1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 /*
27 * NETR challenge/response client functions.
28 *
29 * NT_STATUS_INVALID_PARAMETER
30 * NT_STATUS_NO_TRUST_SAM_ACCOUNT
31 * NT_STATUS_ACCESS_DENIED
32 */
33
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <strings.h>
37 #include <unistd.h>
38 #include <ctype.h>
39 #include <security/cryptoki.h>
40 #include <security/pkcs11.h>
41
42 #include <smbsrv/libsmb.h>
43 #include <smbsrv/libsmbns.h>
44 #include <smbsrv/libmlsvc.h>
45 #include <smbsrv/ndl/netlogon.ndl>
46 #include <smbsrv/smbinfo.h>
47 #include <smbsrv/netrauth.h>
48
49 #define NETR_SESSKEY_ZEROBUF_SZ 4
50 /* The DES algorithm uses a 56-bit encryption key. */
51 #define NETR_DESKEY_LEN 7
52
53 int netr_setup_authenticator(netr_info_t *, struct netr_authenticator *,
54 struct netr_authenticator *);
55 DWORD netr_validate_chain(netr_info_t *, struct netr_authenticator *);
56
57 static int netr_server_req_challenge(mlsvc_handle_t *, netr_info_t *);
58 static int netr_server_authenticate2(mlsvc_handle_t *, netr_info_t *);
59 static int netr_gen_password(BYTE *, BYTE *, BYTE *);
60
61 /*
62 * Shared with netr_logon.c
63 */
64 netr_info_t netr_global_info;
65
66 /*
67 * netlogon_auth
68 *
69 * This is the core of the NETLOGON authentication protocol.
70 * Do the challenge response authentication.
71 *
72 * Prior to calling this function, an anonymous session to the NETLOGON
73 * pipe on a domain controller(server) should have already been opened.
74 *
75 * Upon a successful NETLOGON credential chain establishment, the
76 * netlogon sequence number will be set to match the kpasswd sequence
77 * number.
78 *
79 */
80 DWORD
netlogon_auth(char * server,mlsvc_handle_t * netr_handle,DWORD flags)81 netlogon_auth(char *server, mlsvc_handle_t *netr_handle, DWORD flags)
82 {
83 netr_info_t *netr_info;
84 int rc;
85 DWORD leout_rc[2];
86
87 netr_info = &netr_global_info;
88 bzero(netr_info, sizeof (netr_info_t));
89
90 netr_info->flags |= flags;
91
92 rc = smb_getnetbiosname(netr_info->hostname, NETBIOS_NAME_SZ);
93 if (rc != 0)
94 return (NT_STATUS_UNSUCCESSFUL);
95
96 (void) snprintf(netr_info->server, sizeof (netr_info->server),
97 "\\\\%s", server);
98
99 LE_OUT32(&leout_rc[0], random());
100 LE_OUT32(&leout_rc[1], random());
101 (void) memcpy(&netr_info->client_challenge, leout_rc,
102 sizeof (struct netr_credential));
103
104 if ((rc = netr_server_req_challenge(netr_handle, netr_info)) == 0) {
105 rc = netr_server_authenticate2(netr_handle, netr_info);
106 if (rc == 0) {
107 smb_update_netlogon_seqnum();
108 netr_info->flags |= NETR_FLG_VALID;
109
110 }
111 }
112
113 return ((rc) ? NT_STATUS_UNSUCCESSFUL : NT_STATUS_SUCCESS);
114 }
115
116 /*
117 * netr_open
118 *
119 * Open an anonymous session to the NETLOGON pipe on a domain controller
120 * and bind to the NETR RPC interface.
121 *
122 * We store the remote server information, which is used to drive Windows
123 * version specific behavior.
124 */
125 int
netr_open(char * server,char * domain,mlsvc_handle_t * netr_handle)126 netr_open(char *server, char *domain, mlsvc_handle_t *netr_handle)
127 {
128 char user[SMB_USERNAME_MAXLEN];
129
130 smb_ipc_get_user(user, SMB_USERNAME_MAXLEN);
131
132 if (ndr_rpc_bind(netr_handle, server, domain, user, "NETR") < 0)
133 return (-1);
134
135 return (0);
136 }
137
138 /*
139 * netr_close
140 *
141 * Close a NETLOGON pipe and free the RPC context.
