diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-06-05 03:14:59 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:29 -0500 |
commit | ae067cdaf70c7725237ec58b5e23bc6f525594c2 (patch) | |
tree | ed48a2f95f0114771c32a5bc5feafbfdd56a628d | |
parent | 306fcbd06340af692cc9b2c76334de672e4006a5 (diff) | |
download | samba-ae067cdaf70c7725237ec58b5e23bc6f525594c2.tar.gz samba-ae067cdaf70c7725237ec58b5e23bc6f525594c2.tar.bz2 samba-ae067cdaf70c7725237ec58b5e23bc6f525594c2.zip |
r1024: Use samr_Password for the machine password here - this ensures we can
never pass in something of the wrong length.
Andrew Bartlett
(This used to be commit d6999ea9c07d8652b0d63147e7294bc35e7063fe)
-rw-r--r-- | source4/libcli/auth/credentials.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/source4/libcli/auth/credentials.c b/source4/libcli/auth/credentials.c index e0989eff4b..1d4db74633 100644 --- a/source4/libcli/auth/credentials.c +++ b/source4/libcli/auth/credentials.c @@ -31,7 +31,7 @@ static void creds_init_64bit(struct creds_CredentialState *creds, const struct netr_Credential *client_challenge, const struct netr_Credential *server_challenge, - const uint8_t machine_password[16]) + const struct samr_Password *machine_password) { uint32_t sum[2]; uint8_t sum2[8]; @@ -44,7 +44,7 @@ static void creds_init_64bit(struct creds_CredentialState *creds, ZERO_STRUCT(creds->session_key); - des_crypt128(creds->session_key, sum2, machine_password); + des_crypt128(creds->session_key, sum2, machine_password->hash); des_crypt112(creds->client.data, client_challenge->data, creds->session_key, 1); des_crypt112(creds->server.data, server_challenge->data, creds->session_key, 1); @@ -60,7 +60,7 @@ static void creds_init_64bit(struct creds_CredentialState *creds, static void creds_init_128bit(struct creds_CredentialState *creds, const struct netr_Credential *client_challenge, const struct netr_Credential *server_challenge, - const uint8_t machine_password[16]) + const struct samr_Password *machine_password) { unsigned char zero[4], tmp[16]; HMACMD5Context ctx; @@ -70,13 +70,13 @@ static void creds_init_128bit(struct creds_CredentialState *creds, memset(zero, 0, sizeof(zero)); - hmac_md5_init_rfc2104(machine_password, 16, &ctx); + hmac_md5_init_rfc2104(machine_password->hash, sizeof(machine_password->hash), &ctx); MD5Init(&md5); MD5Update(&md5, zero, sizeof(zero)); MD5Update(&md5, client_challenge->data, 8); MD5Update(&md5, server_challenge->data, 8); MD5Final(tmp, &md5); - hmac_md5_update(tmp, 16, &ctx); + hmac_md5_update(tmp, sizeof(tmp), &ctx); hmac_md5_final(creds->session_key, &ctx); creds->client = *client_challenge; @@ -169,7 +169,7 @@ next comes the client specific functions void creds_client_init(struct creds_CredentialState *creds, const struct netr_Credential *client_challenge, const struct netr_Credential *server_challenge, - const uint8_t machine_password[16], + const struct samr_Password *machine_password, struct netr_Credential *initial_credential, uint32_t negotiate_flags) { @@ -178,7 +178,7 @@ void creds_client_init(struct creds_CredentialState *creds, dump_data_pw("Client chall", client_challenge->data, sizeof(client_challenge->data)); dump_data_pw("Server chall", server_challenge->data, sizeof(server_challenge->data)); - dump_data_pw("Machine Pass", machine_password, 16); + dump_data_pw("Machine Pass", machine_password->hash, sizeof(machine_password->hash)); if (negotiate_flags & NETLOGON_NEG_128BIT) { creds_init_128bit(creds, client_challenge, server_challenge, machine_password); @@ -236,7 +236,7 @@ next comes the server specific functions void creds_server_init(struct creds_CredentialState *creds, const struct netr_Credential *client_challenge, const struct netr_Credential *server_challenge, - const uint8_t machine_password[16], + const struct samr_Password *machine_password, struct netr_Credential *initial_credential, uint32_t negotiate_flags) { |