summaryrefslogtreecommitdiff
path: root/source4/libcli/raw
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-05-09 12:42:18 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:51:51 -0500
commitdce84ffd379012812170f68f7de8aab73123f0b3 (patch)
treec5f6973838572fd06c07d6771f5286bc2073b569 /source4/libcli/raw
parent55fa62be31c9027d84be0e4caad3ee59d78ca1b0 (diff)
downloadsamba-dce84ffd379012812170f68f7de8aab73123f0b3.tar.gz
samba-dce84ffd379012812170f68f7de8aab73123f0b3.tar.bz2
samba-dce84ffd379012812170f68f7de8aab73123f0b3.zip
r610: - Merge the Samba3 'ntlm_auth --diagnostics' testsuite to Samba4.
- This required using NETLOGON_NEG_AUTH2_FLAGS for the SetupCredentials2 negotiation flags, which is what Samba3 does, because otherwise the server uses different crypto. - This tests the returned session keys, which we decrypt. - Update the Samba4 notion of a 'session key' to be a DATA_BLOB in most places. - Fix session key code to return NT_STATUS_NO_SESSION_KEY if none is available. - Remove a useless argument to SMBsesskeygen_ntv1 - move netr_CredentialState from the .idl to the new credentials.h Andrew Bartlett (This used to be commit 44f8b5b53e6abd4de8a676f78d729988fadff320)
Diffstat (limited to 'source4/libcli/raw')
-rw-r--r--source4/libcli/raw/clisession.c29
-rw-r--r--source4/libcli/raw/clitransport.c8
-rw-r--r--source4/libcli/raw/smb_signing.c12
3 files changed, 29 insertions, 20 deletions
diff --git a/source4/libcli/raw/clisession.c b/source4/libcli/raw/clisession.c
index 1c0af77d11..fe64565597 100644
--- a/source4/libcli/raw/clisession.c
+++ b/source4/libcli/raw/clisession.c
@@ -235,21 +235,33 @@ static DATA_BLOB nt_blob(const char *pass, DATA_BLOB challenge)
}
/*
+ store the user session key for a transport
+*/
+void cli_session_set_user_session_key(struct cli_session *session,
+ const DATA_BLOB *session_key)
+{
+ session->user_session_key = data_blob_talloc(session->mem_ctx,
+ session_key->data,
+ session_key->length);
+}
+
+/*
setup signing for a NT1 style session setup
*/
-static void setup_nt1_signing(struct cli_transport *transport, const char *password)
+static void use_nt1_session_keys(struct cli_session *session,
+ const char *password, const DATA_BLOB *nt_response)
{
+ struct cli_transport *transport = session->transport;
uchar nt_hash[16];
- uchar session_key[16];
- DATA_BLOB nt_response;
+ DATA_BLOB session_key = data_blob(NULL, 16);
E_md4hash(password, nt_hash);
- SMBsesskeygen_ntv1(nt_hash, NULL, session_key);
- nt_response = nt_blob(password, transport->negotiate.secblob);
+ SMBsesskeygen_ntv1(nt_hash, session_key.data);
- cli_transport_set_session_key(transport, session_key);
+ cli_transport_simple_set_signing(transport, session_key, *nt_response);
- cli_transport_simple_set_signing(transport, session_key, nt_response);
+ cli_session_set_user_session_key(session, &session_key);
+ data_blob_free(&session_key);
}
/****************************************************************************
@@ -332,7 +344,8 @@ static NTSTATUS smb_raw_session_setup_generic_nt1(struct cli_session *session,
session->transport->negotiate.secblob);
s2.nt1.in.password2 = nt_blob(parms->generic.in.password,
session->transport->negotiate.secblob);
- setup_nt1_signing(session->transport, parms->generic.in.password);
+ use_nt1_session_keys(session, parms->generic.in.password, &s2.nt1.in.password2);
+
} else {
s2.nt1.in.password1 = data_blob(parms->generic.in.password,
strlen(parms->generic.in.password));
diff --git a/source4/libcli/raw/clitransport.c b/source4/libcli/raw/clitransport.c
index b8eef65c7f..72cad2e925 100644
--- a/source4/libcli/raw/clitransport.c
+++ b/source4/libcli/raw/clitransport.c
@@ -231,11 +231,3 @@ BOOL cli_transport_select(struct cli_transport *transport)
return True;
}
-/*
- store the user session key for a transport
-*/
-void cli_transport_set_session_key(struct cli_transport *transport,
- const uint8 session_key[16])
-{
- memcpy(transport->negotiate.user_session_key, session_key, 16);
-}
diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c
index 2ab61aa001..5f47a5e42a 100644
--- a/source4/libcli/raw/smb_signing.c
+++ b/source4/libcli/raw/smb_signing.c
@@ -220,7 +220,8 @@ static void cli_transport_simple_free_signing_context(struct cli_transport *tran
SMB signing - Simple implementation - setup the MAC key.
************************************************************/
BOOL cli_transport_simple_set_signing(struct cli_transport *transport,
- const uchar user_transport_key[16], const DATA_BLOB response)
+ const DATA_BLOB user_session_key,
+ const DATA_BLOB response)
{
struct smb_basic_signing_context *data;
@@ -235,10 +236,13 @@ BOOL cli_transport_simple_set_signing(struct cli_transport *transport,
data = smb_xmalloc(sizeof(*data));
transport->negotiate.sign_info.signing_context = data;
- data->mac_key = data_blob(NULL, MIN(response.length + 16, 40));
+ data->mac_key = data_blob(NULL, response.length + user_session_key.length);
- memcpy(&data->mac_key.data[0], user_transport_key, 16);
- memcpy(&data->mac_key.data[16],response.data, MIN(response.length, 40 - 16));
+ memcpy(&data->mac_key.data[0], user_session_key.data, user_session_key.length);
+
+ if (response.length) {
+ memcpy(&data->mac_key.data[user_session_key.length],response.data, response.length);
+ }
/* Initialise the sequence number */
data->next_seq_num = 0;