summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/libsmb/credentials.c45
1 files changed, 45 insertions, 0 deletions
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c
index f03bf22df1..0043f4e6a9 100644
--- a/source3/libsmb/credentials.c
+++ b/source3/libsmb/credentials.c
@@ -225,6 +225,21 @@ bool creds_server_check(const struct dcinfo *dc, const DOM_CHAL *rcv_cli_chal_in
return True;
}
+bool netlogon_creds_server_check(const struct dcinfo *dc,
+ const struct netr_Credential *rcv_cli_chal_in)
+{
+ if (memcmp(dc->clnt_chal.data, rcv_cli_chal_in->data, 8)) {
+ DEBUG(5,("netlogon_creds_server_check: challenge : %s\n",
+ credstr(rcv_cli_chal_in->data)));
+ DEBUG(5,("calculated: %s\n", credstr(dc->clnt_chal.data)));
+ DEBUG(2,("netlogon_creds_server_check: credentials check failed.\n"));
+ return false;
+ }
+
+ DEBUG(10,("netlogon_creds_server_check: credentials check OK.\n"));
+
+ return true;
+}
/****************************************************************************
Replace current seed chal. Internal function - due to split server step below.
****************************************************************************/
@@ -273,6 +288,36 @@ bool creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRE
return True;
}
+bool netlogon_creds_server_step(struct dcinfo *dc,
+ const struct netr_Authenticator *received_cred,
+ struct netr_Authenticator *cred_out)
+{
+ bool ret;
+ struct dcinfo tmp_dc = *dc;
+
+ /* Do all operations on a temporary copy of the dc,
+ which we throw away if the checks fail. */
+
+ tmp_dc.sequence = received_cred->timestamp;
+
+ creds_step(&tmp_dc);
+
+ /* Create the outgoing credentials */
+ cred_out->timestamp = tmp_dc.sequence + 1;
+ memcpy(&cred_out->cred, &tmp_dc.srv_chal, sizeof(cred_out->cred));
+
+ creds_reseed(&tmp_dc);
+
+ ret = netlogon_creds_server_check(&tmp_dc, &received_cred->cred);
+ if (!ret) {
+ return false;
+ }
+
+ /* creds step succeeded - replace the current creds. */
+ *dc = tmp_dc;
+ return true;
+}
+
/****************************************************************************
Create a client credential struct.
****************************************************************************/