diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-05-09 12:42:18 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:51:51 -0500 |
commit | dce84ffd379012812170f68f7de8aab73123f0b3 (patch) | |
tree | c5f6973838572fd06c07d6771f5286bc2073b569 /source4/libcli/raw | |
parent | 55fa62be31c9027d84be0e4caad3ee59d78ca1b0 (diff) | |
download | samba-dce84ffd379012812170f68f7de8aab73123f0b3.tar.gz samba-dce84ffd379012812170f68f7de8aab73123f0b3.tar.bz2 samba-dce84ffd379012812170f68f7de8aab73123f0b3.zip |
r610: - Merge the Samba3 'ntlm_auth --diagnostics' testsuite to Samba4.
- This required using NETLOGON_NEG_AUTH2_FLAGS for the
SetupCredentials2 negotiation flags, which is what Samba3 does,
because otherwise the server uses different crypto.
- This tests the returned session keys, which we decrypt.
- Update the Samba4 notion of a 'session key' to be a DATA_BLOB in
most places.
- Fix session key code to return NT_STATUS_NO_SESSION_KEY if none is
available.
- Remove a useless argument to SMBsesskeygen_ntv1
- move netr_CredentialState from the .idl to the new credentials.h
Andrew Bartlett
(This used to be commit 44f8b5b53e6abd4de8a676f78d729988fadff320)
Diffstat (limited to 'source4/libcli/raw')
-rw-r--r-- | source4/libcli/raw/clisession.c | 29 | ||||
-rw-r--r-- | source4/libcli/raw/clitransport.c | 8 | ||||
-rw-r--r-- | source4/libcli/raw/smb_signing.c | 12 |
3 files changed, 29 insertions, 20 deletions
diff --git a/source4/libcli/raw/clisession.c b/source4/libcli/raw/clisession.c index 1c0af77d11..fe64565597 100644 --- a/source4/libcli/raw/clisession.c +++ b/source4/libcli/raw/clisession.c @@ -235,21 +235,33 @@ static DATA_BLOB nt_blob(const char *pass, DATA_BLOB challenge) } /* + store the user session key for a transport +*/ +void cli_session_set_user_session_key(struct cli_session *session, + const DATA_BLOB *session_key) +{ + session->user_session_key = data_blob_talloc(session->mem_ctx, + session_key->data, + session_key->length); +} + +/* setup signing for a NT1 style session setup */ -static void setup_nt1_signing(struct cli_transport *transport, const char *password) +static void use_nt1_session_keys(struct cli_session *session, + const char *password, const DATA_BLOB *nt_response) { + struct cli_transport *transport = session->transport; uchar nt_hash[16]; - uchar session_key[16]; - DATA_BLOB nt_response; + DATA_BLOB session_key = data_blob(NULL, 16); E_md4hash(password, nt_hash); - SMBsesskeygen_ntv1(nt_hash, NULL, session_key); - nt_response = nt_blob(password, transport->negotiate.secblob); + SMBsesskeygen_ntv1(nt_hash, session_key.data); - cli_transport_set_session_key(transport, session_key); + cli_transport_simple_set_signing(transport, session_key, *nt_response); - cli_transport_simple_set_signing(transport, session_key, nt_response); + cli_session_set_user_session_key(session, &session_key); + data_blob_free(&session_key); } /**************************************************************************** @@ -332,7 +344,8 @@ static NTSTATUS smb_raw_session_setup_generic_nt1(struct cli_session *session, session->transport->negotiate.secblob); s2.nt1.in.password2 = nt_blob(parms->generic.in.password, session->transport->negotiate.secblob); - setup_nt1_signing(session->transport, parms->generic.in.password); + use_nt1_session_keys(session, parms->generic.in.password, &s2.nt1.in.password2); + } else { s2.nt1.in.password1 = data_blob(parms->generic.in.password, strlen(parms->generic.in.password)); diff --git a/source4/libcli/raw/clitransport.c b/source4/libcli/raw/clitransport.c index b8eef65c7f..72cad2e925 100644 --- a/source4/libcli/raw/clitransport.c +++ b/source4/libcli/raw/clitransport.c @@ -231,11 +231,3 @@ BOOL cli_transport_select(struct cli_transport *transport) return True; } -/* - store the user session key for a transport -*/ -void cli_transport_set_session_key(struct cli_transport *transport, - const uint8 session_key[16]) -{ - memcpy(transport->negotiate.user_session_key, session_key, 16); -} diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c index 2ab61aa001..5f47a5e42a 100644 --- a/source4/libcli/raw/smb_signing.c +++ b/source4/libcli/raw/smb_signing.c @@ -220,7 +220,8 @@ static void cli_transport_simple_free_signing_context(struct cli_transport *tran SMB signing - Simple implementation - setup the MAC key. ************************************************************/ BOOL cli_transport_simple_set_signing(struct cli_transport *transport, - const uchar user_transport_key[16], const DATA_BLOB response) + const DATA_BLOB user_session_key, + const DATA_BLOB response) { struct smb_basic_signing_context *data; @@ -235,10 +236,13 @@ BOOL cli_transport_simple_set_signing(struct cli_transport *transport, data = smb_xmalloc(sizeof(*data)); transport->negotiate.sign_info.signing_context = data; - data->mac_key = data_blob(NULL, MIN(response.length + 16, 40)); + data->mac_key = data_blob(NULL, response.length + user_session_key.length); - memcpy(&data->mac_key.data[0], user_transport_key, 16); - memcpy(&data->mac_key.data[16],response.data, MIN(response.length, 40 - 16)); + memcpy(&data->mac_key.data[0], user_session_key.data, user_session_key.length); + + if (response.length) { + memcpy(&data->mac_key.data[user_session_key.length],response.data, response.length); + } /* Initialise the sequence number */ data->next_seq_num = 0; |