diff options
Diffstat (limited to 'source3/libsmb')
| -rw-r--r-- | source3/libsmb/credentials.c | 107 | ||||
| -rw-r--r-- | source3/libsmb/smbdes.c | 5 | ||||
| -rw-r--r-- | source3/libsmb/smbencrypt.c | 24 |
3 files changed, 136 insertions, 0 deletions
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index ee7b1493e1..109a5a1b90 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -135,3 +135,110 @@ int cred_assert(DOM_CHAL *cred, uint32 session_key[2], DOM_CHAL *stored_cred, } } + +/**************************************************************************** + checks credentials; generates next step in the credential chain +****************************************************************************/ +BOOL srv_deal_with_creds(struct dcinfo *dc, DOM_CRED *clnt_cred, DOM_CRED *srv_cred) +{ + UTIME new_clnt_time; + uint32 new_cred; + + DEBUG(5,("deal_with_creds: %d\n", __LINE__)); + + /* check that the client credentials are valid */ + if (!cred_assert(&(clnt_cred->challenge), dc->sess_key, + &(dc->clnt_cred.challenge), clnt_cred->timestamp)) + { + return False; + } + + /* increment client time by one second */ + new_clnt_time.time = clnt_cred->timestamp.time + 1; + + /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */ + new_cred = IVAL(dc->clnt_cred.challenge.data, 0); + new_cred += new_clnt_time.time; + + DEBUG(5,("deal_with_creds: new_cred[0]=%lx\n", new_cred)); + + /* doesn't matter that server time is 0 */ + srv_cred->timestamp.time = 0; + + DEBUG(5,("deal_with_creds: new_clnt_time=%lx\n", new_clnt_time.time)); + + /* create return credentials for inclusion in the reply */ + cred_create(dc->sess_key, &(dc->clnt_cred.challenge), new_clnt_time, + &(srv_cred->challenge)); + + DEBUG(5,("deal_with_creds: clnt_cred[0]=%lx\n", + dc->clnt_cred.challenge.data[0])); + + /* store new seed in client and server credentials */ + SIVAL(dc->clnt_cred.challenge.data, 0, new_cred); + SIVAL(dc->srv_cred .challenge.data, 0, new_cred); + + return True; +} + + +#if 0 +/**************************************************************************** + checks credentials; generates next step in the credential chain +****************************************************************************/ +BOOL clnt_deal_with_creds(struct dcinfo *dc, DOM_CRED *srv_cred, DOM_CRED *clnt_cred) +{ + UTIME new_clnt_time; + uint32 new_cred; + + DEBUG(5,("deal_with_creds: %d\n", __LINE__)); + + /* setup new client time */ + dc->clnt_cred.timestamp.time = time(NULL); + + /* create sent credentials for inclusion in the reply */ + cred_create(dc->sess_key, srv_cred, dc->clnt_cred.timestamp.time, clnt_cred); + + /* increment client time by one second */ + (dc->clnt_cred.timestamp.time)++; + + /* create expected return credentials to be received from server */ + cred_create(dc->sess_key, srv_cred, dc->clnt_cred.timestamp.time, clnt_cred); + + + + /* check that the server credentials are valid */ + if (!cred_assert(&(srv_cred->challenge), dc->sess_key, + &(dc->clnt_cred), clnt_cred->timestamp)) + { + return False; + } + /* increment client time by one second */ + new_clnt_time = (dc->clnt_cred.timestamp.time += 1); + + /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */ + new_cred = IVAL(dc->clnt_cred.data, 0); + new_cred += new_clnt_time.time; + + DEBUG(5,("deal_with_creds: new_cred[0]=%lx\n", new_cred)); + + /* create new client credentials */ + cred_create(dc->sess_key, new_cred, new_clnt_time, clnt_cred); + + DEBUG(5,("deal_with_creds: new_clnt_time=%lx\n", new_clnt_time.time)); + + /* create return credentials for inclusion in the reply + cred_create(dc->sess_key, srv_cred, new_clnt_time, + clnt_cred); + */ + DEBUG(5,("deal_with_creds: clnt_cred[0]=%lx\n", + dc->clnt_cred.data[0])); + + /* store new seed in client and server credentials */ + SIVAL(dc->clnt_cred.data, 0, new_cred); + SIVAL(dc->srv_cred .data, 0, new_cred); + + return True; +} + +#endif diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c index 67e27016c3..9675401f14 100644 --- a/source3/libsmb/smbdes.c +++ b/source3/libsmb/smbdes.c @@ -329,7 +329,12 @@ void cred_hash2(unsigned char *out,unsigned char *in,unsigned char *key) { unsigned char buf[8]; static unsigned char key2[8]; + int i; + for (i=0;i<8;i++) { + key2[i] = 0; + } + smbhash(buf, in, key); key2[0] = key[7]; smbhash(out, buf, key2); diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 27172fd413..517ee0f941 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -109,3 +109,27 @@ void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24) E_P24(p21, c8, p24); } +/* Does both the NT and LM owfs of a user's password */ + +void nt_lm_owf_gen(char *pwd, char nt_p16[16], char p16[16]) +{ + char passwd[129]; + strncpy(passwd, pwd, 129); + + /* Calculate the MD4 hash (NT compatible) of the password */ + memset(nt_p16, '\0', 16); + E_md4hash((uchar *)passwd, nt_p16); + + /* Mangle the passwords into Lanman format */ + passwd[14] = '\0'; + strupper(passwd); + + /* Calculate the SMB (lanman) hash functions of the password */ + + memset(p16, '\0', 16); + E_P16((uchar *) passwd, p16); + + /* clear out local copy of user's password (just being paranoid). */ + bzero(passwd, sizeof(passwd)); +} + |