diff options
Diffstat (limited to 'src/modules/rlm_mschap/smbencrypt.c')
-rw-r--r-- | src/modules/rlm_mschap/smbencrypt.c | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/src/modules/rlm_mschap/smbencrypt.c b/src/modules/rlm_mschap/smbencrypt.c new file mode 100644 index 0000000..9a8a5ab --- /dev/null +++ b/src/modules/rlm_mschap/smbencrypt.c @@ -0,0 +1,147 @@ +/* + * smbencrypt.c Produces LM-Password and NT-Password from + * cleartext password + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + * + * Copyright 2002 3APA3A for FreeRADIUS project + Copyright 2006 The FreeRADIUS server project + */ + +RCSID("$Id$") + +#include <freeradius-devel/libradius.h> + +#ifdef HAVE_OPENSSL_SSL_H +#include <openssl/ssl.h> +#include <freeradius-devel/openssl3.h> +#endif + +#include <freeradius-devel/md4.h> +#include <freeradius-devel/md5.h> +#include <freeradius-devel/sha1.h> +#include <ctype.h> + + +#include "smbdes.h" + +static char const hex[] = "0123456789ABCDEF"; + +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L +# include <openssl/provider.h> + +static OSSL_PROVIDER *openssl_default_provider = NULL; +static OSSL_PROVIDER *openssl_legacy_provider = NULL; + +#define ERROR(_x) fprintf(stderr, _x) + +static int openssl3_init(void) +{ + /* + * Load the default provider for most algorithms + */ + openssl_default_provider = OSSL_PROVIDER_load(NULL, "default"); + if (!openssl_default_provider) { + ERROR("(TLS) Failed loading default provider"); + return -1; + } + + /* + * Needed for MD4 + * + * https://www.openssl.org/docs/man3.0/man7/migration_guide.html#Legacy-Algorithms + */ + openssl_legacy_provider = OSSL_PROVIDER_load(NULL, "legacy"); + if (!openssl_legacy_provider) { + ERROR("(TLS) Failed loading legacy provider"); + return -1; + } + + return 0; +} + +static void openssl3_free(void) +{ + if (openssl_default_provider && !OSSL_PROVIDER_unload(openssl_default_provider)) { + ERROR("Failed unloading default provider"); + } + openssl_default_provider = NULL; + + if (openssl_legacy_provider && !OSSL_PROVIDER_unload(openssl_legacy_provider)) { + ERROR("Failed unloading legacy provider"); + } + openssl_legacy_provider = NULL; +} +#else +#define openssl3_init() +#define openssl3_free() +#endif + + + +/* + * FIXME: use functions in freeradius + */ +static void tohex (unsigned char const *src, size_t len, char *dst) +{ + size_t i; + for (i=0; i<len; i++) { + dst[(i*2)] = hex[(src[i] >> 4)]; + dst[(i*2) + 1] = hex[(src[i]&0x0F)]; + } + dst[(i*2)] = 0; +} + +static void ntpwdhash(uint8_t *out, char const *password) +{ + ssize_t len; + uint8_t ucs2_password[512]; + + len = fr_utf8_to_ucs2(ucs2_password, sizeof(ucs2_password), password, strlen(password)); + if (len < 0) { + *out = '\0'; + return; + } + fr_md4_calc(out, (uint8_t *) ucs2_password, len); +} + +int main (int argc, char *argv[]) +{ + int i, l; + char password[1024]; + uint8_t hash[16]; + char ntpass[33]; + char lmpass[33]; + + openssl3_init(); + + fprintf(stderr, "LM Hash \tNT Hash\n"); + fprintf(stderr, "--------------------------------\t--------------------------------\n"); + fflush(stderr); + for (i = 1; i < argc; i++ ) { + strlcpy(password, argv[i], sizeof(password)); + l = strlen(password); + if (l && password[l-1] == '\n') password [l-1] = 0; + smbdes_lmpwdhash(password, hash); + tohex (hash, 16, lmpass); + ntpwdhash (hash, password); + tohex (hash, 16, ntpass); + printf("%s\t%s\n", lmpass, ntpass); + } + + openssl3_free(); + + return 0; +} |