Line data Source code
1 : /*
2 : * Unix SMB/CIFS implementation.
3 : * RPC Pipe client / server routines
4 : * Copyright (C) Guenther Deschner 2008.
5 : *
6 : * This program is free software; you can redistribute it and/or modify
7 : * it under the terms of the GNU General Public License as published by
8 : * the Free Software Foundation; either version 3 of the License, or
9 : * (at your option) any later version.
10 : *
11 : * This program is distributed in the hope that it will be useful,
12 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : * GNU General Public License for more details.
15 : *
16 : * You should have received a copy of the GNU General Public License
17 : * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 : */
19 :
20 : #include "includes.h"
21 : #include "../libcli/auth/libcli_auth.h"
22 : #include "rpc_client/init_samr.h"
23 : #include "librpc/rpc/dcerpc_samr.h"
24 :
25 : #include "lib/crypto/gnutls_helpers.h"
26 : #include <gnutls/gnutls.h>
27 : #include <gnutls/crypto.h>
28 :
29 : /*************************************************************************
30 : inits a samr_CryptPasswordEx structure
31 : *************************************************************************/
32 :
33 157 : NTSTATUS init_samr_CryptPasswordEx(const char *pwd,
34 : DATA_BLOB *session_key,
35 : struct samr_CryptPasswordEx *pwd_buf)
36 : {
37 157 : return encode_rc4_passwd_buffer(pwd, session_key, pwd_buf);
38 : }
39 :
40 : /*************************************************************************
41 : inits a samr_CryptPassword structure
42 : *************************************************************************/
43 :
44 2199 : NTSTATUS init_samr_CryptPassword(const char *pwd,
45 : DATA_BLOB *session_key,
46 : struct samr_CryptPassword *pwd_buf)
47 : {
48 : /* samr_CryptPassword */
49 2199 : gnutls_cipher_hd_t cipher_hnd = NULL;
50 3756 : gnutls_datum_t sess_key = {
51 2199 : .data = session_key->data,
52 2199 : .size = session_key->length,
53 : };
54 : bool ok;
55 : int rc;
56 :
57 2199 : ok = encode_pw_buffer(pwd_buf->data, pwd, STR_UNICODE);
58 2199 : if (!ok) {
59 0 : return NT_STATUS_INTERNAL_ERROR;
60 : }
61 :
62 2199 : rc = gnutls_cipher_init(&cipher_hnd,
63 : GNUTLS_CIPHER_ARCFOUR_128,
64 : &sess_key,
65 : NULL);
66 2199 : if (rc != 0) {
67 0 : return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
68 : }
69 2199 : rc = gnutls_cipher_encrypt(cipher_hnd,
70 2199 : pwd_buf->data,
71 : 516);
72 2199 : gnutls_cipher_deinit(cipher_hnd);
73 2199 : if (rc != 0) {
74 0 : return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
75 : }
76 :
77 2199 : return NT_STATUS_OK;
78 : }
79 :
80 98 : NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx,
81 : const char *password,
82 : DATA_BLOB *salt,
83 : DATA_BLOB *session_key,
84 : struct samr_EncryptedPasswordAES *ppwd_buf)
85 : {
86 98 : uint8_t pw_data[514] = {0};
87 98 : DATA_BLOB plaintext = {
88 : .data = pw_data,
89 : .length = sizeof(pw_data),
90 : };
91 98 : DATA_BLOB ciphertext = data_blob_null;
92 98 : NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
93 : bool ok;
94 :
95 98 : if (ppwd_buf == NULL) {
96 0 : return NT_STATUS_INVALID_PARAMETER;
97 : }
98 :
99 98 : ok = encode_pwd_buffer514_from_str(pw_data, password, STR_UNICODE);
100 98 : if (!ok) {
101 0 : return NT_STATUS_INTERNAL_ERROR;
102 : }
103 :
104 98 : status = samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt(
105 : mem_ctx,
106 : &plaintext,
107 : session_key,
108 : &samr_aes256_enc_key_salt,
109 : &samr_aes256_mac_key_salt,
110 : salt,
111 : &ciphertext,
112 98 : ppwd_buf->auth_data);
113 98 : BURN_DATA(pw_data);
114 98 : if (!NT_STATUS_IS_OK(status)) {
115 0 : return status;
116 : }
117 :
118 98 : ppwd_buf->cipher_len = ciphertext.length;
119 98 : ppwd_buf->cipher = ciphertext.data;
120 98 : ppwd_buf->PBKDF2Iterations = 0;
121 :
122 98 : SMB_ASSERT(salt->length == sizeof(ppwd_buf->salt));
123 98 : memcpy(ppwd_buf->salt, salt->data, salt->length);
124 :
125 98 : return NT_STATUS_OK;
126 : }
|