1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22/*
23 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
25 */
26
27/*
28 * NETR challenge/response client functions.
29 *
30 * NT_STATUS_INVALID_PARAMETER
31 * NT_STATUS_NO_TRUST_SAM_ACCOUNT
32 * NT_STATUS_ACCESS_DENIED
33 */
34
35#include <stdio.h>
36#include <stdlib.h>
37#include <strings.h>
38#include <unistd.h>
39#include <ctype.h>
40#include <security/cryptoki.h>
41#include <security/pkcs11.h>
42
43#include <smbsrv/libsmb.h>
44#include <smbsrv/libsmbns.h>
45#include <smbsrv/libmlsvc.h>
46#include <smbsrv/ndl/netlogon.ndl>
47#include <smbsrv/smbinfo.h>
48#include <smbsrv/netrauth.h>
49
50#define	NETR_SESSKEY_ZEROBUF_SZ		4
51/* The DES algorithm uses a 56-bit encryption key. */
52#define	NETR_DESKEY_LEN			7
53
54int netr_setup_authenticator(netr_info_t *, struct netr_authenticator *,
55    struct netr_authenticator *);
56DWORD netr_validate_chain(netr_info_t *, struct netr_authenticator *);
57
58static int netr_server_req_challenge(mlsvc_handle_t *, netr_info_t *);
59static int netr_server_authenticate2(mlsvc_handle_t *, netr_info_t *);
60static int netr_gen_password(BYTE *, BYTE *, BYTE *);
61
62/*
63 * Shared with netr_logon.c
64 */
65netr_info_t netr_global_info;
66
67/*
68 * netlogon_auth
69 *
70 * This is the core of the NETLOGON authentication protocol.
71 * Do the challenge response authentication.
72 *
73 * Prior to calling this function, an anonymous session to the NETLOGON
74 * pipe on a domain controller(server) should have already been opened.
75 *
76 * Upon a successful NETLOGON credential chain establishment, the
77 * netlogon sequence number will be set to match the kpasswd sequence
78 * number.
79 *
80 */
81DWORD
82netlogon_auth(char *server, mlsvc_handle_t *netr_handle, DWORD flags)
83{
84	netr_info_t *netr_info;
85	int rc;
86	DWORD leout_rc[2];
87
88	netr_info = &netr_global_info;
89	bzero(netr_info, sizeof (netr_info_t));
90
91	netr_info->flags |= flags;
92
93	rc = smb_getnetbiosname(netr_info->hostname, NETBIOS_NAME_SZ);
94	if (rc != 0)
95		return (NT_STATUS_UNSUCCESSFUL);
96
97	/* server is our DC.  Note: normally an FQDN. */
98	(void) snprintf(netr_info->server, sizeof (netr_info->server),
99	    "\\\\%s", server);
100
101	LE_OUT32(&leout_rc[0], random());
102	LE_OUT32(&leout_rc[1], random());
103	(void) memcpy(&netr_info->client_challenge, leout_rc,
104	    sizeof (struct netr_credential));
105
106	if ((rc = netr_server_req_challenge(netr_handle, netr_info)) == 0) {
107		rc = netr_server_authenticate2(netr_handle, netr_info);
108		if (rc == 0) {
109			/*
110			 * TODO: (later)  When joining a domain using a
111			 * pre-created machine account, should do:
112			 * netr_server_password_set(&netr_handle, netr_info);
113			 * Nexenta issue 11960
114			 */
115			smb_update_netlogon_seqnum();
116			netr_info->flags |= NETR_FLG_VALID;
117
118		}
119	}
120
121	return ((rc) ? NT_STATUS_UNSUCCESSFUL : NT_STATUS_SUCCESS);
122}
123
124/*
125 * netr_open
126 *
127 * Open an anonymous session to the NETLOGON pipe on a domain controller
128 * and bind to the NETR RPC interface.
129 *
130 * We store the remote server information, which is used to drive Windows
131 * version specific behavior.
132 *
133 * Returns 0 or NT status
134 */
135DWORD
136netr_open(char *server, char *domain, mlsvc_handle_t *netr_handle)
137{
138	char user[SMB_USERNAME_MAXLEN];
139	DWORD status;
140
141	smb_ipc_get_user(user, SMB_USERNAME_MAXLEN);
142
143	status = ndr_rpc_bind(netr_handle, server, domain, user, "NETR");
144
145	return (status);
146}
147
148/*
149 * netr_close
150 *
151 * Close a NETLOGON pipe and free the RPC context.