142 */
143 int
netr_close(mlsvc_handle_t * netr_handle)144 netr_close(mlsvc_handle_t *netr_handle)
145 {
146 ndr_rpc_unbind(netr_handle);
147 return (0);
148 }
149
150 /*
151 * netr_server_req_challenge
152 */
153 static int
netr_server_req_challenge(mlsvc_handle_t * netr_handle,netr_info_t * netr_info)154 netr_server_req_challenge(mlsvc_handle_t *netr_handle, netr_info_t *netr_info)
155 {
156 struct netr_ServerReqChallenge arg;
157 int opnum;
158
159 bzero(&arg, sizeof (struct netr_ServerReqChallenge));
160 opnum = NETR_OPNUM_ServerReqChallenge;
161
162 arg.servername = (unsigned char *)netr_info->server;
163 arg.hostname = (unsigned char *)netr_info->hostname;
164
165 (void) memcpy(&arg.client_challenge, &netr_info->client_challenge,
166 sizeof (struct netr_credential));
167
168 if (ndr_rpc_call(netr_handle, opnum, &arg) != 0)
169 return (-1);
170
171 if (arg.status != 0) {
172 ndr_rpc_status(netr_handle, opnum, arg.status);
173 ndr_rpc_release(netr_handle);
174 return (-1);
175 }
176
177 (void) memcpy(&netr_info->server_challenge, &arg.server_challenge,
178 sizeof (struct netr_credential));
179
180 ndr_rpc_release(netr_handle);
181 return (0);
182 }
183
184 /*
185 * netr_server_authenticate2
186 */
187 static int
netr_server_authenticate2(mlsvc_handle_t * netr_handle,netr_info_t * netr_info)188 netr_server_authenticate2(mlsvc_handle_t *netr_handle, netr_info_t *netr_info)
189 {
190 struct netr_ServerAuthenticate2 arg;
191 int opnum;
192 int rc;
193 char account_name[NETBIOS_NAME_SZ * 2];
194
195 bzero(&arg, sizeof (struct netr_ServerAuthenticate2));
196 opnum = NETR_OPNUM_ServerAuthenticate2;
197
198 (void) snprintf(account_name, sizeof (account_name), "%s$",
199 netr_info->hostname);
200
201 smb_tracef("server=[%s] account_name=[%s] hostname=[%s]\n",
202 netr_info->server, account_name, netr_info->hostname);
203
204 arg.servername = (unsigned char *)netr_info->server;
205 arg.account_name = (unsigned char *)account_name;
206 arg.account_type = NETR_WKSTA_TRUST_ACCOUNT_TYPE;
207 arg.hostname = (unsigned char *)netr_info->hostname;
208 arg.negotiate_flags = NETR_NEGOTIATE_BASE_FLAGS;
209
210 if (ndr_rpc_server_os(netr_handle) == NATIVE_OS_WIN2000) {
211 arg.negotiate_flags |= NETR_NEGOTIATE_STRONGKEY_FLAG;
212 if (netr_gen_skey128(netr_info) != SMBAUTH_SUCCESS)
213 return (-1);
214 } else {
215 if (netr_gen_skey64(netr_info) != SMBAUTH_SUCCESS)
216 return (-1);
217 }
218
219 if (netr_gen_credentials(netr_info->session_key.key,
220 &netr_info->client_challenge, 0,
221 &netr_info->client_credential) != SMBAUTH_SUCCESS) {
222 return (-1);
223 }
224
225 if (netr_gen_credentials(netr_info->session_key.key,
226 &netr_info->server_challenge, 0,
227 &netr_info->server_credential) != SMBAUTH_SUCCESS) {
228 return (-1);
229 }
230
231 (void) memcpy(&arg.client_credential, &netr_info->client_credential,
232 sizeof (struct netr_credential));
233
234 if (ndr_rpc_call(netr_handle, opnum, &arg) != 0)
235 return (-1);
236
237 if (arg.status != 0) {
238 ndr_rpc_status(netr_handle, opnum, arg.status);
239 ndr_rpc_release(netr_handle);
240 return (-1);
241 }
242
243 rc = memcmp(&netr_info->server_credential, &arg.server_credential,
244 sizeof (struct netr_credential));
245
246 ndr_rpc_release(netr_handle);
247 return (rc);
248 }
249
250 /*
251 * netr_gen_skey128
252 *
253 * Generate a 128-bit session key from the client and server challenges.
