summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1997-10-25 10:58:18 +0000
committerLuke Leighton <lkcl@samba.org>1997-10-25 10:58:18 +0000
commit390c1f3c4d3136b454fa5eb8681fa9ca34eaacc2 (patch)
treee88107b56beb9fca73376b00fc104dde556a24d0 /source3/libsmb
parent3a25722080b18de19c89c190e64de89317cabcfa (diff)
downloadsamba-390c1f3c4d3136b454fa5eb8681fa9ca34eaacc2.tar.gz
samba-390c1f3c4d3136b454fa5eb8681fa9ca34eaacc2.tar.bz2
samba-390c1f3c4d3136b454fa5eb8681fa9ca34eaacc2.zip
Makefile :
adding bits for new nt domain code byteorder.h : trying to get macros right, and not to crash on SUNOS5... client.c : added #ifdef NTDOMAIN, and created do_nt_login() function. don't want to have to recompile client.c unless absolutely necessary. credentials.c : moved deal_with_creds() [possibly inappropriately] into credentials.c ipc.c reply.c server.c uid.c : attempting to make (un)become_root() functions calleable from smbclient. this is a little tricky: smbclient might have to be another setuid root program, immediately setuid'ing to non-root, so that we can reset-uid to root to get at the smbpasswd file. or, have a secure pipe mechanism to smbd to grab smbpasswd entries. or the like. smbdes.c smbencrypt.c : created a function to generate lm and nt owf hashes. lsaparse.c ntclient.c smbparse.c : added nt client LSA_AUTH2 code. it works, too! pipenetlog.c pipentlsa.c pipesrvsvc.c : simplification. code-shuffling. getting that damn offset right for the opcode in RPC_HDR. smb.h : changed dcinfo xxx_creds to DOM_CRED structures instead of DOM_CHAL. we might need to store the server times as well. proto.h : the usual. (This used to be commit 82436a3d99d4bdce249ce9ff27fd2ca4b2447e07)
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/credentials.c107
-rw-r--r--source3/libsmb/smbdes.c5
-rw-r--r--source3/libsmb/smbencrypt.c24
3 files changed, 136 insertions, 0 deletions
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c
index ee7b1493e1..109a5a1b90 100644
--- a/source3/libsmb/credentials.c
+++ b/source3/libsmb/credentials.c
@@ -135,3 +135,110 @@ int cred_assert(DOM_CHAL *cred, uint32 session_key[2], DOM_CHAL *stored_cred,
}
}
+
+/****************************************************************************
+ checks credentials; generates next step in the credential chain
+****************************************************************************/
+BOOL srv_deal_with_creds(struct dcinfo *dc, DOM_CRED *clnt_cred, DOM_CRED *srv_cred)
+{
+ UTIME new_clnt_time;
+ uint32 new_cred;
+
+ DEBUG(5,("deal_with_creds: %d\n", __LINE__));
+
+ /* check that the client credentials are valid */
+ if (!cred_assert(&(clnt_cred->challenge), dc->sess_key,
+ &(dc->clnt_cred.challenge), clnt_cred->timestamp))
+ {
+ return False;
+ }
+
+ /* increment client time by one second */
+ new_clnt_time.time = clnt_cred->timestamp.time + 1;
+
+ /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */
+ new_cred = IVAL(dc->clnt_cred.challenge.data, 0);
+ new_cred += new_clnt_time.time;
+
+ DEBUG(5,("deal_with_creds: new_cred[0]=%lx\n", new_cred));
+
+ /* doesn't matter that server time is 0 */
+ srv_cred->timestamp.time = 0;
+
+ DEBUG(5,("deal_with_creds: new_clnt_time=%lx\n", new_clnt_time.time));
+
+ /* create return credentials for inclusion in the reply */
+ cred_create(dc->sess_key, &(dc->clnt_cred.challenge), new_clnt_time,
+ &(srv_cred->challenge));
+
+ DEBUG(5,("deal_with_creds: clnt_cred[0]=%lx\n",
