diff options
-rw-r--r-- | source3/client/clientutil.c | 6 | ||||
-rw-r--r-- | source3/client/ntclient.c | 6 | ||||
-rw-r--r-- | source3/include/proto.h | 23 | ||||
-rw-r--r-- | source3/include/smb.h | 5 | ||||
-rw-r--r-- | source3/libsmb/credentials.c | 84 |
5 files changed, 61 insertions, 63 deletions
diff --git a/source3/client/clientutil.c b/source3/client/clientutil.c index 1d4f3fcb43..1794615cd0 100644 --- a/source3/client/clientutil.c +++ b/source3/client/clientutil.c @@ -197,7 +197,7 @@ BOOL cli_receive_trans_response(char *inbuf,int trans, send a SMB trans or trans2 request ****************************************************************************/ BOOL cli_send_trans_request(char *outbuf,int trans, - char *name,int name_len, int fid,int flags, + char *name,int namelen, int fid,int flags, char *data,char *param,uint16 *setup, int ldata,int lparam,int lsetup, int mdata,int mparam,int msetup) @@ -218,7 +218,7 @@ BOOL cli_send_trans_request(char *outbuf,int trans, SSVAL(outbuf,smb_tid,cnum); cli_setup_pkt(outbuf); - outparam = smb_buf(outbuf)+(trans==SMBtrans ? name_len+1 : 3); + outparam = smb_buf(outbuf)+(trans==SMBtrans ? namelen+1 : 3); outdata = outparam+this_lparam; /* primary request */ @@ -238,7 +238,7 @@ BOOL cli_send_trans_request(char *outbuf,int trans, SSVAL(outbuf,smb_setup+i*SIZEOFWORD,setup[i]); p = smb_buf(outbuf); if (trans==SMBtrans) - memcpy(p,name, name_len+1); /* name[] */ + memcpy(p,name, namelen+1); /* name[] */ else { *p++ = 0; /* put in a null smb_name */ diff --git a/source3/client/ntclient.c b/source3/client/ntclient.c index 59b4a7fe78..bf6531440e 100644 --- a/source3/client/ntclient.c +++ b/source3/client/ntclient.c @@ -63,7 +63,7 @@ BOOL do_nt_login(char *desthost, char *myhostname, UTIME zerotime; - uint32 sess_key[2]; + uchar sess_key[8]; char nt_owf_mach_pwd[16]; fstring mach_acct; fstring mach_pwd; @@ -221,8 +221,8 @@ BOOL do_nt_login(char *desthost, char *myhostname, fstrcpy(mach_pwd , myhostname); strcat(mach_acct, "$"); - clnt_chal.data[0] = 0x11111111; - clnt_chal.data[1] = 0x22222222; + SIVAL(clnt_chal.data, 0, 0x11111111); + SIVAL(clnt_chal.data, 4, 0x22222222); /* send a client challenge; receive a server challenge */ if (!do_lsa_req_chal(fnum, ++call_id, desthost, myhostname, &clnt_chal, &srv_chal)) diff --git a/source3/include/proto.h b/source3/include/proto.h index 56bb1eff44..4781b103ce 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -83,7 +83,7 @@ BOOL cli_receive_trans_response(char *inbuf,int trans, int *data_len,int *param_len, char **data,char **param); BOOL cli_send_trans_request(char *outbuf,int trans, - char *name,int name_len, int fid,int flags, + char *name,int namelen, int fid,int flags, char *data,char *param,uint16 *setup, int ldata,int lparam,int lsetup, int mdata,int mparam,int msetup); @@ -106,17 +106,18 @@ int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind); /*The following definitions come from credentials.c */ +char *credstr(uchar *cred); void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass, - uint32 session_key[2]); -void cred_create(uint32 session_key[2], DOM_CHAL *stor_cred, UTIME timestamp, + uchar session_key[8]); +void cred_create(uchar session_key[8], DOM_CHAL *stor_cred, UTIME timestamp, DOM_CHAL *cred); -int cred_assert(DOM_CHAL *cred, uint32 session_key[2], DOM_CHAL *stored_cred, +int cred_assert(DOM_CHAL *cred, char session_key[8], DOM_CHAL *stored_cred, UTIME timestamp); -BOOL clnt_deal_with_creds(uint32 sess_key[2], - DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_srv_cred); -BOOL deal_with_creds(uint32 sess_key[2], - DOM_CRED *sto_clnt_cred, - DOM_CRED *rcv_clnt_cred, DOM_CRED *rtn_srv_cred); +BOOL clnt_deal_with_creds(char sess_key[8], + DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_srv_cred); +BOOL deal_with_creds(uchar sess_key[8], + DOM_CRED *sto_clnt_cred, + DOM_CRED *rcv_clnt_cred, DOM_CRED *rtn_srv_cred); /*The following definitions come from dir.c */ @@ -815,14 +816,14 @@ BOOL do_lsa_auth2(uint16 fnum, uint32 call_id, char *logon_srv, char *acct_name, uint16 sec_chan, char *comp_name, DOM_CHAL *clnt_chal, uint32 neg_flags, DOM_CHAL *srv_chal); BOOL do_lsa_sam_logon(uint16 fnum, uint32 call_id, - uint32 sess_key[2], DOM_CRED *sto_clnt_cred, + uchar sess_key[8], DOM_CRED *sto_clnt_cred, char *logon_srv, char *comp_name, DOM_CRED *clnt_cred, DOM_CRED *rtn_cred, uint16 logon_level, uint16 switch_value, DOM_ID_INFO_1 *id1, LSA_USER_INFO *user_info, DOM_CRED *srv_cred); BOOL do_lsa_sam_logoff(uint16 fnum, uint32 call_id, - uint32 sess_key[2], DOM_CRED *sto_clnt_cred, + uchar sess_key[8], DOM_CRED *sto_clnt_cred, char *logon_srv, char *comp_name, DOM_CRED *clnt_cred, DOM_CRED *rtn_cred, uint16 logon_level, uint16 switch_value, DOM_ID_INFO_1 *id1, diff --git a/source3/include/smb.h b/source3/include/smb.h index 8bb1e993cd..6a7f502286 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -443,8 +443,7 @@ typedef struct log_info /* DOM_CHAL - challenge info */ typedef struct chal_info { - uint32 data[2]; /* credentials */ - + uchar data[8]; /* credentials */ } DOM_CHAL; /* DOM_CREDs - timestamped client or server credentials */ @@ -1308,7 +1307,7 @@ struct dcinfo DOM_CRED clnt_cred; /* Last client credential */ DOM_CRED srv_cred; /* Last server credential */ - uint32 sess_key[2]; /* Session key */ + uchar sess_key[8]; /* Session key */ uchar md4pw[16]; /* md4(machine password) */ }; diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index 6711604f6d..754aebca99 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -22,6 +22,22 @@ #include "includes.h" extern int DEBUGLEVEL; + + + +/**************************************************************************** +represent a credential as a string +****************************************************************************/ +char *credstr(uchar *cred) +{ + static fstring buf; + sprintf(buf,"%02X%02X%02X%02X%02X%02X%02X%02X", + cred[0], cred[1], cred[2], cred[3], + cred[4], cred[5], cred[6], cred[7]); + return buf; +} + + /**************************************************************************** setup the session key. Input: 8 byte challenge block @@ -31,11 +47,10 @@ Output: 8 byte session key ****************************************************************************/ void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass, - uint32 session_key[2]) + uchar session_key[8]) { uint32 sum[2]; unsigned char sum2[8]; - unsigned char netsesskey[8]; sum[0] = IVAL(clnt_chal->data, 0) + IVAL(srv_chal->data, 0); sum[1] = IVAL(clnt_chal->data, 4) + IVAL(srv_chal->data, 4); @@ -43,18 +58,15 @@ void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass, SIVAL(sum2,0,sum[0]); SIVAL(sum2,4,sum[1]); - cred_hash1(netsesskey, sum2,(unsigned char *)pass); - - session_key[0] = IVAL(netsesskey, 0); - session_key[1] = IVAL(netsesskey, 4); + cred_hash1(session_key, sum2,(unsigned char *)pass); /* debug output */ DEBUG(4,("cred_session_key\n")); - DEBUG(5,(" clnt_chal: %lx %lx\n", clnt_chal->data[0], clnt_chal->data[1])); - DEBUG(5,(" srv_chal : %lx %lx\n", srv_chal ->data[0], srv_chal ->data[1])); - DEBUG(5,(" clnt+srv : %lx %lx\n", sum [0], sum [1])); - DEBUG(5,(" sess_key : %lx %lx\n", session_key [0], session_key [1])); + DEBUG(5,(" clnt_chal: %s\n", credstr(clnt_chal->data))); + DEBUG(5,(" srv_chal : %s\n", credstr(srv_chal->data))); + DEBUG(5,(" clnt+srv : %s\n", credstr(sum2))); + DEBUG(5,(" sess_key : %s\n", credstr(session_key))); } @@ -69,36 +81,24 @@ Input: Output: 8 byte credential ****************************************************************************/ -void cred_create(uint32 session_key[2], DOM_CHAL *stor_cred, UTIME timestamp, +void cred_create(uchar session_key[8], DOM_CHAL *stor_cred, UTIME timestamp, DOM_CHAL *cred) { DOM_CHAL time_cred; - unsigned char calc_cred[8]; - unsigned char timecred[8]; - unsigned char netsesskey[8]; - - SIVAL(netsesskey, 0, session_key[0]); - SIVAL(netsesskey, 4, session_key[1]); - - SIVAL(timecred, 0, IVAL(stor_cred, 0) + timestamp.time); - SIVAL(timecred, 4, IVAL(stor_cred, 