r13407: Change the credentials code to be more like the Samba4 structure,

makes fixes much easier to port. Fix the size of dc->sess_key to be 16 bytes, not 8 bytes - only store 8 bytes in the inter-smbd store in secrets.tdb though. Should fix some uses of the dc->sess_key where we where assuming we could read 16 bytes. Jeremy. (This used to be commit 5b3c2e63c73fee8949108abe19ac7a448a033a7f)
author: Jeremy Allison <jra@samba.org> 2006-02-09 07:03:23 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 11:09:59 -0500
commit: ad8b47a2ba4e81420bc2272e8438a727cc2223ee (patch)
tree: b6f23560649f3b54aa3458d3c8667f145805ec5b /source3/libsmb/credentials.c
parent: cf7c47aac990f67e1829a7e4b9d3550b7e93739b (diff)
download: samba-ad8b47a2ba4e81420bc2272e8438a727cc2223ee.tar.gz
samba-ad8b47a2ba4e81420bc2272e8438a727cc2223ee.tar.bz2
samba-ad8b47a2ba4e81420bc2272e8438a727cc2223ee.zip
1 files changed, 40 insertions, 57 deletions
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c
index ad06cd9015..795c30d12d 100644
--- a/source3/libsmb/credentials.c
+++ b/source3/libsmb/credentials.c
@@ -36,38 +36,52 @@ char *credstr(const uchar *cred)
 
 
 /****************************************************************************
- Setup the session key. 
- Input: 8 byte challenge block
-       8 byte server challenge block
-      16 byte md4 encrypted password
- Output:
-      16 byte session key (last 8 bytes zero).
+ Setup the session key and the client and server creds in dc.
+ Used by both client and server creds setup.
 ****************************************************************************/
 
-static void cred_create_session_key(const DOM_CHAL *clnt_chal_in,
+static void creds_init_64(struct dcinfo *dc,
+			const DOM_CHAL *clnt_chal_in,
 			const DOM_CHAL *srv_chal_in,
-			const uchar *pass_in, 
-			uchar session_key_out[16])
+			const char mach_pw[16])
 {
 	uint32 sum[2];
 	unsigned char sum2[8];
 
+	/* Just in case this isn't already there */
+	memcpy(dc->mach_pw, mach_pw, 16);
+
 	sum[0] = IVAL(clnt_chal_in->data, 0) + IVAL(srv_chal_in->data, 0);
 	sum[1] = IVAL(clnt_chal_in->data, 4) + IVAL(srv_chal_in->data, 4);
 
 	SIVAL(sum2,0,sum[0]);
 	SIVAL(sum2,4,sum[1]);
 
-	cred_hash1(session_key_out, sum2, pass_in);
-	memset(&session_key_out[8], '\0', 8);
+	ZERO_STRUCT(dc->sess_key);
 
-	/* debug output */
-	DEBUG(4,("cred_create_session_key\n"));
+	des_crypt128(dc->sess_key, sum2, dc->mach_pw);
 
+	/* debug output */
+	DEBUG(5,("creds_init_64\n"));
 	DEBUG(5,("	clnt_chal_in: %s\n", credstr(clnt_chal_in->data)));
 	DEBUG(5,("	srv_chal_in : %s\n", credstr(srv_chal_in->data)));
 	DEBUG(5,("	clnt+srv : %s\n", credstr(sum2)));
-	DEBUG(5,("	sess_key_out : %s\n", credstr(session_key_out)));
+	DEBUG(5,("	sess_key_out : %s\n", credstr(dc->sess_key)));
+
+	/* Generate the next client and server creds. */
+	
+	des_crypt112(dc->clnt_chal.data,		/* output */
+			clnt_chal_in->data,		/* input */
+			dc->sess_key,			/* input */
+			1);
+
+	des_crypt112(dc->srv_chal.data,			/* output */
+			srv_chal_in->data,		/* input */
+			dc->sess_key,			/* input */
+			1);
+
+	/* Seed is the client chal. */
+	memcpy(dc->seed_chal.data, dc->clnt_chal.data, 8);
 }
 
 /****************************************************************************
@@ -88,7 +102,7 @@ static void creds_step(struct dcinfo *dc)
                                                                                                    
 	DEBUG(5,("\tseed+seq   %s\n", credstr(time_chal.data) ));
 
-	cred_hash2(dc->clnt_chal.data, time_chal.data, dc->sess_key);
+	des_crypt112(dc->clnt_chal.data, time_chal.data, dc->sess_key, 1);
 
 	DEBUG(5,("\tCLIENT      %s\n", credstr(dc->clnt_chal.data) ));
 
@@ -97,12 +111,11 @@ static void creds_step(struct dcinfo *dc)
 
