source: vendor/current/libcli/auth/proto.h

Last change on this file was 988, checked in by Silvan Scherrer, 9 years ago

Samba Server: update vendor to version 4.4.3
File size: 11.1 KB
Line 
1#ifndef _LIBCLI_AUTH_PROTO_H__
2#define _LIBCLI_AUTH_PROTO_H__
3
4#undef _PRINTF_ATTRIBUTE
5#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
6
7/* this file contains prototypes for functions that are private
8 * to this subsystem or library. These functions should not be
9 * used outside this particular subsystem! */
10
11
12/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/credentials.c */
13
14void netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key);
15void netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key);
16void netlogon_creds_des_encrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass);
17void netlogon_creds_des_decrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass);
18void netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len);
19void netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len);
20void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len);
21
22/*****************************************************************
23The above functions are common to the client and server interface
24next comes the client specific functions
25******************************************************************/
26struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *mem_ctx,
27 const char *client_account,
28 const char *client_computer_name,
29 uint16_t secure_channel_type,
30 const struct netr_Credential *client_challenge,
31 const struct netr_Credential *server_challenge,
32 const struct samr_Password *machine_password,
33 struct netr_Credential *initial_credential,
34 uint32_t negotiate_flags);
35struct netlogon_creds_CredentialState *netlogon_creds_client_init_session_key(TALLOC_CTX *mem_ctx,
36 const uint8_t session_key[16]);
37void netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds,
38 struct netr_Authenticator *next);
39bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
40 const struct netr_Credential *received_credentials);
41struct netlogon_creds_CredentialState *netlogon_creds_copy(TALLOC_CTX *mem_ctx,
42 struct netlogon_creds_CredentialState *creds_in);
43
44/*****************************************************************
45The above functions are common to the client and server interface
46next comes the server specific functions
47******************************************************************/
48struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *mem_ctx,
49 const char *client_account,
50 const char *client_computer_name,
51 uint16_t secure_channel_type,
52 const struct netr_Credential *client_challenge,
53 const struct netr_Credential *server_challenge,
54 const struct samr_Password *machine_password,
55 const struct netr_Credential *credentials_in,
56 struct netr_Credential *credentials_out,
57 uint32_t negotiate_flags);
58NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds,
59 const struct netr_Authenticator *received_authenticator,
60 struct netr_Authenticator *return_authenticator) ;
61void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
62 uint16_t validation_level,
63 union netr_Validation *validation);
64void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
65 uint16_t validation_level,
66 union netr_Validation *validation);
67void netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
68 enum netr_LogonInfoClass level,
69 union netr_LogonLevel *logon);
70void netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
71 enum netr_LogonInfoClass level,
72 union netr_LogonLevel *logon);
73union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
74 enum netr_LogonInfoClass level,
75 const union netr_LogonLevel *in);
76
77/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */
78
79void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key,
80 bool forward);
81DATA_BLOB sess_encrypt_string(const char *str, const DATA_BLOB *session_key);
82char *sess_decrypt_string(TALLOC_CTX *mem_ctx,
83 DATA_BLOB *blob, const DATA_BLOB *session_key);
84DATA_BLOB sess_encrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob_in, const DATA_BLOB *session_key);
85NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DATA_BLOB *session_key,
86 DATA_BLOB *ret);
87
88/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/smbencrypt.c */
89
90void SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[24]);
91bool SMBencrypt(const char *passwd, const uint8_t *c8, uint8_t p24[24]);
92
93/**
94 * Creates the MD4 Hash of the users password in NT UNICODE.
95 * @param passwd password in 'unix' charset.
96 * @param p16 return password hashed with md4, caller allocated 16 byte buffer
97 */
98bool E_md4hash(const char *passwd, uint8_t p16[16]);
99
100/**
101 * Creates the MD5 Hash of a combination of 16 byte salt and 16 byte NT hash.
102 * @param 16 byte salt.
103 * @param 16 byte NT hash.
104 * @param 16 byte return hashed with md5, caller allocated 16 byte buffer
105 */
106void E_md5hash(const uint8_t salt[16], const uint8_t nthash[16], uint8_t hash_out[16]);
107
108/**
109 * Creates the DES forward-only Hash of the users password in DOS ASCII charset
110 * @param passwd password in 'unix' charset.
111 * @param p16 return password hashed with DES, caller allocated 16 byte buffer
112 * @return false if password was > 14 characters, and therefore may be incorrect, otherwise true
113 * @note p16 is filled in regardless
114 */
115bool E_deshash(const char *passwd, uint8_t p16[16]);
116
117/**
118 * Creates the MD4 and DES (LM) Hash of the users password.