254 * See "Session-Key Computation" section of MS-NRPC document.
255 */
256 int
netr_gen_skey128(netr_info_t * netr_info)257 netr_gen_skey128(netr_info_t *netr_info)
258 {
259 unsigned char ntlmhash[SMBAUTH_HASH_SZ];
260 int rc = SMBAUTH_FAILURE;
261 CK_RV rv;
262 CK_MECHANISM mechanism;
263 CK_SESSION_HANDLE hSession;
264 CK_ULONG diglen = MD_DIGEST_LEN;
265 unsigned char md5digest[MD_DIGEST_LEN];
266 unsigned char zerobuf[NETR_SESSKEY_ZEROBUF_SZ];
267
268 bzero(ntlmhash, SMBAUTH_HASH_SZ);
269 /*
270 * We should check (netr_info->flags & NETR_FLG_INIT) and use
271 * the appropriate password but it isn't working yet. So we
272 * always use the default one for now.
273 */
274 bzero(netr_info->password, sizeof (netr_info->password));
275 rc = smb_config_getstr(SMB_CI_MACHINE_PASSWD,
276 (char *)netr_info->password, sizeof (netr_info->password));
277
278 if ((rc != SMBD_SMF_OK) || *netr_info->password == '\0') {
279 return (SMBAUTH_FAILURE);
280 }
281
282 rc = smb_auth_ntlm_hash((char *)netr_info->password, ntlmhash);
283 if (rc != SMBAUTH_SUCCESS)
284 return (SMBAUTH_FAILURE);
285
286 bzero(zerobuf, NETR_SESSKEY_ZEROBUF_SZ);
287
288 mechanism.mechanism = CKM_MD5;
289 mechanism.pParameter = 0;
290 mechanism.ulParameterLen = 0;
291
292 rv = SUNW_C_GetMechSession(mechanism.mechanism, &hSession);
293 if (rv != CKR_OK)
294 return (SMBAUTH_FAILURE);
295
296 rv = C_DigestInit(hSession, &mechanism);
297 if (rv != CKR_OK)
298 goto cleanup;
299
300 rv = C_DigestUpdate(hSession, (CK_BYTE_PTR)zerobuf,
301 NETR_SESSKEY_ZEROBUF_SZ);
302 if (rv != CKR_OK)
303 goto cleanup;
304
305 rv = C_DigestUpdate(hSession,
306 (CK_BYTE_PTR)netr_info->client_challenge.data, NETR_CRED_DATA_SZ);
307 if (rv != CKR_OK)
308 goto cleanup;
309
310 rv = C_DigestUpdate(hSession,
311 (CK_BYTE_PTR)netr_info->server_challenge.data, NETR_CRED_DATA_SZ);
312 if (rv != CKR_OK)
313 goto cleanup;
314
315 rv = C_DigestFinal(hSession, (CK_BYTE_PTR)md5digest, &diglen);
316 if (rv != CKR_OK)
317 goto cleanup;
318
319 rc = smb_auth_hmac_md5(md5digest, diglen, ntlmhash, SMBAUTH_HASH_SZ,
320 netr_info->session_key.key);
321
322 netr_info->session_key.len = NETR_SESSKEY128_SZ;
323 cleanup:
324 (void) C_CloseSession(hSession);
325 return (rc);
326
327 }
328 /*
329 * netr_gen_skey64
330 *
331 * Generate a 64-bit session key from the client and server challenges.
332 * See "Session-Key Computation" section of MS-NRPC document.
333 *
334 * The algorithm is a two stage hash. For the first hash, the input is
335 * the combination of the client and server challenges, the key is
336 * the first 7 bytes of the password. The initial password is formed
337 * using the NT password hash on the local hostname in lower case.
338 * The result is stored in a temporary buffer.
339 *
340 * input: challenge
341 * key: passwd lower 7 bytes
342 * output: intermediate result
343 *
344 * For the second hash, the input is the result of the first hash and
345 * the key is the last 7 bytes of the password.
346 *
347 * input: result of first hash
348 * key: passwd upper 7 bytes
349 * output: session_key
350 *
351 * The final output should be the session key.
