diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2004-05-09 12:42:18 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:51:51 -0500 |
| commit | dce84ffd379012812170f68f7de8aab73123f0b3 (patch) | |
| tree | c5f6973838572fd06c07d6771f5286bc2073b569 /source4/libcli/auth/credentials.c | |
| parent | 55fa62be31c9027d84be0e4caad3ee59d78ca1b0 (diff) | |
| download | samba-dce84ffd379012812170f68f7de8aab73123f0b3.tar.gz samba-dce84ffd379012812170f68f7de8aab73123f0b3.tar.bz2 samba-dce84ffd379012812170f68f7de8aab73123f0b3.zip | |
r610: - Merge the Samba3 'ntlm_auth --diagnostics' testsuite to Samba4.
- This required using NETLOGON_NEG_AUTH2_FLAGS for the
SetupCredentials2 negotiation flags, which is what Samba3 does,
because otherwise the server uses different crypto.
- This tests the returned session keys, which we decrypt.
- Update the Samba4 notion of a 'session key' to be a DATA_BLOB in
most places.
- Fix session key code to return NT_STATUS_NO_SESSION_KEY if none is
available.
- Remove a useless argument to SMBsesskeygen_ntv1
- move netr_CredentialState from the .idl to the new credentials.h
Andrew Bartlett
(This used to be commit 44f8b5b53e6abd4de8a676f78d729988fadff320)
Diffstat (limited to 'source4/libcli/auth/credentials.c')
| -rw-r--r-- | source4/libcli/auth/credentials.c | 50 |
1 files changed, 32 insertions, 18 deletions
diff --git a/source4/libcli/auth/credentials.c b/source4/libcli/auth/credentials.c index acc083d57f..638bff7e8b 100644 --- a/source4/libcli/auth/credentials.c +++ b/source4/libcli/auth/credentials.c @@ -27,7 +27,7 @@ this call is made after the netr_ServerReqChallenge call */ -static void creds_init(struct netr_CredentialState *creds, +static void creds_init(struct creds_CredentialState *creds, const struct netr_Credential *client_challenge, const struct netr_Credential *server_challenge, const uint8 machine_password[16]) @@ -48,11 +48,11 @@ static void creds_init(struct netr_CredentialState *creds, SIVAL(time_cred.data, 0, IVAL(client_challenge->data, 0)); SIVAL(time_cred.data, 4, IVAL(client_challenge->data, 4)); - cred_hash2(creds->client.data, time_cred.data, creds->session_key); + cred_hash2(creds->client.data, time_cred.data, creds->session_key, 1); SIVAL(time_cred.data, 0, IVAL(server_challenge->data, 0)); SIVAL(time_cred.data, 4, IVAL(server_challenge->data, 4)); - cred_hash2(creds->server.data, time_cred.data, creds->session_key); + cred_hash2(creds->server.data, time_cred.data, creds->session_key, 1); creds->seed = creds->client; } @@ -62,7 +62,7 @@ static void creds_init(struct netr_CredentialState *creds, step the credentials to the next element in the chain, updating the current client and server credentials and the seed */ -static void creds_step(struct netr_CredentialState *creds) +static void creds_step(struct creds_CredentialState *creds) { struct netr_Credential time_cred; @@ -76,7 +76,7 @@ static void creds_step(struct netr_CredentialState *creds) DEBUG(5,("\tseed+time %08x:%08x\n", IVAL(time_cred.data, 0), IVAL(time_cred.data, 4))); - cred_hash2(creds->client.data, time_cred.data, creds->session_key); + cred_hash2(creds->client.data, time_cred.data, creds->session_key, 1); DEBUG(5,("\tCLIENT %08x:%08x\n", IVAL(creds->client.data, 0), IVAL(creds->client.data, 4))); @@ -87,7 +87,7 @@ static void creds_step(struct netr_CredentialState *creds) DEBUG(5,("\tseed+time+1 %08x:%08x\n", IVAL(time_cred.data, 0), IVAL(time_cred.data, 4))); - cred_hash2(creds->server.data, time_cred.data, creds->session_key); + cred_hash2(creds->server.data, time_cred.data, creds->session_key, 1); DEBUG(5,("\tSERVER %08x:%08x\n", IVAL(creds->server.data, 0), IVAL(creds->server.data, 4))); @@ -95,7 +95,30 @@ static void creds_step(struct netr_CredentialState *creds) creds->seed = time_cred; } +/* + DES encrypt a 16 byte password buffer using the session key +*/ +void creds_des_encrypt(struct creds_CredentialState *creds, struct netr_Password *pass) +{ + struct netr_Password tmp; + cred_hash3(tmp.data, pass->data, creds->session_key, 1); + *pass = tmp; +} + +/* + ARCFOUR encrypt/decrypt a password buffer using the session key +*/ +void creds_arcfour_crypt(struct creds_CredentialState *creds, char *data, size_t len) +{ + DATA_BLOB session_key = data_blob(NULL, 16); + + memcpy(&session_key.data[0], creds->session_key, 8); + memset(&session_key.data[8], '\0', 8); + + SamOEMhashBlob(data, len, &session_key); + data_blob_free(&session_key); +} /***************************************************************** The above functions are common to the client and server interface @@ -106,7 +129,7 @@ next comes the client specific functions initialise the credentials chain and return the first client credentials */ -void creds_client_init(struct netr_CredentialState *creds, +void creds_client_init(struct creds_CredentialState *creds, const struct netr_Credential *client_challenge, const struct netr_Credential *server_challenge, const uint8 machine_password[16], @@ -120,7 +143,7 @@ void creds_client_init(struct netr_CredentialState *creds, /* check that a credentials reply from a server is correct */ -BOOL creds_client_check(struct netr_CredentialState *creds, +BOOL creds_client_check(struct creds_CredentialState *creds, const struct netr_Credential *received_credentials) { if (memcmp(received_credentials->data, creds->server.data, 8) != 0) { @@ -134,7 +157,7 @@ BOOL creds_client_check(struct netr_CredentialState *creds, produce the next authenticator in the sequence ready to send to the server */ -void creds_client_authenticator(struct netr_CredentialState *creds, +void creds_client_authenticator(struct creds_CredentialState *creds, struct netr_Authenticator *next) { creds_step(creds); @@ -144,12 +167,3 @@ void creds_client_authenticator(struct netr_CredentialState *creds, } -/* - encrypt a 16 byte password buffer using the session key -*/ -void creds_client_encrypt(struct netr_CredentialState *creds, struct netr_Password *pass) -{ - struct netr_Password tmp; - cred_hash3(tmp.data, pass->data, creds->session_key, 1); - *pass = tmp; -} |