diff options
Diffstat (limited to 'source3/libsmb/credentials.c')
| -rw-r--r-- | source3/libsmb/credentials.c | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index ee7b1493e1..109a5a1b90 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -135,3 +135,110 @@ int cred_assert(DOM_CHAL *cred, uint32 session_key[2], DOM_CHAL *stored_cred, } } + +/**************************************************************************** + checks credentials; generates next step in the credential chain +****************************************************************************/ +BOOL srv_deal_with_creds(struct dcinfo *dc, DOM_CRED *clnt_cred, DOM_CRED *srv_cred) +{ + UTIME new_clnt_time; + uint32 new_cred; + + DEBUG(5,("deal_with_creds: %d\n", __LINE__)); + + /* check that the client credentials are valid */ + if (!cred_assert(&(clnt_cred->challenge), dc->sess_key, + &(dc->clnt_cred.challenge), clnt_cred->timestamp)) + { + return False; + } + + /* increment client time by one second */ + new_clnt_time.time = clnt_cred->timestamp.time + 1; + + /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */ + new_cred = IVAL(dc->clnt_cred.challenge.data, 0); + new_cred += new_clnt_time.time; + + DEBUG(5,("deal_with_creds: new_cred[0]=%lx\n", new_cred)); + + /* doesn't matter that server time is 0 */ + srv_cred->timestamp.time = 0; + + DEBUG(5,("deal_with_creds: new_clnt_time=%lx\n", new_clnt_time.time)); + + /* create return credentials for inclusion in the reply */ + cred_create(dc->sess_key, &(dc->clnt_cred.challenge), new_clnt_time, + &(srv_cred->challenge)); + + DEBUG(5,("deal_with_creds: clnt_cred[0]=%lx\n", + dc->clnt_cred.challenge.data[0])); + + /* store new seed in client and server credentials */ + SIVAL(dc->clnt_cred.challenge.data, 0, new_cred); + SIVAL(dc->srv_cred .challenge.data, 0, new_cred); + + return True; +} + + +#if 0 +/**************************************************************************** + checks credentials; generates next step in the credential chain +****************************************************************************/ +BOOL clnt_deal_with_creds(struct dcinfo *dc, DOM_CRED *srv_cred, DOM_CRED *clnt_cred) +{ + UTIME new_clnt_time; + uint32 new_cred; + + DEBUG(5,("deal_with_creds: %d\n", __LINE__)); + + /* setup new client time */ + dc->clnt_cred.timestamp.time = time(NULL); + + /* create sent credentials for inclusion in the reply */ + cred_create(dc->sess_key, srv_cred, dc->clnt_cred.timestamp.time, clnt_cred); + + /* increment client time by one second */ + (dc->clnt_cred.timestamp.time)++; + + /* create expected return credentials to be received from server */ + cred_create(dc->sess_key, srv_cred, dc->clnt_cred.timestamp.time, clnt_cred); + + + + /* check that the server credentials are valid */ + if (!cred_assert(&(srv_cred->challenge), dc->sess_key, + &(dc->clnt_cred), clnt_cred->timestamp)) + { + return False; + } + /* increment client time by one second */ + new_clnt_time = (dc->clnt_cred.timestamp.time += 1); + + /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */ + new_cred = IVAL(dc->clnt_cred.data, 0); + new_cred += new_clnt_time.time; + + DEBUG(5,("deal_with_creds: new_cred[0]=%lx\n", new_cred)); + + /* create new client credentials */ + cred_create(dc->sess_key, new_cred, new_clnt_time, clnt_cred); + + DEBUG(5,("deal_with_creds: new_clnt_time=%lx\n", new_clnt_time.time)); + + /* create return credentials for inclusion in the reply + cred_create(dc->sess_key, srv_cred, new_clnt_time, + clnt_cred); + */ + DEBUG(5,("deal_with_creds: clnt_cred[0]=%lx\n", + dc->clnt_cred.data[0])); + + /* store new seed in client and server credentials */ + SIVAL(dc->clnt_cred.data, 0, new_cred); + SIVAL(dc->srv_cred .data, 0, new_cred); + + return True; +} + +#endif |