From 401c0a6551efe2ac574d4fa0337c15ee2dd61da7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 15 Feb 2008 13:51:54 +0100 Subject: Add netlogon_creds_client_check and netlogon_creds_client_step. Guenther (This used to be commit 41d33a2507e3fae7837bb8e42b1ac30cc31c31dc) --- source3/libsmb/credentials.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'source3/libsmb/credentials.c') diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index 1256a6210e..f03bf22df1 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -329,6 +329,25 @@ bool creds_client_check(const struct dcinfo *dc, const DOM_CHAL *rcv_srv_chal_in return True; } +bool netlogon_creds_client_check(const struct dcinfo *dc, + const struct netr_Credential *rcv_srv_chal_in) +{ + if (memcmp(dc->srv_chal.data, rcv_srv_chal_in->data, + sizeof(dc->srv_chal.data))) { + + DEBUG(0,("netlogon_creds_client_check: credentials check failed.\n")); + DEBUGADD(5,("netlogon_creds_client_check: challenge : %s\n", + credstr(rcv_srv_chal_in->data))); + DEBUGADD(5,("calculated: %s\n", credstr(dc->srv_chal.data))); + return false; + } + + DEBUG(10,("netlogon_creds_client_check: credentials check OK.\n")); + + return true; +} + + /**************************************************************************** Step the client credentials to the next element in the chain, updating the current client and server credentials and the seed @@ -345,3 +364,15 @@ void creds_client_step(struct dcinfo *dc, DOM_CRED *next_cred_out) next_cred_out->challenge = dc->clnt_chal; next_cred_out->timestamp.time = dc->sequence; } + +void netlogon_creds_client_step(struct dcinfo *dc, + struct netr_Authenticator *next_cred_out) +{ + dc->sequence += 2; + creds_step(dc); + creds_reseed(dc); + + memcpy(&next_cred_out->cred.data, &dc->clnt_chal.data, + sizeof(next_cred_out->cred.data)); + next_cred_out->timestamp = dc->sequence; +} -- cgit From f8bd3e82e5eda052ede2d294f08165cb23df9d90 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 15 Feb 2008 17:30:38 +0100 Subject: Add netlogon_creds_server_check and netlogon_creds_server_step. Guenther (This used to be commit ea0bf74918e7b009439452ea14ed68b0ce620787) --- source3/libsmb/credentials.c | 45 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) (limited to 'source3/libsmb/credentials.c') diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index f03bf22df1..0043f4e6a9 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -225,6 +225,21 @@ bool creds_server_check(const struct dcinfo *dc, const DOM_CHAL *rcv_cli_chal_in return True; } +bool netlogon_creds_server_check(const struct dcinfo *dc, + const struct netr_Credential *rcv_cli_chal_in) +{ + if (memcmp(dc->clnt_chal.data, rcv_cli_chal_in->data, 8)) { + DEBUG(5,("netlogon_creds_server_check: challenge : %s\n", + credstr(rcv_cli_chal_in->data))); + DEBUG(5,("calculated: %s\n", credstr(dc->clnt_chal.data))); + DEBUG(2,("netlogon_creds_server_check: credentials check failed.\n")); + return false; + } + + DEBUG(10,("netlogon_creds_server_check: credentials check OK.\n")); + + return true; +} /**************************************************************************** Replace current seed chal. Internal function - due to split server step below. ****************************************************************************/ @@ -273,6 +288,36 @@ bool creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRE return True; } +bool netlogon_creds_server_step(struct dcinfo *dc, + const struct netr_Authenticator *received_cred, + struct netr_Authenticator *cred_out) +{ + bool ret; + struct dcinfo tmp_dc = *dc; + + /* Do all operations on a temporary copy of the dc, + which we throw away if the checks fail. */ + + tmp_dc.sequence = received_cred->timestamp; + + creds_step(&tmp_dc); + + /* Create the outgoing credentials */ + cred_out->timestamp = tmp_dc.sequence + 1; + memcpy(&cred_out->cred, &tmp_dc.srv_chal, sizeof(cred_out->cred)); + + creds_reseed(&tmp_dc); + + ret = netlogon_creds_server_check(&tmp_dc, &received_cred->cred); + if (!ret) { + return false; + } + + /* creds step succeeded - replace the current creds. */ + *dc = tmp_dc; + return true; +} + /**************************************************************************** Create a client credential struct. ****************************************************************************/ -- cgit From 3f24ef18481417fd7d52856b3d68bec099a7b643 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 15 Feb 2008 23:57:19 +0100 Subject: Replace DOM_CHAL with "struct netr_Credential" where we can right now. This allows to remove some more old netlogon client calls. Guenther (This used to be commit c0b1a876583230a5130f5df1965d6c742961bcdc) --- source3/libsmb/credentials.c | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) (limited to 'source3/libsmb/credentials.c') diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index 0043f4e6a9..328b931df0 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -42,9 +42,9 @@ char *credstr(const unsigned char *cred) ****************************************************************************/ static void creds_init_128(struct dcinfo *dc, - const DOM_CHAL *clnt_chal_in, - const DOM_CHAL *srv_chal_in, - const unsigned char mach_pw[16]) + const struct netr_Credential *clnt_chal_in, + const struct netr_Credential *srv_chal_in, + const unsigned char mach_pw[16]) { unsigned char zero[4], tmp[16]; HMACMD5Context ctx; @@ -94,9 +94,9 @@ static void creds_init_128(struct dcinfo *dc, ****************************************************************************/ static void creds_init_64(struct dcinfo *dc, - const DOM_CHAL *clnt_chal_in, - const DOM_CHAL *srv_chal_in, - const unsigned char mach_pw[16]) + const struct netr_Credential *clnt_chal_in, + const struct netr_Credential *srv_chal_in, + const unsigned char mach_pw[16]) { uint32 sum[2]; unsigned char sum2[8]; @@ -177,10 +177,10 @@ static void creds_step(struct dcinfo *dc) void creds_server_init(uint32 neg_flags, struct dcinfo *dc, - DOM_CHAL *clnt_chal, - DOM_CHAL *srv_chal, + struct netr_Credential *clnt_chal, + struct netr_Credential *srv_chal, const unsigned char mach_pw[16], - DOM_CHAL *init_chal_out) + struct netr_Credential *init_chal_out) { DEBUG(10,("creds_server_init: neg_flags : %x\n", (unsigned int)neg_flags)); DEBUG(10,("creds_server_init: client chal : %s\n", credstr(clnt_chal->data) )); @@ -246,7 +246,7 @@ bool netlogon_creds_server_check(const struct dcinfo *dc, static void creds_reseed(struct dcinfo *dc) { - DOM_CHAL time_chal; + struct netr_Credential time_chal; SIVAL(time_chal.data, 0, IVAL(dc->seed_chal.data, 0) + dc->sequence + 1); SIVAL(time_chal.data, 4, IVAL(dc->seed_chal.data, 4)); @@ -274,7 +274,8 @@ bool creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRE /* Create the outgoing credentials */ cred_out->timestamp.time = tmp_dc.sequence + 1; - cred_out->challenge = tmp_dc.srv_chal; + memcpy(&cred_out->challenge.data, tmp_dc.srv_chal.data, + sizeof(cred_out->challenge.data)); creds_reseed(&tmp_dc); @@ -324,10 +325,10 @@ bool netlogon_creds_server_step(struct dcinfo *dc, void creds_client_init(uint32 neg_flags, struct dcinfo *dc, - DOM_CHAL *clnt_chal, - DOM_CHAL *srv_chal, + struct netr_Credential *clnt_chal, + struct netr_Credential *srv_chal, const unsigned char mach_pw[16], - DOM_CHAL *init_chal_out) + struct netr_Credential *init_chal_out) { dc->sequence = time(NULL); @@ -406,7 +407,8 @@ void creds_client_step(struct dcinfo *dc, DOM_CRED *next_cred_out) creds_step(dc); creds_reseed(dc); - next_cred_out->challenge = dc->clnt_chal; + memcpy(&next_cred_out->challenge.data, dc->clnt_chal.data, + sizeof(next_cred_out->challenge.data)); next_cred_out->timestamp.time = dc->sequence; } -- cgit From b6285fc0526ff15250242489047bb8d49a1948e6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 16 Feb 2008 15:14:04 +0100 Subject: Remove unused creds_server_check and creds_server_step. Guenther (This used to be commit 