summaryrefslogtreecommitdiff
path: root/libcli
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2009-08-25 11:25:47 +0200
committerGünther Deschner <gd@samba.org>2009-08-27 15:55:20 +0200
commit8d58472706d651fb023ad2eb9d7268429cc7c0ca (patch)
treeffaa39799ddfed40f2190c2d01d1dc30c421c8af /libcli
parenta69d8ab35c03eab4342b5ffbbb961902c8b5f14b (diff)
downloadsamba-8d58472706d651fb023ad2eb9d7268429cc7c0ca.tar.gz
samba-8d58472706d651fb023ad2eb9d7268429cc7c0ca.tar.bz2
samba-8d58472706d651fb023ad2eb9d7268429cc7c0ca.zip
libcli/auth: add netlogon_creds_step_crypt() and netlogon_creds_first_step()
This abstracts the usage of crypto functions instead of directly calling des_crypt112(). metze Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'libcli')
-rw-r--r--libcli/auth/credentials.c31
1 files changed, 21 insertions, 10 deletions
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index e268b9ddff..87d1866ca4 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -25,6 +25,13 @@
#include "../lib/crypto/crypto.h"
#include "libcli/auth/libcli_auth.h"
+static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds,
+ const struct netr_Credential *in,
+ struct netr_Credential *out)
+{
+ des_crypt112(out->data, in->data, creds->session_key, 1);
+}
+
/*
initialise the credentials state for old-style 64 bit session keys
@@ -47,11 +54,6 @@ static void netlogon_creds_init_64bit(struct netlogon_creds_CredentialState *cre
ZERO_STRUCT(creds->session_key);
des_crypt128(creds->session_key, sum2, machine_password->hash);
-
- des_crypt112(creds->client.data, client_challenge->data, creds->session_key, 1);
- des_crypt112(creds->server.data, server_challenge->data, creds->session_key, 1);
-
- creds->seed = creds->client;
}
/*
@@ -80,14 +82,19 @@ static void netlogon_creds_init_128bit(struct netlogon_creds_CredentialState *cr
MD5Final(tmp, &md5);
hmac_md5_update(tmp, sizeof(tmp), &ctx);
hmac_md5_final(creds->session_key, &ctx);
+}
- des_crypt112(creds->client.data, client_challenge->data, creds->session_key, 1);
- des_crypt112(creds->server.data, server_challenge->data, creds->session_key, 1);
+static void netlogon_creds_first_step(struct netlogon_creds_CredentialState *creds,
+ const struct netr_Credential *client_challenge,
+ const struct netr_Credential *server_challenge)
+{
+ netlogon_creds_step_crypt(creds, client_challenge, &creds->client);
+
+ netlogon_creds_step_crypt(creds, server_challenge, &creds->server);
creds->seed = creds->client;
}
-
/*
step the credentials to the next element in the chain, updating the
current client and server credentials and the seed
@@ -104,7 +111,7 @@ static void netlogon_creds_step(struct netlogon_creds_CredentialState *creds)
DEBUG(5,("\tseed+time %08x:%08x\n", IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
- des_crypt112(creds->client.data, time_cred.data, creds->session_key, 1);
+ netlogon_creds_step_crypt(creds, &time_cred, &creds->client);
DEBUG(5,("\tCLIENT %08x:%08x\n",
IVAL(creds->client.data, 0), IVAL(creds->client.data, 4)));
@@ -115,7 +122,7 @@ static void netlogon_creds_step(struct netlogon_creds_CredentialState *creds)
DEBUG(5,("\tseed+time+1 %08x:%08x\n",
IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
- des_crypt112(creds->server.data, time_cred.data, creds->session_key, 1);
+ netlogon_creds_step_crypt(creds, &time_cred, &creds->server);
DEBUG(5,("\tSERVER %08x:%08x\n",
IVAL(creds->server.data, 0), IVAL(creds->server.data, 4)));
@@ -225,6 +232,8 @@ struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *me
netlogon_creds_init_64bit(creds, client_challenge, server_challenge, machine_password);
}
+ netlogon_creds_first_step(creds, client_challenge, server_challenge);
+
dump_data_pw("Session key", creds->session_key, 16);
dump_data_pw("Credential ", creds->client.data, 8);
@@ -346,6 +355,8 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
machine_password);
}
+ netlogon_creds_first_step(creds, client_challenge, server_challenge);
+
/* And before we leak information about the machine account
* password, check that they got the first go right */
if (!netlogon_creds_server_check_internal(creds, credentials_in)) {