summaryrefslogtreecommitdiff
path: root/source4/libcli/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source4/libcli/auth')
-rw-r--r--source4/libcli/auth/credentials.c61
1 files changed, 45 insertions, 16 deletions
diff --git a/source4/libcli/auth/credentials.c b/source4/libcli/auth/credentials.c
index 7d56f26b11..5fa9d5ac4a 100644
--- a/source4/libcli/auth/credentials.c
+++ b/source4/libcli/auth/credentials.c
@@ -69,8 +69,6 @@ static void creds_step(struct creds_CredentialState *creds)
{
struct netr_Credential time_cred;
- creds->sequence += 2;
-
DEBUG(5,("\tseed %08x:%08x\n",
IVAL(creds->seed.data, 0), IVAL(creds->seed.data, 4)));
@@ -98,6 +96,7 @@ static void creds_step(struct creds_CredentialState *creds)
creds->seed = time_cred;
}
+
/*
DES encrypt a 16 byte password buffer using the session key
*/
@@ -109,6 +108,16 @@ void creds_des_encrypt(struct creds_CredentialState *creds, struct netr_Password
}
/*
+ DES decrypt a 16 byte password buffer using the session key
+*/
+void creds_des_decrypt(struct creds_CredentialState *creds, struct netr_Password *pass)
+{
+ struct netr_Password tmp;
+ cred_hash3(tmp.data, pass->data, creds->session_key, 0);
+ *pass = tmp;
+}
+
+/*
ARCFOUR encrypt/decrypt a password buffer using the session key
*/
void creds_arcfour_crypt(struct creds_CredentialState *creds, char *data, size_t len)
@@ -138,13 +147,30 @@ void creds_client_init(struct creds_CredentialState *creds,
const uint8 machine_password[16],
struct netr_Credential *initial_credential)
{
- creds_init(creds, client_challenge, server_challenge, machine_password);
creds->sequence = time(NULL);
+ creds_init(creds, client_challenge, server_challenge, machine_password);
*initial_credential = creds->client;
}
/*
+ step the credentials to the next element in the chain, updating the
+ current client and server credentials and the seed
+
+ produce the next authenticator in the sequence ready to send to
+ the server
+*/
+void creds_client_authenticator(struct creds_CredentialState *creds,
+ struct netr_Authenticator *next)
+{
+ creds->sequence += 2;
+ creds_step(creds);
+
+ next->cred = creds->client;
+ next->timestamp = creds->sequence;
+}
+
+/*
check that a credentials reply from a server is correct
*/
BOOL creds_client_check(struct creds_CredentialState *creds,
@@ -158,19 +184,6 @@ BOOL creds_client_check(struct creds_CredentialState *creds,
return True;
}
-/*
- produce the next authenticator in the sequence ready to send to
- the server
-*/
-void creds_client_authenticator(struct creds_CredentialState *creds,
- struct netr_Authenticator *next)
-{
- creds_step(creds);
-
- next->cred = creds->client;
- next->timestamp = creds->sequence;
-}
-
/*****************************************************************
The above functions are common to the client and server interface
@@ -207,3 +220,19 @@ BOOL creds_server_check(const struct creds_CredentialState *creds,
return True;
}
+BOOL creds_server_step_check(struct creds_CredentialState *creds,
+ struct netr_Authenticator *received_authenticator,
+ struct netr_Authenticator *return_authenticator)
+{
+ /* Should we check that this is increasing? */
+ creds->sequence = received_authenticator->timestamp;
+ creds_step(creds);
+ if (creds_server_check(creds, &received_authenticator->cred)) {
+ return_authenticator->cred = creds->server;
+ return_authenticator->timestamp = creds->sequence;
+ return True;
+ } else {
+ ZERO_STRUCTP(return_authenticator);
+ return False;
+ }
+}