352 *
353 * FYI: smb_auth_DES(output, key, input)
354 *
355 * If any difficulties occur using the cryptographic framework, the
356 * function returns SMBAUTH_FAILURE. Otherwise SMBAUTH_SUCCESS is
357 * returned.
358 */
359 int
netr_gen_skey64(netr_info_t * netr_info)360 netr_gen_skey64(netr_info_t *netr_info)
361 {
362 unsigned char md4hash[32];
363 unsigned char buffer[8];
364 DWORD data[2];
365 DWORD *client_challenge;
366 DWORD *server_challenge;
367 int rc;
368 DWORD le_data[2];
369
370 client_challenge = (DWORD *)(uintptr_t)&netr_info->client_challenge;
371 server_challenge = (DWORD *)(uintptr_t)&netr_info->server_challenge;
372 bzero(md4hash, 32);
373
374 /*
375 * We should check (netr_info->flags & NETR_FLG_INIT) and use
376 * the appropriate password but it isn't working yet. So we
377 * always use the default one for now.
378 */
379 bzero(netr_info->password, sizeof (netr_info->password));
380 rc = smb_config_getstr(SMB_CI_MACHINE_PASSWD,
381 (char *)netr_info->password, sizeof (netr_info->password));
382
383 if ((rc != SMBD_SMF_OK) || *netr_info->password == '\0') {
384 return (SMBAUTH_FAILURE);
385 }
386
387 rc = smb_auth_ntlm_hash((char *)netr_info->password, md4hash);
388
389 if (rc != SMBAUTH_SUCCESS)
390 return (SMBAUTH_FAILURE);
391
392 data[0] = LE_IN32(&client_challenge[0]) + LE_IN32(&server_challenge[0]);
393 data[1] = LE_IN32(&client_challenge[1]) + LE_IN32(&server_challenge[1]);
394 LE_OUT32(&le_data[0], data[0]);
395 LE_OUT32(&le_data[1], data[1]);
396 rc = smb_auth_DES(buffer, 8, md4hash, NETR_DESKEY_LEN,
397 (unsigned char *)le_data, 8);
398
399 if (rc != SMBAUTH_SUCCESS)
400 return (rc);
401
402 netr_info->session_key.len = NETR_SESSKEY64_SZ;
403 rc = smb_auth_DES(netr_info->session_key.key,
404 netr_info->session_key.len, &md4hash[9], NETR_DESKEY_LEN, buffer,
405 8);
406
407 return (rc);
408 }
409
410 /*
411 * netr_gen_credentials
412 *
413 * Generate a set of credentials from a challenge and a session key.
414 * The algorithm is a two stage hash. For the first hash, the
415 * timestamp is added to the challenge and the result is stored in a
416 * temporary buffer:
417 *
418 * input: challenge (including timestamp)
419 * key: session_key
420 * output: intermediate result
421 *
422 * For the second hash, the input is the result of the first hash and
423 * a strange partial key is used:
424 *
425 * input: result of first hash
426 * key: funny partial key
427 * output: credentiails
428 *
429 * The final output should be an encrypted set of credentials.
430 *
431 * FYI: smb_auth_DES(output, key, input)
432 *
433 * If any difficulties occur using the cryptographic framework, the
434 * function returns SMBAUTH_FAILURE. Otherwise SMBAUTH_SUCCESS is
435 * returned.
436 */
437 int
netr_gen_credentials(BYTE * session_key,netr_cred_t * challenge,DWORD timestamp,netr_cred_t * out_cred)438 netr_gen_credentials(BYTE *session_key, netr_cred_t *challenge,
439 DWORD timestamp, netr_cred_t *out_cred)
440 {
441 unsigned char buffer[8];
442 DWORD data[2];
443 DWORD le_data[2];
444 DWORD *p;
445 int rc;
446
447 p = (DWORD *)(uintptr_t)challenge;
448 data[0] = LE_IN32(&p[0]) + timestamp;
449 data[1] = LE_IN32(&p[1]);
450
451 LE_OUT32(&le_data[0], data[0]);
452 LE_OUT32(&le_data[1], data[1]);
453
454 if (smb_auth_DES(buffer, 8, session_key, NETR_DESKEY_LEN,
455 (unsigned char *)le_data, 8) != SMBAUTH_SUCCESS)
456 return (SMBAUTH_FAILURE);
457
458 rc = smb_auth_DES(out_cred->data, 8, &session_key[NETR_DESKEY_LEN],
459 NETR_DESKEY_LEN, buffer, 8);
460
461 return (rc);
462 }
463
464 /*
465 * netr_server_password_set
466 *
467 * Attempt to change the trust account password for this system.
