2 Unix SMB/Netbios implementation.
4 SMB parameters and setup
5 Copyright (C) Andrew Tridgell 1992-1998
6 Modified by Jeremy Allison 1995.
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 extern int DEBUGLEVEL;
31 #include "smbbyteorder.h"
33 #include "smbencrypt.h"
37 typedef unsigned char uchar;
38 typedef signed short int16;
44 /****************************************************************************
45 Like strncpy but always null terminates. Make sure there is room!
46 The variable n should always be one less than the available size.
47 ****************************************************************************/
49 char *StrnCpy(char *dest,const char *src, size_t n)
52 if (!dest) return(NULL);
57 while (n-- && (*d++ = *src++)) ;
62 size_t skip_multibyte_char(char c)
69 /*******************************************************************
70 safe string copy into a known length string. maxlength does not
71 include the terminating zero.
72 ********************************************************************/
74 char *safe_strcpy(char *dest,const char *src, size_t maxlength)
79 DEBUG(0,("ERROR: NULL dest in safe_strcpy\n"));
90 if (len > maxlength) {
91 DEBUG(0,("ERROR: string overflow by %d in safe_strcpy [%.50s]\n",
92 (int)(len-maxlength), src));
96 memcpy(dest, src, len);
102 void strupper(char *s)
107 size_t skip = skip_multibyte_char( *s );
112 if (islower((unsigned char)*s))
113 *s = toupper((unsigned char)*s);
120 extern void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]);
123 This implements the X/Open SMB password encryption
124 It takes a password, a 8 byte "crypt key" and puts 24 bytes of
125 encrypted password into p24
128 void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24)
130 uchar p14[15], p21[21];
134 StrnCpy((char *)p14,(char *)passwd,14);
136 strupper((char *)p14);
139 SMBOWFencrypt(p21, c8, p24);
141 #ifdef DEBUG_PASSWORD
142 DEBUG(100,("SMBencrypt: lm#, challenge, response\n"));
143 dump_data(100, (char *)p21, 16);
144 dump_data(100, (char *)c8, 8);
145 dump_data(100, (char *)p24, 24);
149 /* Routines for Windows NT MD4 Hash functions. */
150 static int _my_wcslen(int16 *str)
159 * Convert a string into an NT UNICODE string.
160 * Note that regardless of processor type
161 * this must be in intel (little-endian)
165 static int _my_mbstowcs(int16 *dst, uchar *src, int len)
170 for(i = 0; i < len; i++) {
182 * Creates the MD4 Hash of the users password in NT UNICODE.
185 void E_md4hash(uchar *passwd, uchar *p16)
190 /* Password cannot be longer than 128 characters */
191 len = strlen((char *)passwd);
194 /* Password must be converted to NT unicode */
195 _my_mbstowcs(wpwd, passwd, len);
196 wpwd[len] = 0; /* Ensure string is null terminated */
197 /* Calculate length in bytes */
198 len = _my_wcslen(wpwd) * sizeof(int16);
200 mdfour(p16, (unsigned char *)wpwd, len);
203 /* Does both the NT and LM owfs of a user's password */
204 void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16])
208 memset(passwd,'\0',130);
209 safe_strcpy( passwd, pwd, sizeof(passwd)-1);
211 /* Calculate the MD4 hash (NT compatible) of the password */
212 memset(nt_p16, '\0', 16);
213 E_md4hash((uchar *)passwd, nt_p16);
215 #ifdef DEBUG_PASSWORD
216 DEBUG(100,("nt_lm_owf_gen: pwd, nt#\n"));
217 dump_data(120, passwd, strlen(passwd));
218 dump_data(100, (char *)nt_p16, 16);
221 /* Mangle the passwords into Lanman format */
225 /* Calculate the SMB (lanman) hash functions of the password */
227 memset(p16, '\0', 16);
228 E_P16((uchar *) passwd, (uchar *)p16);
230 #ifdef DEBUG_PASSWORD
231 DEBUG(100,("nt_lm_owf_gen: pwd, lm#\n"));
232 dump_data(120, passwd, strlen(passwd));
233 dump_data(100, (char *)p16, 16);
235 /* clear out local copy of user's password (just being paranoid). */
236 memset(passwd, '\0', sizeof(passwd));
239 /* Does the des encryption from the NT or LM MD4 hash. */
240 void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24])
246 memcpy(p21, passwd, 16);
250 /* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */
251 void NTLMSSPOWFencrypt(uchar passwd[8], uchar *ntlmchalresp, uchar p24[24])
256 memcpy(p21, passwd, 8);
257 memset(p21 + 8, 0xbd, 8);
259 E_P24(p21, ntlmchalresp, p24);
260 #ifdef DEBUG_PASSWORD
261 DEBUG(100,("NTLMSSPOWFencrypt: p21, c8, p24\n"));
262 dump_data(100, (char *)p21, 21);
263 dump_data(100, (char *)ntlmchalresp, 8);
264 dump_data(100, (char *)p24, 24);
269 /* Does the NT MD4 hash then des encryption. */
271 void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24)
277 E_md4hash(passwd, p21);
278 SMBOWFencrypt(p21, c8, p24);
280 #ifdef DEBUG_PASSWORD
281 DEBUG(100,("SMBNTencrypt: nt#, challenge, response\n"));
282 dump_data(100, (char *)p21, 16);
283 dump_data(100, (char *)c8, 8);
284 dump_data(100, (char *)p24, 24);
290 BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode)
292 int new_pw_len = strlen(passwd) * (unicode ? 2 : 1);
294 if (new_pw_len > 512)
296 DEBUG(0,("make_oem_passwd_hash: new password is too long.\n"));
301 * Now setup the data area.
302 * We need to generate a random fill
303 * for this area to make it harder to
306 generate_random_buffer((unsigned char *)data, 516, False);
309 struni2( &data[512 - new_pw_len], passwd);
313 fstrcpy( &data[512 - new_pw_len], passwd);
315 SIVAL(data, 512, new_pw_len);
317 #ifdef DEBUG_PASSWORD
318 DEBUG(100,("make_oem_passwd_hash\n"));
319 dump_data(100, data, 516);
321 SamOEMhash( (unsigned char *)data, (unsigned char *)old_pw_hash, True);