4)); - - cred_hash2(calc_cred, timecred, netsesskey); - cred->data[0] = IVAL(calc_cred, 0); - cred->data[1] = IVAL(calc_cred, 4); + SIVAL(time_cred.data, 0, IVAL(stor_cred->data, 0) + timestamp.time); + SIVAL(time_cred.data, 4, IVAL(stor_cred->data, 4)); - time_cred.data[0] = IVAL(timecred, 0); - time_cred.data[1] = IVAL(timecred, 4); + cred_hash2(cred->data, time_cred.data, session_key); /* debug output*/ DEBUG(4,("cred_create\n")); - DEBUG(5,(" sess_key : %lx %lx\n", session_key [0], session_key [1])); - DEBUG(5,(" stor_cred: %lx %lx\n", stor_cred->data[0], stor_cred->data[1])); + DEBUG(5,(" sess_key : %s\n", credstr(session_key))); + DEBUG(5,(" stor_cred: %s\n", credstr(stor_cred->data))); DEBUG(5,(" timestamp: %lx\n" , timestamp.time)); - DEBUG(5,(" timecred : %lx %lx\n", time_cred .data[0], time_cred .data[1])); - DEBUG(5,(" calc_cred: %lx %lx\n", cred ->data[0], cred ->data[1])); + DEBUG(5,(" timecred : %s\n", credstr(time_cred.data))); + DEBUG(5,(" calc_cred: %s\n", credstr(cred->data))); } @@ -115,7 +115,7 @@ Output: returns 1 if computed credential matches received credential returns 0 otherwise ****************************************************************************/ -int cred_assert(DOM_CHAL *cred, uint32 session_key[2], DOM_CHAL *stored_cred, +int cred_assert(DOM_CHAL *cred, char session_key[8], DOM_CHAL *stored_cred, UTIME timestamp) { DOM_CHAL cred2; @@ -125,8 +125,8 @@ int cred_assert(DOM_CHAL *cred, uint32 session_key[2], DOM_CHAL *stored_cred, /* debug output*/ DEBUG(4,("cred_assert\n")); - DEBUG(5,(" challenge : %lx %lx\n", cred->data[0], cred->data[1])); - DEBUG(5,(" calculated: %lx %lx\n", cred2.data[0], cred2.data[1])); + DEBUG(5,(" challenge : %s\n", credstr(cred->data))); + DEBUG(5,(" calculated: %s\n", credstr(cred2.data))); if (memcmp(cred->data, cred2.data, 8) == 0) { @@ -144,8 +144,8 @@ int cred_assert(DOM_CHAL *cred, uint32 session_key[2], DOM_CHAL *stored_cred, /**************************************************************************** checks credentials; generates next step in the credential chain ****************************************************************************/ -BOOL clnt_deal_with_creds(uint32 sess_key[2], - DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_srv_cred) +BOOL clnt_deal_with_creds(char sess_key[8], + DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_srv_cred) { UTIME new_clnt_time; uint32 new_cred; @@ -157,7 +157,7 @@ BOOL clnt_deal_with_creds(uint32 sess_key[2], /* check that the received server credentials are valid */ if (!cred_assert(&(rcv_srv_cred->challenge), sess_key, - &(sto_clnt_cred->challenge), new_clnt_time)) + &(sto_clnt_cred->challenge), new_clnt_time)) { return False; } @@ -169,8 +169,7 @@ BOOL clnt_deal_with_creds(uint32 sess_key[2], /* store new seed in client credentials */ SIVAL(sto_clnt_cred->challenge.data, 0, new_cred); - DEBUG(5,(" new clnt cred: %lx %lx\n", sto_clnt_cred->challenge.data[0], - sto_clnt_cred->challenge.data[1])); + DEBUG(5,(" new clnt cred: %s\n", credstr(sto_clnt_cred->challenge.data))); return True; } @@ -178,9 +177,9 @@ BOOL clnt_deal_with_creds(uint32 sess_key[2], /**************************************************************************** checks credentials; generates next step in the credential chain ****************************************************************************/ -BOOL deal_with_creds(uint32 sess_key[2], - DOM_CRED *sto_clnt_cred, - DOM_CRED *rcv_clnt_cred, DOM_CRED *rtn_srv_cred) +BOOL deal_with_creds(uchar sess_key[8], + DOM_CRED *sto_clnt_cred, + DOM_CRED *rcv_clnt_cred, DOM_CRED *rtn_srv_cred) { UTIME new_clnt_time; uint32 new_cred; @@ -212,8 +211,7 @@ BOOL deal_with_creds(uint32 sess_key[2], cred_create(sess_key, &(sto_clnt_cred->challenge), new_clnt_time, &(rtn_srv_cred->challenge)); - DEBUG(5,("deal_with_creds: clnt_cred[0]=%lx\n", - sto_clnt_cred->challenge.data[0])); + DEBUG(5,("deal_with_creds: clnt_cred=%s\n", credstr(sto_clnt_cred->challenge.data))); /* store new seed in client credentials */ SIVAL(sto_clnt_cred->challenge.data, 0, new_cred); |