 	DEBUG(5,("\tseed+seq+1   %s\n", credstr(time_chal.data) ));
 
-	cred_hash2(dc->srv_chal.data, time_chal.data, dc->sess_key);
+	des_crypt112(dc->srv_chal.data, time_chal.data, dc->sess_key, 1);
 
 	DEBUG(5,("\tSERVER      %s\n", credstr(dc->srv_chal.data) ));
 }
 
-
 /****************************************************************************
  Create a server credential struct.
 ****************************************************************************/
@@ -117,29 +130,14 @@ void creds_server_init(struct dcinfo *dc,
 	DEBUG(10,("creds_server_init: server chal : %s\n", credstr(srv_chal->data) ));
 	dump_data_pw("creds_server_init: machine pass", (const unsigned char *)mach_pw, 16);
 
-	/* Just in case this isn't already there */
-	memcpy(dc->mach_pw, mach_pw, 16);
-
-	/* Generate the session key. */
-	cred_create_session_key(clnt_chal,		/* Stored client challenge. */
-				srv_chal,		/* Stored server challenge. */
-				dc->mach_pw,		  /* input machine password. */
-				dc->sess_key);		  /* output session key. */
+	/* Generate the session key and the next client and server creds. */
+	creds_init_64(dc,
+			clnt_chal,
+			srv_chal,
+			mach_pw);
 
 	dump_data_pw("creds_server_init: session key", dc->sess_key, 16);
 
-	/* Generate the next client and server creds. */
-	cred_hash2(dc->clnt_chal.data,			/* output */
-			clnt_chal->data,		/* input */
-			dc->sess_key);			/* input */
-
-	cred_hash2(dc->srv_chal.data,			/* output */
-			srv_chal->data,			/* input */
-			dc->sess_key);			/* input */
-
-	/* Seed is the client chal. */
-	memcpy(dc->seed_chal.data, dc->clnt_chal.data, 8);
-
 	DEBUG(10,("creds_server_init: clnt : %s\n", credstr(dc->clnt_chal.data) ));
 	DEBUG(10,("creds_server_init: server : %s\n", credstr(dc->srv_chal.data) ));
 	DEBUG(10,("creds_server_init: seed : %s\n", credstr(dc->seed_chal.data) ));
@@ -214,29 +212,14 @@ void creds_client_init(struct dcinfo *dc,
 	DEBUG(10,("creds_client_init: server chal : %s\n", credstr(srv_chal->data) ));
 	dump_data_pw("creds_client_init: machine pass", (const unsigned char *)mach_pw, 16);
 
-	/* Just in case this isn't already there */
-	memcpy(dc->mach_pw, mach_pw, 16);
-
-	/* Generate the session key. */
-	cred_create_session_key(clnt_chal,		/* Stored client challenge. */
-				srv_chal,		/* Stored server challenge. */
-				dc->mach_pw,		  /* input machine password. */
-				dc->sess_key);		  /* output session key. */
+	/* Generate the session key and the next client and server creds. */
+	creds_init_64(dc,
+			clnt_chal,
+			srv_chal,
+			mach_pw);
 
 	dump_data_pw("creds_client_init: session key", dc->sess_key, 16);
 
-	/* Generate the next client and server creds. */
-	cred_hash2(dc->clnt_chal.data,	/* output */
-			clnt_chal->data,		/* input */
-			dc->sess_key);			/* input */
-
-	cred_hash2(dc->srv_chal.data,		/* output */
-			srv_chal->data,			/* input */
-			dc->sess_key);			/* input */
-
-	/* Seed is the client cred. */
-	memcpy(dc->seed_chal.data, dc->clnt_chal.data, 8);
-
 	DEBUG(10,("creds_client_init: clnt : %s\n", credstr(dc->clnt_chal.data) ));
 	DEBUG(10,("creds_client_init: server : %s\n", credstr(dc->srv_chal.data) ));
 	DEBUG(10,("creds_client_init: seed : %s\n", credstr(dc->seed_chal.data) ));
author	Jeremy Allison <jra@samba.org>	2006-02-09 07:03:23 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 11:09:59 -0500
commit	ad8b47a2ba4e81420bc2272e8438a727cc2223ee (patch)
tree	b6f23560649f3b54aa3458d3c8667f145805ec5b /source3/libsmb/credentials.c
parent	cf7c47aac990f67e1829a7e4b9d3550b7e93739b (diff)
download	samba-ad8b47a2ba4e81420bc2272e8438a727cc2223ee.tar.gz samba-ad8b47a2ba4e81420bc2272e8438a727cc2223ee.tar.bz2 samba-ad8b47a2ba4e81420bc2272e8438a727cc2223ee.zip