smb_auth.c revision 2
2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved. 2N/A * smb_auth_qnd_unicode 2N/A * Quick and dirty unicode conversion! 2N/A * Returns the length of dst in bytes. 2N/A * Converts the given LM password to all uppercase. 2N/A * The standard strupr cannot 2N/A * be used here because lm_pwd doesn't have to be 2N/A * Source: Implementing CIFS (Chris Hertel) 2N/A * 1. The password, as entered by user, is either padded with nulls 2N/A * or trimmed to 14 bytes. 2N/A * . Note that the 14-byte result string is not handled as a 2N/A * nul-terminated string. 2N/A * . The given password is OEM not Unicode 2N/A * 2. The 14-byte password is converted to all uppercase 2N/A * 3. The result is used as key to encrypt the KGS magic string to 2N/A * make a 16-byte hash. 2N/A * smb_auth_lm_response 2N/A * Create a LM response from the given LM hash and challenge. 2N/A * Returns SMBAUTH_FAILURE if any problems occur, SMBAUTH_SUCCESS if 2N/A * 14-byte LM Hash should be padded with 5 nul bytes to create 2N/A * a 21-byte string to be used in producing LM response 2N/A /* padded LM Hash -> LM Response */ 2N/A * smb_auth_ntlm_hash 2N/A * Make NTLM Hash (using MD4) from the given password. 2N/A * The result will contain a 16-byte NTLM hash. 2N/A * smb_auth_ntlm_response 2N/A * smb_auth_ntlm2_session_hash 2N/A * data = concat(challenge, client_nonce); [ntlm2 session nonce] 2N/A * NTLM2 session hash = head(hash, 8); 2N/A * Returns SMBAUTH_SUCCESS if cryptology framework use was successful, 2N/A * Otherwise, returns SMBAUTH_FAILURE. 2N/A * ntlm2_sess_rsp = DES(data=ntlm2_sess_hash, key=ntlm_hash) 2N/A * On success, returns SMBAUTH_SUCCESS. Otherwise, returns SMBAUTH_FAILURE. 2N/A * smb_auth_gen_data_blob 2N/A * Fill the NTLMv2 data blob structure with information as described in 2N/A * "Implementing CIFS, The Common Internet File System". (pg. 282) 2N/A * It increments the pointer to the destination buffer for the easy of 2N/A * smb_auth_blob_to_string 2N/A * Prepare the data blob string which will be used in NTLMv2 response 2N/A * Assumption: Caller must allocate big enough buffer to prevent buffer 2N/A * Returns the len of the data blob string. 2N/A /*LINTED E_PTRDIFF_OVERFLOW*/ 2N/A * smb_auth_ntlmv2_hash 2N/A * The NTLM v2 hash will be created from the given NTLM hash, username, 2N/A * and the NETBIOS name of the domain. 2N/A * The NTLMv2 hash will be returned via the ntlmv2_hash parameter which 2N/A * will be used in the calculation of the NTLMv2 and LMv2 responses. 2N/A * smb_auth_v2_response 2N/A * Caculates either the LMv2 or NTLMv2 response. 2N/A * Same algorithm is used for calculating both LMv2 or NTLMv2 responses. 2N/A * This routine will return NTLMv2 response if the data blob information 2N/A * is passed in as the clnt_data. Otherwise, it will return LMv2 response 2N/A * with the 8-byte client challenge(a.k.a blip) as the clnt_data. 2N/A * (LM/NTLM)v2 response is the hmac-md5 hash of the specified data 2N/A * (server challenge + NTLMv2 data blob or LMv2 client challenge) 2N/A * using the NTLMv2 hash as the key. 2N/A * Returns the size of the corresponding v2 response upon success. 2N/A * Otherwise, returns -1 on error. 2N/A * Fill the smb_auth_info instance with either NTLM or NTLMv2 related 2N/A * authentication information based on the LMCompatibilityLevel. 2N/A * If the LMCompatibilityLevel equals 2, the SMB Redirector will perform 2N/A * If the LMCompatibilityLevel is 3 or above, the SMB Redirector will 2N/A * NTLM hash, NTLMv2 hash, NTLMv2 response and LMv2 response. 2N/A * Returns -1 on error. Otherwise, returns 0 upon success. 2N/A /* generate data blob */ 2N/A /* generate NTLMv2 response */ 2N/A /* generate LMv2 response */ 2N/A * smb_auth_gen_session_key 2N/A * Generate the NTLM user session key if LMCompatibilityLevel is 2 or 2N/A * NTLMv2 user session key if LMCompatibilityLevel is 3 or above. 2N/A * NTLM_Session_Key = MD4(NTLM_Hash); 2N/A * NTLMv2_Session_Key = HMAC_MD5(NTLMv2Hash, 16, NTLMv2_HMAC, 16) 2N/A * Prior to calling this function, the auth instance should be set 2N/A * via smb_auth_set_info(). 2N/A * Returns the appropriate session key. 2N/A/* 100's of ns between 1/1/1970 and 1/1/1601 */ 2N/A * Local Authentication 2N/A * 15.5.2 The NTLMv2 Password Hash, pg. 279, of the "Implementing CIFS" 2N/A * The NTLMv2 Hash is created from: 2N/A * - user's username, and 2N/A * - the name of the logon destination(i.e. the NetBIOS name of either 2N/A * the SMB server or NT Domain against which the user is trying to 2N/A * Experiments show this is not exactly the case. 2N/A * For Windows Server 2003, the domain name needs to be included and 2N/A * converted to uppercase. For Vista, the domain name needs to be 2N/A * included also, but leave the case alone. And in some cases it needs 2N/A * to be empty. All three variants are tried here. 2N/A for (i = 0; i < (
sizeof (
dest) /
sizeof (
char *)); i++) {
2N/A * NTLM2 Session Response User Session Key 2N/A * Used when NTLMv1 authentication is employed with NTLM2 session security. 2N/A * This key is derived from the NTLM2 session response information as follows: 2N/A * The HMAC-MD5 algorithm is applied to the session nonce, using the NTLM 2N/A * User Session Key as the key. The resulting 16-byte value is the NTLM2 2N/A * Session Response User Session Key. 2N/A * 15.5.2 The NTLMv2 Password Hash, pg. 279, of the "Implementing CIFS" 2N/A * The NTLMv2 Hash is created from: 2N/A * - user's username, and 2N/A * - the name of the logon destination(i.e. the NetBIOS name of either 2N/A * the SMB server or NT Domain against which the suer is trying to 2N/A * Experiments show this is not exactly the case. 2N/A * For Windows Server 2003, the domain name needs to be included and 2N/A * converted to uppercase. For Vista, the domain name needs to be 2N/A * included also, but leave the case alone. And in some cases it needs 2N/A * to be empty. All three variants are tried here. 2N/A for (i = 0; i < (
sizeof (
dest) /
sizeof (
char *)); i++) {
2N/A * smb_auth_validate_lm 2N/A * Validates given LM/LMv2 client response, passed in passwd arg, against 2N/A * stored user's password, passed in smbpw 2N/A * If LM level <=3 server accepts LM responses, otherwise LMv2 2N/A * smb_auth_validate_nt 2N/A * passed in passwd arg, against stored user's password, passed in smbpw 2N/A * If LM level <=4 server accepts NTLM/NTLMv2 responses, otherwise only NTLMv2.