152 */
153int
154netr_close(mlsvc_handle_t *netr_handle)
155{
156	ndr_rpc_unbind(netr_handle);
157	return (0);
158}
159
160/*
161 * netr_server_req_challenge
162 */
163static int
164netr_server_req_challenge(mlsvc_handle_t *netr_handle, netr_info_t *netr_info)
165{
166	struct netr_ServerReqChallenge arg;
167	int opnum;
168
169	bzero(&arg, sizeof (struct netr_ServerReqChallenge));
170	opnum = NETR_OPNUM_ServerReqChallenge;
171
172	arg.servername = (unsigned char *)netr_info->server;
173	arg.hostname = (unsigned char *)netr_info->hostname;
174
175	(void) memcpy(&arg.client_challenge, &netr_info->client_challenge,
176	    sizeof (struct netr_credential));
177
178	if (ndr_rpc_call(netr_handle, opnum, &arg) != 0)
179		return (-1);
180
181	if (arg.status != 0) {
182		ndr_rpc_status(netr_handle, opnum, arg.status);
183		ndr_rpc_release(netr_handle);
184		return (-1);
185	}
186
187	(void) memcpy(&netr_info->server_challenge, &arg.server_challenge,
188	    sizeof (struct netr_credential));
189
190	ndr_rpc_release(netr_handle);
191	return (0);
192}
193
194uint32_t netr_server_auth2_flags =
195    NETR_NEGOTIATE_BASE_FLAGS |
196    NETR_NEGOTIATE_STRONGKEY_FLAG;
197
198/*
199 * netr_server_authenticate2
200 */
201static int
202netr_server_authenticate2(mlsvc_handle_t *netr_handle, netr_info_t *netr_info)
203{
204	struct netr_ServerAuthenticate2 arg;
205	/* sizeof netr_info->hostname, + 1 for the '$' */
206	char account_name[(NETBIOS_NAME_SZ * 2) + 1];
207	int opnum;
208	int rc;
209
210	bzero(&arg, sizeof (struct netr_ServerAuthenticate2));
211	opnum = NETR_OPNUM_ServerAuthenticate2;
212
213	(void) snprintf(account_name, sizeof (account_name), "%s$",
214	    netr_info->hostname);
215
216	smb_tracef("server=[%s] account_name=[%s] hostname=[%s]\n",
217	    netr_info->server, account_name, netr_info->hostname);
218
219	arg.servername = (unsigned char *)netr_info->server;
220	arg.account_name = (unsigned char *)account_name;
221	arg.account_type = NETR_WKSTA_TRUST_ACCOUNT_TYPE;
222	arg.hostname = (unsigned char *)netr_info->hostname;
223	arg.negotiate_flags = netr_server_auth2_flags;
224
225	if (arg.negotiate_flags & NETR_NEGOTIATE_STRONGKEY_FLAG) {
226		if (netr_gen_skey128(netr_info) != SMBAUTH_SUCCESS)
227			return (-1);
228	} else {
229		if (netr_gen_skey64(netr_info) != SMBAUTH_SUCCESS)
230			return (-1);
231	}
232
233	if (netr_gen_credentials(netr_info->session_key.key,
234	    &netr_info->client_challenge, 0,
235	    &netr_info->client_credential) != SMBAUTH_SUCCESS) {
236		return (-1);
237	}
238
239	if (netr_gen_credentials(netr_info->session_key.key,
240	    &netr_info->server_challenge, 0,
241	    &netr_info->server_credential) != SMBAUTH_SUCCESS) {
242		return (-1);
243	}
244
245	(void) memcpy(&arg.client_credential, &netr_info->client_credential,
246	    sizeof (struct netr_credential));
247
248	if (ndr_rpc_call(netr_handle, opnum, &arg) != 0)
249		return (-1);
250
251	if (arg.status != 0) {
252		ndr_rpc_status(netr_handle, opnum, arg.status);
253		ndr_rpc_release(netr_handle);
254		return (-1);
255	}
256
257	rc = memcmp(&netr_info->server_credential, &arg.server_credential,
258	    sizeof (struct netr_credential));
259
260	ndr_rpc_release(netr_handle);
261	return (rc);
262}
263
264/*
265 * netr_gen_skey128
266 *
267 * Generate a 128-bit session key from the client and server challenges.
