diff options
author | Andrew Bartlett <abartlet@samba.org> | 2009-03-16 21:27:58 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-04-14 16:23:35 +1000 |
commit | f28f113d8e76824b080359c90efd9c92de533740 (patch) | |
tree | 063c8cf44e1a26adce9128f3e24ee55274292090 /source3/libsmb/credentials.c | |
parent | fd3be5c4e5e185115eec59752a22f7f354f860ca (diff) | |
download | samba-f28f113d8e76824b080359c90efd9c92de533740.tar.gz samba-f28f113d8e76824b080359c90efd9c92de533740.tar.bz2 samba-f28f113d8e76824b080359c90efd9c92de533740.zip |
Rework Samba3 to use new libcli/auth code (partial)
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).
We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server
Andrew Bartlett
Diffstat (limited to 'source3/libsmb/credentials.c')
-rw-r--r-- | source3/libsmb/credentials.c | 86 |
1 files changed, 8 insertions, 78 deletions
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index 9ba460f869..0d7bde0c09 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -19,6 +19,8 @@ */ #include "includes.h" +#include "../lib/crypto/crypto.h" +#include "libcli/auth/libcli_auth.h" /**************************************************************************** Represent a credential as a string. @@ -278,84 +280,12 @@ bool netlogon_creds_server_step(struct dcinfo *dc, return true; } -/**************************************************************************** - Create a client credential struct. -****************************************************************************/ - -void creds_client_init(uint32 neg_flags, - struct dcinfo *dc, - struct netr_Credential *clnt_chal, - struct netr_Credential *srv_chal, - const unsigned char mach_pw[16], - struct netr_Credential *init_chal_out) -{ - dc->sequence = time(NULL); - - DEBUG(10,("creds_client_init: neg_flags : %x\n", (unsigned int)neg_flags)); - DEBUG(10,("creds_client_init: client chal : %s\n", credstr(clnt_chal->data) )); - DEBUG(10,("creds_client_init: server chal : %s\n", credstr(srv_chal->data) )); - dump_data_pw("creds_client_init: machine pass", (const unsigned char *)mach_pw, 16); - - /* Generate the session key and the next client and server creds. */ - if (neg_flags & NETLOGON_NEG_128BIT) { - creds_init_128(dc, - clnt_chal, - srv_chal, - mach_pw); - } else { - creds_init_64(dc, - clnt_chal, - srv_chal, - mach_pw); - } - - dump_data_pw("creds_client_init: session key", dc->sess_key, 16); - - DEBUG(10,("creds_client_init: clnt : %s\n", credstr(dc->clnt_chal.data) )); - DEBUG(10,("creds_client_init: server : %s\n", credstr(dc->srv_chal.data) )); - DEBUG(10,("creds_client_init: seed : %s\n", credstr(dc->seed_chal.data) )); - - memcpy(init_chal_out->data, dc->clnt_chal.data, 8); -} - -/**************************************************************************** - Check a credential returned by the server. -****************************************************************************/ - -bool netlogon_creds_client_check(const struct dcinfo *dc, - const struct netr_Credential *rcv_srv_chal_in) -{ - if (memcmp(dc->srv_chal.data, rcv_srv_chal_in->data, - sizeof(dc->srv_chal.data))) { - - DEBUG(0,("netlogon_creds_client_check: credentials check failed.\n")); - DEBUGADD(5,("netlogon_creds_client_check: challenge : %s\n", - credstr(rcv_srv_chal_in->data))); - DEBUGADD(5,("calculated: %s\n", credstr(dc->srv_chal.data))); - return false; - } - - DEBUG(10,("netlogon_creds_client_check: credentials check OK.\n")); - - return true; -} - - -/**************************************************************************** - Step the client credentials to the next element in the chain, updating the - current client and server credentials and the seed - produce the next authenticator in the sequence ready to send to - the server -****************************************************************************/ - -void netlogon_creds_client_step(struct dcinfo *dc, - struct netr_Authenticator *next_cred_out) +void cred_hash3(unsigned char *out, const unsigned char *in, const unsigned char *key, int forw) { - dc->sequence += 2; - creds_step(dc); - creds_reseed(dc); + unsigned char key2[8]; - memcpy(&next_cred_out->cred.data, &dc->clnt_chal.data, - sizeof(next_cred_out->cred.data)); - next_cred_out->timestamp = dc->sequence; + memset(key2,'\0',8); + des_crypt56(out, in, key, forw); + key2[0] = key[7]; + des_crypt56(out + 8, in + 8, key2, forw); } |