summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>1997-10-09 10:01:12 +0000
committerAndrew Tridgell <tridge@samba.org>1997-10-09 10:01:12 +0000
commitf726e5517d5348537e31cf3747344d0abd7028c5 (patch)
tree35714ac39859527b56f7be2cc8b069fb17c1e02c
parente5494e2c093fecd4b493ab925f7c7d30b79bc98d (diff)
downloadsamba-f726e5517d5348537e31cf3747344d0abd7028c5.tar.gz
samba-f726e5517d5348537e31cf3747344d0abd7028c5.tar.bz2
samba-f726e5517d5348537e31cf3747344d0abd7028c5.zip
an implementation of the NT domain credentials protocol
(This used to be commit dd6ac9b1eea3b0ace27fbd014b5ad4625c1fdf94)
-rw-r--r--source3/libsmb/credentials.c101
1 files changed, 101 insertions, 0 deletions
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c
new file mode 100644
index 0000000000..efa0d83ec2
--- /dev/null
+++ b/source3/libsmb/credentials.c
@@ -0,0 +1,101 @@
+/*
+ Unix SMB/Netbios implementation.
+ Version 1.9.
+ code to manipulate domain credentials
+ Copyright (C) Andrew Tridgell 1997
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+
+/****************************************************************************
+ setup the session key.
+Input: 8 byte challenge block
+ 8 byte server challenge block
+ 16 byte md4 encrypted password
+Output:
+ 8 byte session key
+****************************************************************************/
+void cred_session_key(char *challenge, char *srv_challenge, char *pass,
+ char *session_key)
+{
+ uint32 sum[2];
+ char sum2[8];
+ char buf[8];
+
+ sum[0] = IVAL(challenge, 0) + IVAL(srv_challenge, 0);
+ sum[1] = IVAL(challenge, 4) + IVAL(srv_challenge, 4);
+
+ SIVAL(sum2,0,sum[0]);
+ SIVAL(sum2,4,sum[1]);
+
+ E1(pass,sum2,buf);
+ E1(pass+9,buf,session_key);
+}
+
+
+/****************************************************************************
+create a credential
+
+Input:
+ 8 byte sesssion key
+ 8 byte stored credential
+ 4 byte timestamp
+
+Output:
+ 8 byte credential
+****************************************************************************/
+void cred_create(char *session_key, char *stored_cred, uint32 time,
+ char *cred)
+{
+ char key2[7];
+ char buf[8];
+ char timecred[8];
+
+ memcpy(timecred, stored_cred, 8);
+ SIVAL(timecred, 0, IVAL(stored_cred, 0) + time);
+
+ E1(session_key, timecred, buf);
+ memset(key2, 0, 7);
+ key2[0] = session_key[7];
+ E1(key2, buf, cred);
+}
+
+
+/****************************************************************************
+ check a supplied credential
+
+Input:
+ 8 byte received credential
+ 8 byte sesssion key
+ 8 byte stored credential
+ 4 byte timestamp
+
+Output:
+ returns 1 if computed credential matches received credential
+ returns 0 otherwise
+****************************************************************************/
+int cred_assert(char *cred, char *session_key, char *stored_cred,
+ uint32 time)
+{
+ char cred2[8];
+
+ cred_create(session_key, stored_cred, time, cred2);
+
+ return memcmp(cred, cred2, 8) == 0;
+}
+