268 * See "Session-Key Computation" section of MS-NRPC document.
269 */
270int
271netr_gen_skey128(netr_info_t *netr_info)
272{
273	unsigned char ntlmhash[SMBAUTH_HASH_SZ];
274	int rc = SMBAUTH_FAILURE;
275	CK_RV rv;
276	CK_MECHANISM mechanism;
277	CK_SESSION_HANDLE hSession;
278	CK_ULONG diglen = MD_DIGEST_LEN;
279	unsigned char md5digest[MD_DIGEST_LEN];
280	unsigned char zerobuf[NETR_SESSKEY_ZEROBUF_SZ];
281
282	bzero(ntlmhash, SMBAUTH_HASH_SZ);
283	/*
284	 * We should check (netr_info->flags & NETR_FLG_INIT) and use
285	 * the appropriate password but it isn't working yet.  So we
286	 * always use the default one for now.
287	 */
288	bzero(netr_info->password, sizeof (netr_info->password));
289	rc = smb_config_getstr(SMB_CI_MACHINE_PASSWD,
290	    (char *)netr_info->password, sizeof (netr_info->password));
291
292	if ((rc != SMBD_SMF_OK) || *netr_info->password == '\0') {
293		return (SMBAUTH_FAILURE);
294	}
295
296	rc = smb_auth_ntlm_hash((char *)netr_info->password, ntlmhash);
297	if (rc != SMBAUTH_SUCCESS)
298		return (SMBAUTH_FAILURE);
299
300	bzero(zerobuf, NETR_SESSKEY_ZEROBUF_SZ);
301
302	mechanism.mechanism = CKM_MD5;
303	mechanism.pParameter = 0;
304	mechanism.ulParameterLen = 0;
305
306	rv = SUNW_C_GetMechSession(mechanism.mechanism, &hSession);
307	if (rv != CKR_OK)
308		return (SMBAUTH_FAILURE);
309
310	rv = C_DigestInit(hSession, &mechanism);
311	if (rv != CKR_OK)
312		goto cleanup;
313
314	rv = C_DigestUpdate(hSession, (CK_BYTE_PTR)zerobuf,
315	    NETR_SESSKEY_ZEROBUF_SZ);
316	if (rv != CKR_OK)
317		goto cleanup;
318
319	rv = C_DigestUpdate(hSession,
320	    (CK_BYTE_PTR)netr_info->client_challenge.data, NETR_CRED_DATA_SZ);
321	if (rv != CKR_OK)
322		goto cleanup;
323
324	rv = C_DigestUpdate(hSession,
325	    (CK_BYTE_PTR)netr_info->server_challenge.data, NETR_CRED_DATA_SZ);
326	if (rv != CKR_OK)
327		goto cleanup;
328
329	rv = C_DigestFinal(hSession, (CK_BYTE_PTR)md5digest, &diglen);
330	if (rv != CKR_OK)
331		goto cleanup;
332
333	rc = smb_auth_hmac_md5(md5digest, diglen, ntlmhash, SMBAUTH_HASH_SZ,
334	    netr_info->session_key.key);
335
336	netr_info->session_key.len = NETR_SESSKEY128_SZ;
337cleanup:
338	(void) C_CloseSession(hSession);
339	return (rc);
340
341}
342/*
343 * netr_gen_skey64
344 *
345 * Generate a 64-bit session key from the client and server challenges.
346 * See "Session-Key Computation" section of MS-NRPC document.
347 *
348 * The algorithm is a two stage hash. For the first hash, the input is
349 * the combination of the client and server challenges, the key is
350 * the first 7 bytes of the password. The initial password is formed
351 * using the NT password hash on the local hostname in lower case.
352 * The result is stored in a temporary buffer.
353 *
354 *		input:	challenge
355 *		key:	passwd lower 7 bytes
356 *		output:	intermediate result
357 *
358 * For the second hash, the input is the result of the first hash and
359 * the key is the last 7 bytes of the password.
