* another small API change in the credentials code

* don't use static variables in the smbdes code (This used to be commit e6e09064646c347169852fa162c72fc0542c6d5c)
author: Andrew Tridgell <tridge@samba.org> 2003-12-01 22:13:11 +0000
committer: Andrew Tridgell <tridge@samba.org> 2003-12-01 22:13:11 +0000
commit: 8b30b0071cb7668f49b2ea5951d1180bf90371e3 (patch)
tree: 95fd324add9a362e7f25c7bec06ec28af1e95841 /source4/libcli
parent: f9e2a8af391f8ecb7cf6aa2d017898503d16985f (diff)
download: samba-8b30b0071cb7668f49b2ea5951d1180bf90371e3.tar.gz
samba-8b30b0071cb7668f49b2ea5951d1180bf90371e3.tar.bz2
samba-8b30b0071cb7668f49b2ea5951d1180bf90371e3.zip
2 files changed, 88 insertions, 62 deletions
diff --git a/source4/libcli/auth/credentials.c b/source4/libcli/auth/credentials.c
index 06ca416592..80ea2e9583 100644
--- a/source4/libcli/auth/credentials.c
+++ b/source4/libcli/auth/credentials.c
@@ -23,12 +23,16 @@
 #include "includes.h"
 
 /*
-  initialise the credentials state
+  initialise the credentials state and return the initial credentials
+  to be sent as part of a netr_ServerAuthenticate*() call.
+
+  this call is made after the netr_ServerReqChallenge call
 */
 void creds_init(struct netr_CredentialState *creds,
 		const struct netr_Credential *client_challenge,
 		const struct netr_Credential *server_challenge,
-		const uint8 machine_password[16])
+		const uint8 machine_password[16],
+		struct netr_Credential *initial_creds)
 {
 	struct netr_Credential time_cred;
 	uint32 sum[2];
@@ -44,40 +48,64 @@ void creds_init(struct netr_CredentialState *creds,
 
 	creds->sequence = 0;
 
-	SIVAL(time_cred.data, 0, IVAL(client_challenge->data, 0) + creds->sequence);
+	SIVAL(time_cred.data, 0, IVAL(client_challenge->data, 0));
 	SIVAL(time_cred.data, 4, IVAL(client_challenge->data, 4));
 
-	cred_hash2(creds->client_cred.data, time_cred.data, creds->session_key);
+	cred_hash2(creds->cred2.data, time_cred.data, creds->session_key);
+
+	creds->cred1 = *server_challenge;
 
-	creds->server_cred = *server_challenge;
+	*initial_creds = creds->cred2;
 }
 
+
 /*
-  check that the credentials reply is correct then generate the next
-  set of credentials
+  check that a credentials reply is correct
 */
-BOOL creds_next(struct netr_CredentialState *creds,
-		const struct netr_Credential *next)
+BOOL creds_check(struct netr_CredentialState *creds,
+		 const struct netr_Credential *received_credentials)
 {
-	struct netr_Credential cred2;
-	struct netr_Credential time_cred;
+	struct netr_Credential cred2, time_cred;
+	uint32 sequence = creds->sequence?creds->sequence+1:0;
 
-	SIVAL(time_cred.data, 0, IVAL(creds->server_cred.data, 0) + creds->sequence);
-	SIVAL(time_cred.data, 4, IVAL(creds->server_cred.data, 4));
+	SIVAL(time_cred.data, 0, IVAL(creds->cred1.data, 0) + sequence);
+	SIVAL(time_cred.data, 4, IVAL(creds->cred1.data, 4));
 	cred_hash2(cred2.data, time_cred.data, creds->session_key);
-	if (memcmp(next->data, cred2.data, 8) != 0) {
+	if (memcmp(received_credentials->data, cred2.data, 8) != 0) {
 		DEBUG(2,("credentials check failed\n"));
 		return False;
 	}
 
-	creds->server_cred = creds->client_cred;
+	return True;
+}
 
-	SIVAL(time_cred.data, 0, IVAL(creds->client_cred.data, 0) + creds->sequence);
-	SIVAL(time_cred.data, 4, IVAL(creds->client_cred.data, 4));
+/*
+  produce the next authenticator in the sequence ready to send to 
+  the server
+*/
+void creds_authenticator(struct netr_CredentialState *creds,
+			 struct netr_Authenticator *next)
+{
+	struct netr_Credential cred2;
+	struct netr_Credential time_cred;
+
+	if (creds->sequence == 0) {
+		creds->sequence = time(NULL);
+	}
+
+	/* this step size is quite arbitrary - the client can choose
+	   any sequence number it likes */
+	creds->sequence += 2;
+
+	creds->cred1 = creds->cred2;
+
+	SIVAL(time_cred.data, 0, IVAL(creds->cred2.data, 0) + creds->sequence);
+	SIVAL(time_cred.data, 4, IVAL(creds->cred2.data, 4));
 
 	cred_hash2(cred2.data, time_cred.data, creds->session_key);
 