2fb73a3545634982d17d3823cb629f06c5779fc0) --- source3/libsmb/credentials.c | 41 ----------------------------------------- 1 file changed, 41 deletions(-) (limited to 'source3/libsmb/credentials.c') diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index 328b931df0..2dcbdf3cf9 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -213,18 +213,6 @@ void creds_server_init(uint32 neg_flags, Check a credential sent by the client. ****************************************************************************/ -bool creds_server_check(const struct dcinfo *dc, const DOM_CHAL *rcv_cli_chal_in) -{ - if (memcmp(dc->clnt_chal.data, rcv_cli_chal_in->data, 8)) { - DEBUG(5,("creds_server_check: challenge : %s\n", credstr(rcv_cli_chal_in->data))); - DEBUG(5,("calculated: %s\n", credstr(dc->clnt_chal.data))); - DEBUG(2,("creds_server_check: credentials check failed.\n")); - return False; - } - DEBUG(10,("creds_server_check: credentials check OK.\n")); - return True; -} - bool netlogon_creds_server_check(const struct dcinfo *dc, const struct netr_Credential *rcv_cli_chal_in) { @@ -260,35 +248,6 @@ static void creds_reseed(struct dcinfo *dc) Step the server credential chain one forward. ****************************************************************************/ -bool creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRED *cred_out) -{ - bool ret; - struct dcinfo tmp_dc = *dc; - - /* Do all operations on a temporary copy of the dc, - which we throw away if the checks fail. */ - - tmp_dc.sequence = received_cred->timestamp.time; - - creds_step(&tmp_dc); - - /* Create the outgoing credentials */ - cred_out->timestamp.time = tmp_dc.sequence + 1; - memcpy(&cred_out->challenge.data, tmp_dc.srv_chal.data, - sizeof(cred_out->challenge.data)); - - creds_reseed(&tmp_dc); - - ret = creds_server_check(&tmp_dc, &received_cred->challenge); - if (!ret) { - return False; - } - - /* creds step succeeded - replace the current creds. */ - *dc = tmp_dc; - return True; -} - bool netlogon_creds_server_step(struct dcinfo *dc, const struct netr_Authenticator *received_cred, struct netr_Authenticator *cred_out) -- cgit From 5b8ebcf397e40bf1f9555c34fadbab2d7b5bf717 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sun, 17 Feb 2008 03:08:42 +0100 Subject: Remove unused creds_client_check and creds_client_step. Guenther (This used to be commit 1dcb32424d16cff968a8713352c93c48dec58674) --- source3/libsmb/credentials.c | 23 ----------------------- 1 file changed, 23 deletions(-) (limited to 'source3/libsmb/credentials.c') diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index 2dcbdf3cf9..9d33e6d93d 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -322,18 +322,6 @@ void creds_client_init(uint32 neg_flags, Check a credential returned by the server. ****************************************************************************/ -bool creds_client_check(const struct dcinfo *dc, const DOM_CHAL *rcv_srv_chal_in) -{ - if (memcmp(dc->srv_chal.data, rcv_srv_chal_in->data, 8)) { - DEBUG(5,("creds_client_check: challenge : %s\n", credstr(rcv_srv_chal_in->data))); - DEBUG(5,("calculated: %s\n", credstr(dc->srv_chal.data))); - DEBUG(0,("creds_client_check: credentials check failed.\n")); - return False; - } - DEBUG(10,("creds_client_check: credentials check OK.\n")); - return True; -} - bool netlogon_creds_client_check(const struct dcinfo *dc, const struct netr_Credential *rcv_srv_chal_in) { @@ -360,17 +348,6 @@ bool netlogon_creds_client_check(const struct dcinfo *dc, the server ****************************************************************************/ -void creds_client_step(struct dcinfo *dc, DOM_CRED *next_cred_out) -{ - dc->sequence += 2; - creds_step(dc); - creds_reseed(dc); - - memcpy(&next_cred_out->challenge.data, dc->clnt_chal.data, - sizeof(next_cred_out->challenge.data)); - next_cred_out->timestamp.time = dc->sequence; -} - void netlogon_creds_client_step(struct dcinfo *dc, struct netr_Authenticator *next_cred_out) { -- cgit