360 *
361 *		input:	result of first hash
362 *		key:	passwd upper 7 bytes
363 *		output:	session_key
364 *
365 * The final output should be the session key.
366 *
367 *		FYI: smb_auth_DES(output, key, input)
368 *
369 * If any difficulties occur using the cryptographic framework, the
370 * function returns SMBAUTH_FAILURE.  Otherwise SMBAUTH_SUCCESS is
371 * returned.
372 */
373int
374netr_gen_skey64(netr_info_t *netr_info)
375{
376	unsigned char md4hash[32];
377	unsigned char buffer[8];
378	DWORD data[2];
379	DWORD *client_challenge;
380	DWORD *server_challenge;
381	int rc;
382	DWORD le_data[2];
383
384	client_challenge = (DWORD *)(uintptr_t)&netr_info->client_challenge;
385	server_challenge = (DWORD *)(uintptr_t)&netr_info->server_challenge;
386	bzero(md4hash, 32);
387
388	/*
389	 * We should check (netr_info->flags & NETR_FLG_INIT) and use
390	 * the appropriate password but it isn't working yet.  So we
391	 * always use the default one for now.
392	 */
393	bzero(netr_info->password, sizeof (netr_info->password));
394	rc = smb_config_getstr(SMB_CI_MACHINE_PASSWD,
395	    (char *)netr_info->password, sizeof (netr_info->password));
396
397	if ((rc != SMBD_SMF_OK) || *netr_info->password == '\0') {
398		return (SMBAUTH_FAILURE);
399	}
400
401	rc = smb_auth_ntlm_hash((char *)netr_info->password, md4hash);
402
403	if (rc != SMBAUTH_SUCCESS)
404		return (SMBAUTH_FAILURE);
405
406	data[0] = LE_IN32(&client_challenge[0]) + LE_IN32(&server_challenge[0]);
407	data[1] = LE_IN32(&client_challenge[1]) + LE_IN32(&server_challenge[1]);
408	LE_OUT32(&le_data[0], data[0]);
409	LE_OUT32(&le_data[1], data[1]);
410	rc = smb_auth_DES(buffer, 8, md4hash, NETR_DESKEY_LEN,
411	    (unsigned char *)le_data, 8);
412
413	if (rc != SMBAUTH_SUCCESS)
414		return (rc);
415
416	netr_info->session_key.len = NETR_SESSKEY64_SZ;
417	rc = smb_auth_DES(netr_info->session_key.key,
418	    netr_info->session_key.len, &md4hash[9], NETR_DESKEY_LEN, buffer,
419	    8);
420
421	return (rc);
422}
423
424/*
425 * netr_gen_credentials
426 *
427 * Generate a set of credentials from a challenge and a session key.
428 * The algorithm is a two stage hash. For the first hash, the
429 * timestamp is added to the challenge and the result is stored in a
430 * temporary buffer:
431 *
432 *		input:	challenge (including timestamp)
433 *		key:	session_key
434 *		output:	intermediate result
435 *
436 * For the second hash, the input is the result of the first hash and
437 * a strange partial key is used:
438 *
439 *		input:	result of first hash
440 *		key:	funny partial key
441 *		output:	credentiails
442 *
443 * The final output should be an encrypted set of credentials.
444 *
445 *		FYI: smb_auth_DES(output, key, input)
446 *
447 * If any difficulties occur using the cryptographic framework, the
448 * function returns SMBAUTH_FAILURE.  Otherwise SMBAUTH_SUCCESS is
449 * returned.
450 */
451int
452netr_gen_credentials(BYTE *session_key, netr_cred_t *challenge,
453    DWORD timestamp, netr_cred_t *out_cred)
454{
455	unsigned char buffer[8];
456	DWORD data[2];
457	DWORD le_data[2];
458	DWORD *p;
459	int rc;
460
461	p = (DWORD *)(uintptr_t)challenge;
462	data[0] = LE_IN32(&p[0]) + timestamp;
463	data[1] = LE_IN32(&p[1]);
464
465	LE_OUT32(&le_data[0], data[0]);
466	LE_OUT32(&le_data[1], data[1]);
467
468	if (smb_auth_DES(buffer, 8, session_key, NETR_DESKEY_LEN,
469	    (unsigned char *)le_data, 8) != SMBAUTH_SUCCESS)
470		return (SMBAUTH_FAILURE);
471
472	rc = smb_auth_DES(out_cred->data, 8, &session_key[NETR_DESKEY_LEN],
473	    NETR_DESKEY_LEN, buffer, 8);
474
475	return (rc);
476}
477
478/*
479 * netr_server_password_set
480 *
481 * Attempt to change the trust account password for this system.
