diff options
author | Günther Deschner <gd@samba.org> | 2008-02-15 17:30:38 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2008-02-15 20:58:34 +0100 |
commit | f8bd3e82e5eda052ede2d294f08165cb23df9d90 (patch) | |
tree | 0840f27f9194704d03790eea183f702e6d0550a4 | |
parent | abdedc7940b187789ffc583dabc778f824039095 (diff) | |
download | samba-f8bd3e82e5eda052ede2d294f08165cb23df9d90.tar.gz samba-f8bd3e82e5eda052ede2d294f08165cb23df9d90.tar.bz2 samba-f8bd3e82e5eda052ede2d294f08165cb23df9d90.zip |
Add netlogon_creds_server_check and netlogon_creds_server_step.
Guenther
(This used to be commit ea0bf74918e7b009439452ea14ed68b0ce620787)
-rw-r--r-- | source3/libsmb/credentials.c | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index f03bf22df1..0043f4e6a9 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -225,6 +225,21 @@ bool creds_server_check(const struct dcinfo *dc, const DOM_CHAL *rcv_cli_chal_in return True; } +bool netlogon_creds_server_check(const struct dcinfo *dc, + const struct netr_Credential *rcv_cli_chal_in) +{ + if (memcmp(dc->clnt_chal.data, rcv_cli_chal_in->data, 8)) { + DEBUG(5,("netlogon_creds_server_check: challenge : %s\n", + credstr(rcv_cli_chal_in->data))); + DEBUG(5,("calculated: %s\n", credstr(dc->clnt_chal.data))); + DEBUG(2,("netlogon_creds_server_check: credentials check failed.\n")); + return false; + } + + DEBUG(10,("netlogon_creds_server_check: credentials check OK.\n")); + + return true; +} /**************************************************************************** Replace current seed chal. Internal function - due to split server step below. ****************************************************************************/ @@ -273,6 +288,36 @@ bool creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRE return True; } +bool netlogon_creds_server_step(struct dcinfo *dc, + const struct netr_Authenticator *received_cred, + struct netr_Authenticator *cred_out) +{ + bool ret; + struct dcinfo tmp_dc = *dc; + + /* Do all operations on a temporary copy of the dc, + which we throw away if the checks fail. */ + + tmp_dc.sequence = received_cred->timestamp; + + creds_step(&tmp_dc); + + /* Create the outgoing credentials */ + cred_out->timestamp = tmp_dc.sequence + 1; + memcpy(&cred_out->cred, &tmp_dc.srv_chal, sizeof(cred_out->cred)); + + creds_reseed(&tmp_dc); + + ret = netlogon_creds_server_check(&tmp_dc, &received_cred->cred); + if (!ret) { + return false; + } + + /* creds step succeeded - replace the current creds. */ + *dc = tmp_dc; + return true; +} + /**************************************************************************** Create a client credential struct. ****************************************************************************/ |