summaryrefslogtreecommitdiff
path: root/source3/libsmb/credentials.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/libsmb/credentials.c')
-rw-r--r--source3/libsmb/credentials.c88
1 files changed, 79 insertions, 9 deletions
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c
index 5026f513ab..975f9bca49 100644
--- a/source3/libsmb/credentials.c
+++ b/source3/libsmb/credentials.c
@@ -25,7 +25,7 @@
Represent a credential as a string.
****************************************************************************/
-char *credstr(const uchar *cred)
+char *credstr(const unsigned char *cred)
{
static fstring buf;
slprintf(buf, sizeof(buf) - 1, "%02X%02X%02X%02X%02X%02X%02X%02X",
@@ -34,6 +34,58 @@ char *credstr(const uchar *cred)
return buf;
}
+/****************************************************************************
+ Setup the session key and the client and server creds in dc.
+ ADS-style 128 bit session keys.
+ Used by both client and server creds setup.
+****************************************************************************/
+
+static void creds_init_128(struct dcinfo *dc,
+ const DOM_CHAL *clnt_chal_in,
+ const DOM_CHAL *srv_chal_in,
+ const char mach_pw[16])
+{
+ unsigned char zero[4], tmp[16];
+ HMACMD5Context ctx;
+ struct MD5Context md5;
+
+ /* Just in case this isn't already there */
+ memcpy(dc->mach_pw, mach_pw, 16);
+
+ ZERO_STRUCT(dc->sess_key);
+
+ memset(zero, 0, sizeof(zero));
+
+ hmac_md5_init_rfc2104(mach_pw, 16, &ctx);
+ MD5Init(&md5);
+ MD5Update(&md5, zero, sizeof(zero));
+ MD5Update(&md5, clnt_chal_in->data, 8);
+ MD5Update(&md5, srv_chal_in->data, 8);
+ MD5Final(tmp, &md5);
+ hmac_md5_update(tmp, sizeof(tmp), &ctx);
+ hmac_md5_final(dc->sess_key, &ctx);
+
+ /* debug output */
+ DEBUG(5,("creds_init_128\n"));
+ DEBUG(5,("\tclnt_chal_in: %s\n", credstr(clnt_chal_in->data)));
+ DEBUG(5,("\tsrv_chal_in : %s\n", credstr(srv_chal_in->data)));
+ dump_data_pw("\tsession_key ", (const unsigned char *)dc->sess_key, 16);
+
+ /* Generate the next client and server creds. */
+
+ des_crypt112(dc->clnt_chal.data, /* output */
+ clnt_chal_in->data, /* input */
+ dc->sess_key, /* input */
+ 1);
+
+ des_crypt112(dc->srv_chal.data, /* output */
+ srv_chal_in->data, /* input */
+ dc->sess_key, /* input */
+ 1);
+
+ /* Seed is the client chal. */
+ memcpy(dc->seed_chal.data, dc->clnt_chal.data, 8);
+}
/****************************************************************************
Setup the session key and the client and server creds in dc.
@@ -63,10 +115,10 @@ static void creds_init_64(struct dcinfo *dc,
/* debug output */
DEBUG(5,("creds_init_64\n"));
- DEBUG(5,(" clnt_chal_in: %s\n", credstr(clnt_chal_in->data)));
- DEBUG(5,(" srv_chal_in : %s\n", credstr(srv_chal_in->data)));
- DEBUG(5,(" clnt+srv : %s\n", credstr(sum2)));
- DEBUG(5,(" sess_key_out : %s\n", credstr(dc->sess_key)));
+ DEBUG(5,("\tclnt_chal_in: %s\n", credstr(clnt_chal_in->data)));
+ DEBUG(5,("\tsrv_chal_in : %s\n", credstr(srv_chal_in->data)));
+ DEBUG(5,("\tclnt+srv : %s\n", credstr(sum2)));
+ DEBUG(5,("\tsess_key_out : %s\n", credstr(dc->sess_key)));
/* Generate the next client and server creds. */
@@ -120,21 +172,30 @@ static void creds_step(struct dcinfo *dc)
Create a server credential struct.
****************************************************************************/
-void creds_server_init(struct dcinfo *dc,
+void creds_server_init(uint32 neg_flags,
+ struct dcinfo *dc,
DOM_CHAL *clnt_chal,
DOM_CHAL *srv_chal,
const char mach_pw[16],
DOM_CHAL *init_chal_out)
{
+ DEBUG(10,("creds_server_init: neg_flags : %x\n", (unsigned int)neg_flags));
DEBUG(10,("creds_server_init: client chal : %s\n", credstr(clnt_chal->data) ));
DEBUG(10,("creds_server_init: server chal : %s\n", credstr(srv_chal->data) ));
dump_data_pw("creds_server_init: machine pass", (const unsigned char *)mach_pw, 16);
/* Generate the session key and the next client and server creds. */
- creds_init_64(dc,
+ if (neg_flags & NETLOGON_NEG_128BIT) {
+ creds_init_128(dc,
clnt_chal,
srv_chal,
mach_pw);
+ } else {
+ creds_init_64(dc,
+ clnt_chal,
+ srv_chal,
+ mach_pw);
+ }
dump_data_pw("creds_server_init: session key", dc->sess_key, 16);
@@ -213,7 +274,8 @@ BOOL creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRE
Create a client credential struct.
****************************************************************************/
-void creds_client_init(struct dcinfo *dc,
+void creds_client_init(uint32 neg_flags,
+ struct dcinfo *dc,
DOM_CHAL *clnt_chal,
DOM_CHAL *srv_chal,
const unsigned char mach_pw[16],
@@ -221,15 +283,23 @@ void creds_client_init(struct dcinfo *dc,
{
dc->sequence = time(NULL);
+ DEBUG(10,("creds_client_init: neg_flags : %x\n", (unsigned int)neg_flags));
DEBUG(10,("creds_client_init: client chal : %s\n", credstr(clnt_chal->data) ));
DEBUG(10,("creds_client_init: server chal : %s\n", credstr(srv_chal->data) ));
dump_data_pw("creds_client_init: machine pass", (const unsigned char *)mach_pw, 16);
/* Generate the session key and the next client and server creds. */
- creds_init_64(dc,
+ if (neg_flags & NETLOGON_NEG_128BIT) {
+ creds_init_128(dc,
+ clnt_chal,
+ srv_chal,
+ mach_pw);
+ } else {
+ creds_init_64(dc,
clnt_chal,
srv_chal,
mach_pw);
+ }
dump_data_pw("creds_client_init: session key", dc->sess_key, 16);
generated by cgit (git 2.34.1) at 2024-07-19 05:49:06 +0000