482 *
483 * Note that this call may legitimately fail if the registry on the
484 * domain controller has been setup to deny attempts to change the
485 * trust account password. In this case we should just continue to
486 * use the original password.
487 *
488 * Possible status values:
489 *	NT_STATUS_ACCESS_DENIED
490 */
491int
492netr_server_password_set(mlsvc_handle_t *netr_handle, netr_info_t *netr_info)
493{
494	struct netr_PasswordSet  arg;
495	int opnum;
496	BYTE new_password[NETR_OWF_PASSWORD_SZ];
497	char account_name[NETBIOS_NAME_SZ * 2];
498
499	bzero(&arg, sizeof (struct netr_PasswordSet));
500	opnum = NETR_OPNUM_ServerPasswordSet;
501
502	(void) snprintf(account_name, sizeof (account_name), "%s$",
503	    netr_info->hostname);
504
505	arg.servername = (unsigned char *)netr_info->server;
506	arg.account_name = (unsigned char *)account_name;
507	arg.sec_chan_type = NETR_WKSTA_TRUST_ACCOUNT_TYPE;
508	arg.hostname = (unsigned char *)netr_info->hostname;
509
510	/*
511	 * Set up the client side authenticator.
512	 */
513	if (netr_setup_authenticator(netr_info, &arg.auth, 0) !=
514	    SMBAUTH_SUCCESS) {
515		return (-1);
516	}
517
518	/*
519	 * Generate a new password from the old password.
520	 */
521	if (netr_gen_password(netr_info->session_key.key,
522	    netr_info->password, new_password) == SMBAUTH_FAILURE) {
523		return (-1);
524	}
525
526	(void) memcpy(&arg.owf_password, &new_password,
527	    NETR_OWF_PASSWORD_SZ);
528
529	if (ndr_rpc_call(netr_handle, opnum, &arg) != 0)
530		return (-1);
531
532	if (arg.status != 0) {
533		ndr_rpc_status(netr_handle, opnum, arg.status);
534		ndr_rpc_release(netr_handle);
535		return (-1);
536	}
537
538	/*
539	 * Check the returned credentials.  The server returns the new
540	 * client credential rather than the new server credentiali,
541	 * as documented elsewhere.
542	 *
543	 * Generate the new seed for the credential chain.  Increment
544	 * the timestamp and add it to the client challenge.  Then we
545	 * need to copy the challenge to the credential field in
546	 * preparation for the next cycle.
547	 */
548	if (netr_validate_chain(netr_info, &arg.auth) == 0) {
549		/*
550		 * Save the new password.
551		 */
552		(void) memcpy(netr_info->password, new_password,
553		    NETR_OWF_PASSWORD_SZ);
554	}
555
556	ndr_rpc_release(netr_handle);
557	return (0);
558}
559
560/*
561 * netr_gen_password
562 *
563 * Generate a new pasword from the old password  and the session key.
564 * The algorithm is a two stage hash. The session key is used in the
565 * first hash but only part of the session key is used in the second
566 * hash.
567 *
568 * If any difficulties occur using the cryptographic framework, the
569 * function returns SMBAUTH_FAILURE.  Otherwise SMBAUTH_SUCCESS is
570 * returned.
571 */
572static int
573netr_gen_password(BYTE *session_key, BYTE *old_password, BYTE *new_password)
574{
575	int rv;
576
577	rv = smb_auth_DES(new_password, 8, session_key, NETR_DESKEY_LEN,
578	    old_password, 8);
579	if (rv != SMBAUTH_SUCCESS)
580		return (rv);
581
582	rv = smb_auth_DES(&new_password[8], 8, &session_key[NETR_DESKEY_LEN],
583	    NETR_DESKEY_LEN, &old_password[8], 8);
584	return (rv);
585}
586
587/*
588 * Todo: need netr_server_password_set2()
589 * used by "unsecure join". (NX 11960)
590 */
591