Import sources from 2011-03-30 iso image

1 files changed, 416 insertions, 0 deletions

diff --git a/sys/src/cmd/cifs/auth.c b/sys/src/cmd/cifs/auth.c
new file mode 100755
index 000000000..f72c03d2d
--- /dev/null
+++ b/sys/src/cmd/cifs/auth.c
@@ -0,0 +1,416 @@
+/*
+ * Beware the LM hash is easy to crack (google for l0phtCrack)
+ * and though NTLM is more secure it is still breakable.
+ * Ntlmv2 is better and seen as good enough by the windows community.
+ * For real security use kerberos.
+ */
+#include <u.h>
+#include <libc.h>
+#include <mp.h>
+#include <auth.h>
+#include <libsec.h>
+#include <ctype.h>
+#include <fcall.h>
+#include <thread.h>
+#include <9p.h>
+#include "cifs.h"
+
+#define DEF_AUTH 	"ntlmv2"
+
+static enum {
+	MACkeylen	= 40,	/* MAC key len */
+	MAClen		= 8,	/* signature length */
+	MACoff		= 14,	/* sign. offset from start of SMB (not netbios) pkt */
+	Bliplen		= 8,	/* size of LMv2 client nonce */
+};
+
+static void
+dmp(char *s, int seq, void *buf, int n)
+{
+	int i;
+	char *p = buf;
+
+	print("%s %3d      ", s, seq);
+	while(n > 0){
+		for(i = 0; i < 16 && n > 0; i++, n--)
+			print("%02x ", *p++ & 0xff);
+		if(n > 0)
+			print("\n");
+	}
+	print("\n");
+}
+
+static Auth *
+auth_plain(char *windom, char *keyp, uchar *chal, int len)
+{
+	UserPasswd *up;
+	static Auth *ap;
+
+	USED(chal, len);
+
+	up = auth_getuserpasswd(auth_getkey, "windom=%s proto=pass service=cifs %s",
+		windom, keyp);
+	if(! up)
+		sysfatal("cannot get key - %r");
+
+	ap = emalloc9p(sizeof(Auth));
+	memset(ap, 0, sizeof(ap));
+	ap->user = estrdup9p(up->user);
+	ap->windom = estrdup9p(windom);
+
+	ap->resp[0] = estrdup9p(up->passwd);
+	ap->len[0] = strlen(up->passwd);
+	memset(up->passwd, 0, strlen(up->passwd));
+	free(up);
+
+	return ap;
+}
+
+static Auth *
+auth_lm_and_ntlm(char *windom, char *keyp, uchar *chal, int len)
+{
+	int err;
+	char user[64];
+	Auth *ap;
+	MSchapreply mcr;
+
+	err = auth_respond(chal, len, user, sizeof user, &mcr, sizeof mcr,
+		auth_getkey, "windom=%s proto=mschap role=client service=cifs %s",
+		windom, keyp);
+	if(err == -1)
+		sysfatal("cannot get key - %r");
+
+	ap = emalloc9p(sizeof(Auth));
+	memset(ap, 0, sizeof(ap));
+	ap->user = estrdup9p(user);
+	ap->windom = estrdup9p(windom);
+
+	/* LM response */
+	ap->len[0] = sizeof(mcr.LMresp);
+	ap->resp[0] = emalloc9p(ap->len[0]);
+	memcpy(ap->resp[0], mcr.LMresp, ap->len[0]);
+
+	/* NTLM response */
+	ap->len[1] = sizeof(mcr.NTresp);
+	ap->resp[1] = emalloc9p(ap->len[1]);
+	memcpy(ap->resp[1], mcr.NTresp, ap->len[1]);
+
+	return ap;
+}
+
+/*
+ * NTLM response only, the LM response is a just
+ * copy of the NTLM one. we do this because the lm
+ * response is easily reversed - Google for l0pht
+ * for more info.