-	creds->client_cred = cred2;
-	creds->sequence++;
-	return True;
+	creds->cred2 = cred2;
+
+	next->cred = creds->cred2;
+	next->timestamp = creds->sequence;
 }
diff --git a/source4/libcli/util/smbdes.c b/source4/libcli/util/smbdes.c
index cde77f94a3..e5c4c6f3f1 100644
--- a/source4/libcli/util/smbdes.c
+++ b/source4/libcli/util/smbdes.c
@@ -306,7 +306,7 @@ static void smbhash(unsigned char *out, const unsigned char *in, const unsigned
 
 void E_P16(const unsigned char *p14,unsigned char *p16)
 {
-	unsigned char sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
+	unsigned const char sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
 	smbhash(p16, sp8, p14, 1);
 	smbhash(p16+8, sp8, p14+7, 1);
 }
@@ -341,8 +341,8 @@ void cred_hash1(unsigned char *out, const unsigned char *in, const unsigned char
 void cred_hash2(unsigned char *out, const unsigned char *in, const unsigned char *key)
 {
 	unsigned char buf[8];
-	static unsigned char key2[8];
-
+	unsigned char key2[8];
+	ZERO_STRUCT(key2);
 	smbhash(buf, in, key, 1);
 	key2[0] = key[7];
 	smbhash(out, buf, key2, 1);
@@ -350,8 +350,8 @@ void cred_hash2(unsigned char *out, const unsigned char *in, const unsigned char
 
 void cred_hash3(unsigned char *out, unsigned char *in, const unsigned char *key, int forw)
 {
-        static unsigned char key2[8];
-
+        unsigned char key2[8];
+	ZERO_STRUCT(key2);
         smbhash(out, in, key, forw);
         key2[0] = key[7];
         smbhash(out + 8, in + 8, key2, forw);
@@ -359,48 +359,46 @@ void cred_hash3(unsigned char *out, unsigned char *in, const unsigned char *key,
 
 void SamOEMhash( unsigned char *data, const unsigned char *key, int val)
 {
-  unsigned char s_box[256];
-  unsigned char index_i = 0;
-  unsigned char index_j = 0;
-  unsigned char j = 0;
-  int ind;
-
-  for (ind = 0; ind < 256; ind++)
-  {
-    s_box[ind] = (unsigned char)ind;
-  }
-
-  for( ind = 0; ind < 256; ind++)
-  {
-     unsigned char tc;
-
-     j += (s_box[ind] + key[ind%16]);
-
-     tc = s_box[ind];
-     s_box[ind] = s_box[j];
-     s_box[j] = tc;
-  }
-  for( ind = 0; ind < val; ind++)
-  {
-    unsigned char tc;
-    unsigned char t;
-
-    index_i++;
-    index_j += s_box[index_i];
-
-    tc = s_box[index_i];
-    s_box[index_i] = s_box[index_j];
-    s_box[index_j] = tc;
-
-    t = s_box[index_i] + s_box[index_j];
-    data[ind] = data[ind] ^ s_box[t];
-  }
+	unsigned char s_box[256];
+	unsigned char index_i = 0;
+	unsigned char index_j = 0;
+	unsigned char j = 0;
+	int ind;
+	
+	for (ind = 0; ind < 256; ind++) {
+		s_box[ind] = (unsigned char)ind;
+	}
+
+	for( ind = 0; ind < 256; ind++) {
+		unsigned char tc;
+		
+		j += (s_box[ind] + key[ind%16]);
+		
+		tc = s_box[ind];
+		s_box[ind] = s_box[j];
+		s_box[j] = tc;
+	}
+
+	for (ind = 0; ind < val; ind++){
+		unsigned char tc;
+		unsigned char t;
+
+		index_i++;
+		index_j += s_box[index_i];
+		
+		tc = s_box[index_i];
+		s_box[index_i] = s_box[index_j];
+		s_box[index_j] = tc;
+		
+		t = s_box[index_i] + s_box[index_j];
+		data[ind] = data[ind] ^ s_box[t];
+	}
 }
 
+
 /* Decode a sam password hash into a password.  The password hash is the
    same method used to store passwords in the NT registry.  The DES key
    used is based on the RID of the user. */
-
 void sam_pwd_hash(unsigned int rid, const uchar *in, uchar *out, int forw)
 {
 	uchar s[14];
author	Andrew Tridgell <tridge@samba.org>	2003-12-01 22:13:11 +0000
committer	Andrew Tridgell <tridge@samba.org>	2003-12-01 22:13:11 +0000
commit	8b30b0071cb7668f49b2ea5951d1180bf90371e3 (patch)
tree	95fd324add9a362e7f25c7bec06ec28af1e95841 /source4/libcli
parent	f9e2a8af391f8ecb7cf6aa2d017898503d16985f (diff)
download	samba-8b30b0071cb7668f49b2ea5951d1180bf90371e3.tar.gz samba-8b30b0071cb7668f49b2ea5951d1180bf90371e3.tar.bz2 samba-8b30b0071cb7668f49b2ea5951d1180bf90371e3.zip