119 * MD4 is of the NT Unicode, DES is of the DOS UPPERCASE password.
120 * @param passwd password in 'unix' charset.
121 * @param nt_p16 return password hashed with md4, caller allocated 16 byte buffer
122 * @param p16 return password hashed with des, caller allocated 16 byte buffer
123 */
124void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], uint8_t p16[16]);
125bool ntv2_owf_gen(const uint8_t owf[16],
126 const char *user_in, const char *domain_in,
127 uint8_t kr_buf[16]);
128void SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]);
129void SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p24);
130void SMBNTencrypt(const char *passwd, const uint8_t *c8, uint8_t *p24);
131void SMBOWFencrypt_ntv2(const uint8_t kr[16],
132 const DATA_BLOB *srv_chal,
133 const DATA_BLOB *smbcli_chal,
134 uint8_t resp_buf[16]);
135void SMBsesskeygen_ntv2(const uint8_t kr[16],
136 const uint8_t * nt_resp, uint8_t sess_key[16]);
137void SMBsesskeygen_ntv1(const uint8_t kr[16], uint8_t sess_key[16]);
138void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
139 const uint8_t lm_resp[24], /* only uses 8 */
140 uint8_t sess_key[16]);
141DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx,
142 const char *hostname,
143 const char *domain);
144bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx,
145 const char *user, const char *domain, const uint8_t nt_hash[16],
146 const DATA_BLOB *server_chal,
147 const NTTIME *server_timestamp,
148 const DATA_BLOB *names_blob,
149 DATA_BLOB *lm_response, DATA_BLOB *nt_response,
150 DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) ;
151bool SMBNTLMv2encrypt(TALLOC_CTX *mem_ctx,
152 const char *user, const char *domain,
153 const char *password,
154 const DATA_BLOB *server_chal,
155 const DATA_BLOB *names_blob,
156 DATA_BLOB *lm_response, DATA_BLOB *nt_response,
157 DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) ;
158NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name,
159 const char *account_domain,
160 const DATA_BLOB response,
161 const struct netlogon_creds_CredentialState *creds,
162 const char *workgroup);
163
164/***********************************************************
165 encode a password buffer with a unicode password. The buffer
166 is filled with random data to make it harder to attack.
167************************************************************/
168bool encode_pw_buffer(uint8_t buffer[516], const char *password, int string_flags);
169
170/***********************************************************
171 decode a password buffer
172 *new_pw_len is the length in bytes of the possibly mulitbyte
173 returned password including termination.
174************************************************************/
175bool decode_pw_buffer(TALLOC_CTX *ctx,
176 uint8_t in_buffer[516],
177 char **pp_new_pwrd,
178 size_t *new_pw_len,
179 charset_t string_charset);
180
181/***********************************************************
182 Decode an arc4 encrypted password change buffer.
183************************************************************/
184void encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532], const DATA_BLOB *psession_key);
185
186/***********************************************************
187 encode a password buffer with an already unicode password. The
188 rest of the buffer is filled with random data to make it harder to attack.
189************************************************************/
190bool set_pw_in_buffer(uint8_t buffer[516], DATA_BLOB *password);
191
192/***********************************************************
193 decode a password buffer
194 *new_pw_size is the length in bytes of the extracted unicode password
195************************************************************/
196bool extract_pw_from_buffer(TALLOC_CTX *mem_ctx,
197 uint8_t in_buffer[516], DATA_BLOB *new_pass);
198struct wkssvc_PasswordBuffer;
199void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
200 const char *pwd,
201 DATA_BLOB *session_key,
202 struct wkssvc_PasswordBuffer **pwd_buf);
203WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
204 struct wkssvc_PasswordBuffer *pwd_buf,
205 DATA_BLOB *session_key,
206 char **pwd);
207
208/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/smbdes.c */
209
210void des_crypt56(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], int forw);
211void E_P16(const uint8_t *p14,uint8_t *p16);
212void E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24);
213void D_P16(const uint8_t *p14, const uint8_t *in, uint8_t *out);
214void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out);
215void des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]);
216void des_crypt64(uint8_t out[8], const uint8_t in[8], const uint8_t key[8], int forw);
217void des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14], int forw);
218void des_crypt112_16(uint8_t out[16], const uint8_t in[16], const uint8_t key[14], int forw);
219void sam_rid_crypt(unsigned int rid, const uint8_t *in, uint8_t *out, int forw);
220#undef _PRINTF_ATTRIBUTE
221#define _PRINTF_ATTRIBUTE(a1, a2)
222
223#endif
224
Note: See TracBrowser for help on using the repository browser.