+ */
+static Auth *
+auth_ntlm(char *windom, char *keyp, uchar *chal, int len)
+{
+	Auth *ap;
+
+	if((ap = auth_lm_and_ntlm(windom, keyp, chal, len)) == nil)
+		return nil;
+
+	free(ap->resp[0]);
+	ap->len[0] = ap->len[1];
+	ap->resp[0] = emalloc9p(ap->len[0]);
+	memcpy(ap->resp[0], ap->resp[1], ap->len[0]);
+	return ap;
+}
+
+/*
+ * This is not really nescessary as all fields hmac_md5'ed
+ * in the ntlmv2 protocol are less than 64 bytes long, however
+ * I still do this for completeness
+ */
+static DigestState *
+hmac_t64(uchar *data, ulong dlen, uchar *key, ulong klen, uchar *digest,
+	DigestState *state)
+{
+	if(klen > 64)
+		klen = 64;
+	return hmac_md5(data, dlen, key, klen, digest, state);
+}
+
+
+static int
+ntv2_blob(uchar *blob, int len, char *windom)
+{
+	int n;
+	uvlong nttime;
+	Rune r;
+	char *d;
+	uchar *p;
+	enum {			/* name types */
+		Beof,		/* end of name list */
+		Bnetbios,	/* Netbios machine name */
+		Bdomain,	/* Windows Domain name (NT) */
+		Bdnsfqdn,	/* DNS Fully Qualified Domain Name */
+		Bdnsname,	/* DNS machine name (win2k) */
+	};
+
+	p = blob;
+	*p++ = 1;		/* response type */
+	*p++ = 1;		/* max response type understood by client */
+
+	*p++ = 0;
+	*p++ = 0;		/* 2 bytes reserved */
+
+	*p++ = 0;
+	*p++ = 0;
+	*p++ = 0;
+	*p++ = 0;		/* 4 bytes unknown */
+
+	nttime = time(nil);	/* nt time now */
+	nttime += 11644473600LL;
+	nttime *= 10000000LL;
+	*p++ = nttime;
+	*p++ = nttime >> 8;
+	*p++ = nttime >> 16;
+	*p++ = nttime >> 24;
+	*p++ = nttime >> 32;
+	*p++ = nttime >> 40;
+	*p++ = nttime >> 48;
+	*p++ = nttime >> 56;
+
+	genrandom(p, 8);
+	p += 8;			/* client nonce */
+	*p++ = 0x6f;
+	*p++ = 0;
+	*p++ = 0x6e;
+	*p++ = 0;		/* unknown data */
+
+	*p++ = Bdomain;
+	*p++ = 0;		/* name type */
+
+	n = utflen(windom) * 2;
+	*p++ = n;
+	*p++ = n >> 8;		/* name length */
+
+	d = windom;
+	while(*d && p-blob < (len-8)){
+		d += chartorune(&r, d);
+		r = toupperrune(r);
+		*p++ = r;
+		*p++ = r >> 8;
+	}
+
+	*p++ = 0;
+	*p++ = Beof;		/* name type */
+
+	*p++ = 0;
+	*p++ = 0;		/* name length */
+
+	*p++ = 0x65;
+	*p++ = 0;
+	*p++ = 0;
+	*p++ = 0;		/* unknown data */
+	return p - blob;
+}
+
+static Auth *
+auth_ntlmv2(char *windom, char *keyp, uchar *chal, int len)
+{
+	int i, n;
+	Rune r;
+	char *p, *u;
+	uchar v1hash[MD5dlen], blip[Bliplen], blob[1024], v2hash[MD5dlen];
+	uchar c, lm_hmac[MD5dlen], nt_hmac[MD5dlen], nt_sesskey[MD5dlen],
+		lm_sesskey[MD5dlen];
+	DigestState *ds;
+	UserPasswd *up;
+	static Auth *ap;
+
+	up = auth_getuserpasswd(auth_getkey, "windom=%s proto=pass  service=cifs-ntlmv2 %s",
+		windom, keyp);
+	if(!up)
+		sysfatal("cannot get key - %r");
+
+	ap = emalloc9p(sizeof(Auth));
+	memset(ap, 0, sizeof(ap));
+
+	/* Standard says unlimited length, experience says 128 max */
+	if((n = strlen(up->passwd)) > 128)
+		n = 128;
+
+	ds = md4(nil, 0, nil, nil);
+	for(i=0, p=up->passwd; i < n; i++) {
+		p += chartorune(&r, p);
+		c = r;
+		md4(&c, 1, nil, ds);
+		c = r >> 8;
+		md4(&c, 1, nil, ds);
+	}
+	md4(nil, 0, v1hash, ds);
+
+	/*
+	 * Some documentation insists that the username must be forced to
+	 * uppercase, but the domain name should not be. Other shows both
+	 * being forced to uppercase. I am pretty sure this is irrevevant as the
+	 * domain name passed from the remote server always seems to be in
+	 * uppercase already.
