diff options
Diffstat (limited to 'source4/libcli/auth')
-rw-r--r-- | source4/libcli/auth/credentials.c | 61 |
1 files changed, 45 insertions, 16 deletions
diff --git a/source4/libcli/auth/credentials.c b/source4/libcli/auth/credentials.c index 7d56f26b11..5fa9d5ac4a 100644 --- a/source4/libcli/auth/credentials.c +++ b/source4/libcli/auth/credentials.c @@ -69,8 +69,6 @@ static void creds_step(struct creds_CredentialState *creds) { struct netr_Credential time_cred; - creds->sequence += 2; - DEBUG(5,("\tseed %08x:%08x\n", IVAL(creds->seed.data, 0), IVAL(creds->seed.data, 4))); @@ -98,6 +96,7 @@ static void creds_step(struct creds_CredentialState *creds) creds->seed = time_cred; } + /* DES encrypt a 16 byte password buffer using the session key */ @@ -109,6 +108,16 @@ void creds_des_encrypt(struct creds_CredentialState *creds, struct netr_Password } /* + DES decrypt a 16 byte password buffer using the session key +*/ +void creds_des_decrypt(struct creds_CredentialState *creds, struct netr_Password *pass) +{ + struct netr_Password tmp; + cred_hash3(tmp.data, pass->data, creds->session_key, 0); + *pass = tmp; +} + +/* ARCFOUR encrypt/decrypt a password buffer using the session key */ void creds_arcfour_crypt(struct creds_CredentialState *creds, char *data, size_t len) @@ -138,13 +147,30 @@ void creds_client_init(struct creds_CredentialState *creds, const uint8 machine_password[16], struct netr_Credential *initial_credential) { - creds_init(creds, client_challenge, server_challenge, machine_password); creds->sequence = time(NULL); + creds_init(creds, client_challenge, server_challenge, machine_password); *initial_credential = creds->client; } /* + step the credentials to the next element in the chain, updating the + current client and server credentials and the seed + + produce the next authenticator in the sequence ready to send to + the server +*/ +void creds_client_authenticator(struct creds_CredentialState *creds, + struct netr_Authenticator *next) +{ + creds->sequence += 2; + creds_step(creds); + + next->cred = creds->client; + next->timestamp = creds->sequence; +} + +/* check that a credentials reply from a server is correct */ BOOL creds_client_check(struct creds_CredentialState *creds, @@ -158,19 +184,6 @@ BOOL creds_client_check(struct creds_CredentialState *creds, return True; } -/* - produce the next authenticator in the sequence ready to send to - the server -*/ -void creds_client_authenticator(struct creds_CredentialState *creds, - struct netr_Authenticator *next) -{ - creds_step(creds); - - next->cred = creds->client; - next->timestamp = creds->sequence; -} - /***************************************************************** The above functions are common to the client and server interface @@ -207,3 +220,19 @@ BOOL creds_server_check(const struct creds_CredentialState *creds, return True; } +BOOL creds_server_step_check(struct creds_CredentialState *creds, + struct netr_Authenticator *received_authenticator, + struct netr_Authenticator *return_authenticator) +{ + /* Should we check that this is increasing? */ + creds->sequence = received_authenticator->timestamp; + creds_step(creds); + if (creds_server_check(creds, &received_authenticator->cred)) { + return_authenticator->cred = creds->server; + return_authenticator->timestamp = creds->sequence; + return True; + } else { + ZERO_STRUCTP(return_authenticator); + return False; + } +} |