                   uint32_t negotiate_flags);
  58 NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds,
  59                                  struct netr_Authenticator *received_authenticator,
  60                                  struct netr_Authenticator *return_authenticator) ;
  61 void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
  62                                                 uint16_t validation_level,
  63                                                 union netr_Validation *validation);
  64 void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
  65                                                 uint16_t validation_level,
  66                                                 union netr_Validation *validation);
  67
  68 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c  */
  69
  70 void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key,
  71                      bool forward);
  72 DATA_BLOB sess_encrypt_string(const char *str, const DATA_BLOB *session_key);
  73 char *sess_decrypt_string(TALLOC_CTX *mem_ctx,
  74                           DATA_BLOB *blob, const DATA_BLOB *session_key);
  75 DATA_BLOB sess_encrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob_in, const DATA_BLOB *session_key);
  76 NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DATA_BLOB *session_key,
  77                            DATA_BLOB *ret);
  78
  79 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/smbencrypt.c  */
  80
  81 void SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[24]);
  82 bool SMBencrypt(const char *passwd, const uint8_t *c8, uint8_t p24[24]);
  83
  84 /**
  85  * Creates the MD4 Hash of the users password in NT UNICODE.
  86  * @param passwd password in 'unix' charset.
  87  * @param p16 return password hashed with md4, caller allocated 16 byte buffer
  88  */
  89 bool E_md4hash(const char *passwd, uint8_t p16[16]);
  90
  91 /**
  92  * Creates the MD5 Hash of a combination of 16 byte salt and 16 byte NT hash.
  93  * @param 16 byte salt.
  94  * @param 16 byte NT hash.
  95  * @param 16 byte return hashed with md5, caller allocated 16 byte buffer
  96  */
  97 void E_md5hash(const uint8_t salt[16], const uint8_t nthash[16], uint8_t hash_out[16]);
  98
  99 /**
 100  * Creates the DES forward-only Hash of the users password in DOS ASCII charset
 101  * @param passwd password in 'unix' charset.
 102  * @param p16 return password hashed with DES, caller allocated 16 byte buffer
 103  * @return false if password was > 14 characters, and therefore may be incorrect, otherwise true
 104  * @note p16 is filled in regardless
 105  */
 106 bool E_deshash(const char *passwd, uint8_t p16[16]);
 107
 108 /**
 109  * Creates the MD4 and DES (LM) Hash of the users password.
 110  * MD4 is of the NT Unicode, DES is of the DOS UPPERCASE password.
 111  * @param passwd password in 'unix' charset.
 112  * @param nt_p16 return password hashed with md4, caller allocated 16 byte buffer
 113  * @param p16 return password hashed with des, caller allocated 16 byte buffer
 114  */
 115 void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], uint8_t p16[16]);
 116 bool ntv2_owf_gen(const uint8_t owf[16],
 117                   const char *user_in, const char *domain_in,
 118                   uint8_t kr_buf[16]);
 119 void SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]);
 120 void SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p24);
 121 void SMBNTencrypt(const char *passwd, const uint8_t *c8, uint8_t *p24);
 122 void SMBOWFencrypt_ntv2(const uint8_t kr[16],
 123                         const DATA_BLOB *srv_chal,
 124                         const DATA_BLOB *smbcli_chal,
 125                         uint8_t resp_buf[16]);
 126 void SMBsesskeygen_ntv2(const uint8_t kr[16],
 127                         const uint8_t * nt_resp, uint8_t sess_key[16]);
 128 void SMBsesskeygen_ntv1(const uint8_t kr[16], uint8_t sess_key[16]);
 129 void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
 130                                const uint8_t lm_resp[24], /* only uses 8 */
 131                                uint8_t sess_key[16]);
 132 DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx,
 133                                      const char *hostname,
 134                                      const char *domain);
 135 bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx,
 136                            const char *user, const char *domain, const uint8_t nt_hash[16],
 137                            const DATA_BLOB *server_chal,
 138                            const DATA_BLOB *names_blob,
 139                            DATA_BLOB *lm_response, DATA_BLOB *nt_response,
 140                            DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) ;
 141 bool SMBNTLMv2encrypt(TALLOC_CTX *mem_ctx,
 142                       const char *user, const char *domain,
 143                       const char *password,
 144                       const DATA_BLOB *server_chal,
 145                       const DATA_BLOB *names_blob,
 146                       DATA_BLOB *lm_response, DATA_BLOB *nt_response,
 147                       DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) ;
 148
 149 /***********************************************************
 150  encode a password buffer with a unicode password.  The buffer
 151  is filled with random data to make it harder to attack.
 152 ************************************************************/
 153 bool encode_pw_buffer(uint8_t buffer[516], const char *password, int string_flags);
 154
 155 /***********************************************************
 156  decode a password buffer
 157  *new_pw_len is the length in bytes of the possibly mulitbyte
 158  returned password including termination.
 159 ************************************************************/
 160 bool decode_pw_buffer(TALLOC_CTX *ctx,
 161                       uint8_t in_buffer[516],
 162                       char **pp_new_pwrd,
 163                       size_t *new_pw_len,
 164                       charset_t string_charset);
 165
 166 /***********************************************************
 167  Decode an arc4 encrypted password change buffer.
 168 ************************************************************/
 169 void encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532], const DATA_BLOB *psession_key);
 170
 171 /***********************************************************
 172  encode a password buffer with an already unicode password.  The
 173  rest of the buffer is filled with random data to make it harder to attack.
 174 ************************************************************/
 175 bool set_pw_in_buffer(uint8_t buffer[516], DATA_BLOB *password);
 176
 177 /***********************************************************
 178  decode a password buffer
 179  *new_pw_size is the length in bytes of the extracted unicode password
 180 ************************************************************/
 181 bool extract_pw_from_buffer(TALLOC_CTX *mem_ctx,
 182                             uint8_t in_buffer[516], DATA_BLOB *new_pass);
 183 void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 184                                         const char *pwd,
 185                                         DATA_BLOB *session_key,
 186                                         struct wkssvc_PasswordBuffer **pwd_buf);
 187 WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 188                                           struct wkssvc_PasswordBuffer *pwd_buf,
 189                                           DATA_BLOB *session_key,
 190                                           char **pwd);
 191
 192 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/smbdes.c  */
 193
 194 void des_crypt56(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], int forw);
 195 void E_P16(const uint8_t *p14,uint8_t *p16);
 196 void E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24);
 197 void D_P16(const uint8_t *p14, const uint8_t *in, uint8_t *out);
 198 void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out);
 199 void des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]);
 200 void des_crypt64(uint8_t out[8], const uint8_t in[8], const uint8_t key[8], int forw);
 201 void des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14], int forw);
 202 void des_crypt112_16(uint8_t out[16], const uint8_t in[16], const uint8_t key[14], int forw);
 203 void sam_rid_crypt(unsigned int rid, const uint8_t *in, uint8_t *out, int forw);
 204 #undef _PRINTF_ATTRIBUTE
 205 #define _PRINTF_ATTRIBUTE(a1, a2)
 206
 207 #endif
 208