+	 */
+        ds = hmac_t64(nil, 0, v1hash, MD5dlen, nil, nil);
+	u = up->user;
+	while(*u){
+		u += chartorune(&r, u);
+		r = toupperrune(r);
+		c = r;
+        	hmac_t64(&c, 1, v1hash, MD5dlen, nil, ds);
+		c = r >> 8;
+        	hmac_t64(&c, 1, v1hash, MD5dlen, nil, ds);
+	}
+	u = windom;
+
+	while(*u){
+		u += chartorune(&r, u);
+		c = r;
+        	hmac_t64(&c, 1, v1hash, MD5dlen, nil, ds);
+		c = r >> 8;
+        	hmac_t64(&c, 1, v1hash, MD5dlen, nil, ds);
+	}
+        hmac_t64(nil, 0, v1hash, MD5dlen, v2hash, ds);
+	ap->user = estrdup9p(up->user);
+	ap->windom = estrdup9p(windom);
+
+	/* LM v2 */
+
+	genrandom(blip, Bliplen);
+        ds = hmac_t64(chal, len, v2hash, MD5dlen, nil, nil);
+	hmac_t64(blip, Bliplen, v2hash, MD5dlen, lm_hmac, ds);
+	ap->len[0] = MD5dlen+Bliplen;
+	ap->resp[0] = emalloc9p(ap->len[0]);
+	memcpy(ap->resp[0], lm_hmac, MD5dlen);
+	memcpy(ap->resp[0]+MD5dlen, blip, Bliplen);
+
+	/* LM v2 session key */
+	hmac_t64(lm_hmac, MD5dlen, v2hash, MD5dlen, lm_sesskey, nil);
+
+	/* LM v2 MAC key */
+	ap->mackey[0] = emalloc9p(MACkeylen);
+	memcpy(ap->mackey[0], lm_sesskey, MD5dlen);
+	memcpy(ap->mackey[0]+MD5dlen, ap->resp[0], MACkeylen-MD5dlen);
+
+	/* NTLM v2 */
+	n = ntv2_blob(blob, sizeof(blob), windom);
+        ds = hmac_t64(chal, len, v2hash, MD5dlen, nil, nil);
+	hmac_t64(blob, n, v2hash, MD5dlen, nt_hmac, ds);
+	ap->len[1] = MD5dlen+n;
+	ap->resp[1] = emalloc9p(ap->len[1]);
+	memcpy(ap->resp[1], nt_hmac, MD5dlen);
+	memcpy(ap->resp[1]+MD5dlen, blob, n);
+
+	/*
+	 * v2hash definitely OK by
+	 * the time we get here.
+	 */
+	/* NTLM v2 session key */
+	hmac_t64(nt_hmac, MD5dlen, v2hash, MD5dlen, nt_sesskey, nil);
+
+	/* NTLM v2 MAC key */
+	ap->mackey[1] = emalloc9p(MACkeylen);
+	memcpy(ap->mackey[1], nt_sesskey, MD5dlen);
+	memcpy(ap->mackey[1]+MD5dlen, ap->resp[1], MACkeylen-MD5dlen);
+	free(up);
+
+	return ap;
+}
+
+struct {
+	char	*name;
+	Auth	*(*func)(char *, char *, uchar *, int);
+} methods[] = {
+	{ "plain",	auth_plain },
+	{ "lm+ntlm",	auth_lm_and_ntlm },
+	{ "ntlm",	auth_ntlm },
+	{ "ntlmv2",	auth_ntlmv2 },
+//	{ "kerberos",	auth_kerberos },
+};
+
+void
+autherr(void)
+{
+	int i;
+
+	fprint(2, "supported auth methods:\t");
+	for(i = 0; i < nelem(methods); i++)
+		fprint(2, "%s ", methods[i].name);
+	fprint(2, "\n");
+	exits("usage");
+}
+
+Auth *
+getauth(char *name, char *windom, char *keyp, int secmode, uchar *chal, int len)
+{
+	int i;
+	Auth *ap;
+
+	if(name == nil){
+		name = DEF_AUTH;
+		if((secmode & SECMODE_PW_ENCRYPT) == 0)
+			sysfatal("plaintext authentication required, use '-a plain'");
+	}
+
+	ap = nil;
+	for(i = 0; i < nelem(methods); i++)
+		if(strcmp(methods[i].name, name) == 0){
+			ap = methods[i].func(windom, keyp, chal, len);
+			break;
+		}
+
+	if(! ap){
+		fprint(2, "%s: %s - unknown auth method\n", argv0, name);
+		autherr();	/* never returns */
+	}
+	return ap;
+}
+
+static int
+genmac(uchar *buf, int len, int seq, uchar key[MACkeylen], uchar ours[MAClen])
+{
+	DigestState *ds;
+	uchar *sig, digest[MD5dlen], theirs[MAClen];
+
+	sig = buf+MACoff;
+	memcpy(theirs, sig, MAClen);
+
+	memset(sig, 0, MAClen);
+	sig[0] = seq;
+	sig[1] = seq >> 8;
+	sig[2] = seq >> 16;
+	sig[3] = seq >> 24;
+
+	ds = md5(key, MACkeylen, nil, nil);
+	md5(buf, len, digest, ds);
+	memcpy(ours, digest, MAClen);
+
+	return memcmp(theirs, ours, MAClen);
+}
+
+int
+macsign(Pkt *p, int seq)
+{
+	int rc, len;
+	uchar *sig, *buf, mac[MAClen];
+
+	sig = p->buf + NBHDRLEN + MACoff;
+	buf = p->buf + NBHDRLEN;
+	len = (p->pos - p->buf) - NBHDRLEN;
+
+#ifdef DEBUG_MAC
+	if(seq & 1)
+		dmp("rx", seq, sig, MAClen);
+#endif
+	rc = 0;
+	if(! p->s->seqrun)
+		memcpy(mac, "BSRSPYL ", 8);	/* no idea, ask MS */
+	else
+		rc = genmac(buf, len, seq, p->s->auth->mackey[0], mac);
+#ifdef DEBUG_MAC
+	if(!(seq & 1))
+		dmp("tx", seq, mac, MAClen);
+#endif
+	memcpy(sig, mac, MAClen);
+	return rc;
+}