summaryrefslogtreecommitdiff
path: root/libcli/auth
diff options
context:
space:
mode:
Diffstat (limited to 'libcli/auth')
-rw-r--r--libcli/auth/credentials.c31
1 files changed, 21 insertions, 10 deletions
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index e268b9ddff..87d1866ca4 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -25,6 +25,13 @@
#include "../lib/crypto/crypto.h"
#include "libcli/auth/libcli_auth.h"
+static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds,
+ const struct netr_Credential *in,
+ struct netr_Credential *out)
+{
+ des_crypt112(out->data, in->data, creds->session_key, 1);
+}
+
/*
initialise the credentials state for old-style 64 bit session keys
@@ -47,11 +54,6 @@ static void netlogon_creds_init_64bit(struct netlogon_creds_CredentialState *cre
ZERO_STRUCT(creds->session_key);
des_crypt128(creds->session_key, sum2, machine_password->hash);
-
- des_crypt112(creds->client.data, client_challenge->data, creds->session_key, 1);
- des_crypt112(creds->server.data, server_challenge->data, creds->session_key, 1);
-
- creds->seed = creds->client;
}
/*
@@ -80,14 +82,19 @@ static void netlogon_creds_init_128bit(struct netlogon_creds_CredentialState *cr
MD5Final(tmp, &md5);
hmac_md5_update(tmp, sizeof(tmp), &ctx);
hmac_md5_final(creds->session_key, &ctx);
+}
- des_crypt112(creds->client.data, client_challenge->data, creds->session_key, 1);
- des_crypt112(creds->server.data, server_challenge->data, creds->session_key, 1);
+static void netlogon_creds_first_step(struct netlogon_creds_CredentialState *creds,
+ const struct netr_Credential *client_challenge,
+ const struct netr_Credential *server_challenge)
+{
+ netlogon_creds_step_crypt(creds, client_challenge, &creds->client);
+
+ netlogon_creds_step_crypt(creds, server_challenge, &creds->server);
creds->seed = creds->client;
}
-
/*
step the credentials to the next element in the chain, updating the
current client and server credentials and the seed
@@ -104,7 +111,7 @@ static void netlogon_creds_step(struct netlogon_creds_CredentialState *creds)
DEBUG(5,("\tseed+time %08x:%08x\n", IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
- des_crypt112(creds->client.data, time_cred.data, creds->session_key, 1);
+ netlogon_creds_step_crypt(creds, &time_cred, &creds->client);
DEBUG(5,("\tCLIENT %08x:%08x\n",
IVAL(creds->client.data, 0), IVAL(creds->client.data, 4)));
@@ -115,7 +122,7 @@ static void netlogon_creds_step(struct netlogon_creds_CredentialState *creds)
DEBUG(5,("\tseed+time+1 %08x:%08x\n",
IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
- des_crypt112(creds->server.data, time_cred.data, creds->session_key, 1);
+ netlogon_creds_step_crypt(creds, &time_cred, &creds->server);
DEBUG(5,("\tSERVER %08x:%08x\n",
IVAL(creds->server.data, 0), IVAL(creds->server.data, 4)));
@@ -225,6 +232,8 @@ struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *me
netlogon_creds_init_64bit(creds, client_challenge, server_challenge, machine_password);
}
+ netlogon_creds_first_step(creds, client_challenge, server_challenge);
+
dump_data_pw("Session key", creds->session_key, 16);
dump_data_pw("Credential ", creds->client.data, 8);
@@ -346,6 +355,8 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
machine_password);
}
+ netlogon_creds_first_step(creds, client_challenge, server_challenge);
+
/* And before we leak information about the machine account
* password, check that they got the first go right */
if (!netlogon_creds_server_check_internal(creds, credentials_in)) {