+ dc->clnt_cred.challenge.data[0]));
+
+ /* store new seed in client and server credentials */
+ SIVAL(dc->clnt_cred.challenge.data, 0, new_cred);
+ SIVAL(dc->srv_cred .challenge.data, 0, new_cred);
+
+ return True;
+}
+
+
+#if 0
+/****************************************************************************
+ checks credentials; generates next step in the credential chain
+****************************************************************************/
+BOOL clnt_deal_with_creds(struct dcinfo *dc, DOM_CRED *srv_cred, DOM_CRED *clnt_cred)
+{
+ UTIME new_clnt_time;
+ uint32 new_cred;
+
+ DEBUG(5,("deal_with_creds: %d\n", __LINE__));
+
+ /* setup new client time */
+ dc->clnt_cred.timestamp.time = time(NULL);
+
+ /* create sent credentials for inclusion in the reply */
+ cred_create(dc->sess_key, srv_cred, dc->clnt_cred.timestamp.time, clnt_cred);
+
+ /* increment client time by one second */
+ (dc->clnt_cred.timestamp.time)++;
+
+ /* create expected return credentials to be received from server */
+ cred_create(dc->sess_key, srv_cred, dc->clnt_cred.timestamp.time, clnt_cred);
+
+
+
+ /* check that the server credentials are valid */
+ if (!cred_assert(&(srv_cred->challenge), dc->sess_key,
+ &(dc->clnt_cred), clnt_cred->timestamp))
+ {
+ return False;
+ }
+ /* increment client time by one second */
+ new_clnt_time = (dc->clnt_cred.timestamp.time += 1);
+
+ /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */
+ new_cred = IVAL(dc->clnt_cred.data, 0);
+ new_cred += new_clnt_time.time;
+
+ DEBUG(5,("deal_with_creds: new_cred[0]=%lx\n", new_cred));
+
+ /* create new client credentials */
+ cred_create(dc->sess_key, new_cred, new_clnt_time, clnt_cred);
+
+ DEBUG(5,("deal_with_creds: new_clnt_time=%lx\n", new_clnt_time.time));
+
+ /* create return credentials for inclusion in the reply
+ cred_create(dc->sess_key, srv_cred, new_clnt_time,
+ clnt_cred);
+ */
+ DEBUG(5,("deal_with_creds: clnt_cred[0]=%lx\n",
+ dc->clnt_cred.data[0]));
+
+ /* store new seed in client and server credentials */
+ SIVAL(dc->clnt_cred.data, 0, new_cred);
+ SIVAL(dc->srv_cred .data, 0, new_cred);
+
+ return True;
+}
+
+#endif
diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c
index 67e27016c3..9675401f14 100644
--- a/source3/libsmb/smbdes.c
+++ b/source3/libsmb/smbdes.c
@@ -329,7 +329,12 @@ void cred_hash2(unsigned char *out,unsigned char *in,unsigned char *key)
{
unsigned char buf[8];
static unsigned char key2[8];
+ int i;
+ for (i=0;i<8;i++) {
+ key2[i] = 0;
+ }
+
smbhash(buf, in, key);
key2[0] = key[7];
smbhash(out, buf, key2);
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 27172fd413..517ee0f941 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -109,3 +109,27 @@ void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24)
E_P24(p21, c8, p24);
}
+/* Does both the NT and LM owfs of a user's password */
+
+void nt_lm_owf_gen(char *pwd, char nt_p16[16], char p16[16])
+{
+ char passwd[129];
+ strncpy(passwd, pwd, 129);
+
+ /* Calculate the MD4 hash (NT compatible) of the password */
+ memset(nt_p16, '\0', 16);
+ E_md4hash((uchar *)passwd, nt_p16);
+
+ /* Mangle the passwords into Lanman format */
+ passwd[14] = '\0';
+ strupper(passwd);
+
+ /* Calculate the SMB (lanman) hash functions of the password */
+
+ memset(p16, '\0', 16);
+ E_P16((uchar *) passwd, p16);
+
+ /* clear out local copy of user's password (just being paranoid). */
+ bzero(passwd, sizeof(passwd));
+}
+