2 Unix SMB/Netbios implementation.
4 SMB parameters and setup
5 Copyright (C) Andrew Tridgell 1992-1998
6 Modified by Jeremy Allison 1995.
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 extern int DEBUGLEVEL;
31 #include "smbbyteorder.h"
35 typedef unsigned char uchar;
36 typedef signed short int16;
37 typedef unsigned short uint16;
42 /****************************************************************************
43 Like strncpy but always null terminates. Make sure there is room!
44 The variable n should always be one less than the available size.
45 ****************************************************************************/
47 char *StrnCpy(char *dest,const char *src, size_t n)
50 if (!dest) return(NULL);
55 while (n-- && (*d++ = *src++)) ;
60 size_t skip_multibyte_char(char c)
66 /*******************************************************************
67 safe string copy into a known length string. maxlength does not
68 include the terminating zero.
69 ********************************************************************/
71 char *safe_strcpy(char *dest,const char *src, size_t maxlength)
76 DEBUG(0,("ERROR: NULL dest in safe_strcpy\n"));
87 if (len > maxlength) {
88 DEBUG(0,("ERROR: string overflow by %d in safe_strcpy [%.50s]\n",
89 (int)(len-maxlength), src));
93 memcpy(dest, src, len);
99 void strupper(char *s)
104 size_t skip = skip_multibyte_char( *s );
117 extern void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]);
120 This implements the X/Open SMB password encryption
121 It takes a password, a 8 byte "crypt key" and puts 24 bytes of
122 encrypted password into p24
125 void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24)
127 uchar p14[15], p21[21];
131 StrnCpy((char *)p14,(char *)passwd,14);
133 strupper((char *)p14);
136 SMBOWFencrypt(p21, c8, p24);
138 #ifdef DEBUG_PASSWORD
139 DEBUG(100,("SMBencrypt: lm#, challenge, response\n"));
140 dump_data(100, (char *)p21, 16);
141 dump_data(100, (char *)c8, 8);
142 dump_data(100, (char *)p24, 24);
146 /* Routines for Windows NT MD4 Hash functions. */
147 static int _my_wcslen(int16 *str)
156 * Convert a string into an NT UNICODE string.
157 * Note that regardless of processor type
158 * this must be in intel (little-endian)
162 static int _my_mbstowcs(int16 *dst, uchar *src, int len)
167 for(i = 0; i < len; i++) {
179 * Creates the MD4 Hash of the users password in NT UNICODE.
182 void E_md4hash(uchar *passwd, uchar *p16)
187 /* Password cannot be longer than 128 characters */
188 len = strlen((char *)passwd);
191 /* Password must be converted to NT unicode */
192 _my_mbstowcs(wpwd, passwd, len);
193 wpwd[len] = 0; /* Ensure string is null terminated */
194 /* Calculate length in bytes */
195 len = _my_wcslen(wpwd) * sizeof(int16);
197 mdfour(p16, (unsigned char *)wpwd, len);
200 /* Does both the NT and LM owfs of a user's password */
201 void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16])
205 memset(passwd,'\0',130);
206 safe_strcpy( passwd, pwd, sizeof(passwd)-1);
208 /* Calculate the MD4 hash (NT compatible) of the password */
209 memset(nt_p16, '\0', 16);
210 E_md4hash((uchar *)passwd, nt_p16);
212 #ifdef DEBUG_PASSWORD
213 DEBUG(100,("nt_lm_owf_gen: pwd, nt#\n"));
214 dump_data(120, passwd, strlen(passwd));
215 dump_data(100, (char *)nt_p16, 16);
218 /* Mangle the passwords into Lanman format */
222 /* Calculate the SMB (lanman) hash functions of the password */
224 memset(p16, '\0', 16);
225 E_P16((uchar *) passwd, (uchar *)p16);
227 #ifdef DEBUG_PASSWORD
228 DEBUG(100,("nt_lm_owf_gen: pwd, lm#\n"));
229 dump_data(120, passwd, strlen(passwd));
230 dump_data(100, (char *)p16, 16);
232 /* clear out local copy of user's password (just being paranoid). */
233 memset(passwd, '\0', sizeof(passwd));
236 /* Does the des encryption from the NT or LM MD4 hash. */
237 void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24])
243 memcpy(p21, passwd, 16);
247 /* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */
248 void NTLMSSPOWFencrypt(uchar passwd[8], uchar *ntlmchalresp, uchar p24[24])
253 memcpy(p21, passwd, 8);
254 memset(p21 + 8, 0xbd, 8);
256 E_P24(p21, ntlmchalresp, p24);
257 #ifdef DEBUG_PASSWORD
258 DEBUG(100,("NTLMSSPOWFencrypt: p21, c8, p24\n"));
259 dump_data(100, (char *)p21, 21);
260 dump_data(100, (char *)ntlmchalresp, 8);
261 dump_data(100, (char *)p24, 24);
266 /* Does the NT MD4 hash then des encryption. */
268 void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24)
274 E_md4hash(passwd, p21);
275 SMBOWFencrypt(p21, c8, p24);
277 #ifdef DEBUG_PASSWORD
278 DEBUG(100,("SMBNTencrypt: nt#, challenge, response\n"));
279 dump_data(100, (char *)p21, 16);
280 dump_data(100, (char *)c8, 8);
281 dump_data(100, (char *)p24, 24);
287 BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode)
289 int new_pw_len = strlen(passwd) * (unicode ? 2 : 1);
291 if (new_pw_len > 512)
293 DEBUG(0,("make_oem_passwd_hash: new password is too long.\n"));
298 * Now setup the data area.
299 * We need to generate a random fill
300 * for this area to make it harder to
303 generate_random_buffer((unsigned char *)data, 516, False);
306 struni2( &data[512 - new_pw_len], passwd);
310 fstrcpy( &data[512 - new_pw_len], passwd);
312 SIVAL(data, 512, new_pw_len);
314 #ifdef DEBUG_PASSWORD
315 DEBUG(100,("make_oem_passwd_hash\n"));
316 dump_data(100, data, 516);
318 SamOEMhash( (unsigned char *)data, (unsigned char *)old_pw_hash, True);