468 *
469 * Note that this call may legitimately fail if the registry on the
470 * domain controller has been setup to deny attempts to change the
471 * trust account password. In this case we should just continue to
472 * use the original password.
473 *
474 * Possible status values:
475 * NT_STATUS_ACCESS_DENIED
476 */
477 int
netr_server_password_set(mlsvc_handle_t * netr_handle,netr_info_t * netr_info)478 netr_server_password_set(mlsvc_handle_t *netr_handle, netr_info_t *netr_info)
479 {
480 struct netr_PasswordSet arg;
481 int opnum;
482 BYTE new_password[NETR_OWF_PASSWORD_SZ];
483 char account_name[NETBIOS_NAME_SZ * 2];
484
485 bzero(&arg, sizeof (struct netr_PasswordSet));
486 opnum = NETR_OPNUM_ServerPasswordSet;
487
488 (void) snprintf(account_name, sizeof (account_name), "%s$",
489 netr_info->hostname);
490
491 arg.servername = (unsigned char *)netr_info->server;
492 arg.account_name = (unsigned char *)account_name;
493 arg.account_type = NETR_WKSTA_TRUST_ACCOUNT_TYPE;
494 arg.hostname = (unsigned char *)netr_info->hostname;
495
496 /*
497 * Set up the client side authenticator.
498 */
499 if (netr_setup_authenticator(netr_info, &arg.auth, 0) !=
500 SMBAUTH_SUCCESS) {
501 return (-1);
502 }
503
504 /*
505 * Generate a new password from the old password.
506 */
507 if (netr_gen_password(netr_info->session_key.key,
508 netr_info->password, new_password) == SMBAUTH_FAILURE) {
509 return (-1);
510 }
511
512 (void) memcpy(&arg.uas_new_password, &new_password,
513 NETR_OWF_PASSWORD_SZ);
514
515 if (ndr_rpc_call(netr_handle, opnum, &arg) != 0)
516 return (-1);
517
518 if (arg.status != 0) {
519 ndr_rpc_status(netr_handle, opnum, arg.status);
520 ndr_rpc_release(netr_handle);
521 return (-1);
522 }
523
524 /*
525 * Check the returned credentials. The server returns the new
526 * client credential rather than the new server credentiali,
527 * as documented elsewhere.
528 *
529 * Generate the new seed for the credential chain. Increment
530 * the timestamp and add it to the client challenge. Then we
531 * need to copy the challenge to the credential field in
532 * preparation for the next cycle.
533 */
534 if (netr_validate_chain(netr_info, &arg.auth) == 0) {
535 /*
536 * Save the new password.
537 */
538 (void) memcpy(netr_info->password, new_password,
539 NETR_OWF_PASSWORD_SZ);
540 }
541
542 ndr_rpc_release(netr_handle);
543 return (0);
544 }
545
546 /*
547 * netr_gen_password
548 *
549 * Generate a new pasword from the old password and the session key.
550 * The algorithm is a two stage hash. The session key is used in the
551 * first hash but only part of the session key is used in the second
552 * hash.
553 *
554 * If any difficulties occur using the cryptographic framework, the
555 * function returns SMBAUTH_FAILURE. Otherwise SMBAUTH_SUCCESS is
556 * returned.
557 */
558 static int
netr_gen_password(BYTE * session_key,BYTE * old_password,BYTE * new_password)559 netr_gen_password(BYTE *session_key, BYTE *old_password, BYTE *new_password)
560 {
561 int rv;
562
563 rv = smb_auth_DES(new_password, 8, session_key, NETR_DESKEY_LEN,
564 old_password, 8);
565 if (rv != SMBAUTH_SUCCESS)
566 return (rv);
567
568 rv = smb_auth_DES(&new_password[8], 8, &session_key[NETR_DESKEY_LEN],
569 NETR_DESKEY_LEN, &old_password[8], 8);
570 return (rv);
571 }
572