diff options
author | Luke Leighton <lkcl@samba.org> | 1997-10-25 10:58:18 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1997-10-25 10:58:18 +0000 |
commit | 390c1f3c4d3136b454fa5eb8681fa9ca34eaacc2 (patch) | |
tree | e88107b56beb9fca73376b00fc104dde556a24d0 /source3/libsmb/credentials.c | |
parent | 3a25722080b18de19c89c190e64de89317cabcfa (diff) | |
download | samba-390c1f3c4d3136b454fa5eb8681fa9ca34eaacc2.tar.gz |
Makefile :
adding bits for new nt domain code
byteorder.h :
trying to get macros right, and not to crash on SUNOS5...
client.c :
added #ifdef NTDOMAIN, and created do_nt_login() function. don't
want to have to recompile client.c unless absolutely necessary.
credentials.c :
moved deal_with_creds() [possibly inappropriately] into credentials.c
ipc.c reply.c server.c uid.c :
attempting to make (un)become_root() functions calleable from smbclient.
this is a little tricky: smbclient might have to be another setuid
root program, immediately setuid'ing to non-root, so that we can
reset-uid to root to get at the smbpasswd file. or, have a secure
pipe mechanism to smbd to grab smbpasswd entries. or the like.
smbdes.c smbencrypt.c :
created a function to generate lm and nt owf hashes.
lsaparse.c ntclient.c smbparse.c :
added nt client LSA_AUTH2 code. it works, too!
pipenetlog.c pipentlsa.c pipesrvsvc.c :
simplification. code-shuffling. getting that damn offset right
for the opcode in RPC_HDR.
smb.h :
changed dcinfo xxx_creds to DOM_CRED structures instead of DOM_CHAL.
we might need to store the server times as well.
proto.h :
the usual.
(This used to be commit 82436a3d99d4bdce249ce9ff27fd2ca4b2447e07)
Diffstat (limited to 'source3/libsmb/credentials.c')
-rw-r--r-- | source3/libsmb/credentials.c | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index ee7b1493e15..109a5a1b901 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -135,3 +135,110 @@ int cred_assert(DOM_CHAL *cred, uint32 session_key[2], DOM_CHAL *stored_cred, } } + +/**************************************************************************** + checks credentials; generates next step in the credential chain +****************************************************************************/ +BOOL srv_deal_with_creds(struct dcinfo *dc, DOM_CRED *clnt_cred, DOM_CRED *srv_cred) +{ + UTIME new_clnt_time; + uint32 new_cred; + + DEBUG(5,("deal_with_creds: %d\n", __LINE__)); + + /* check that the client credentials are valid */ + if (!cred_assert(&(clnt_cred->challenge), dc->sess_key, + &(dc->clnt_cred.challenge), clnt_cred->timestamp)) + { + return False; + } + + /* increment client time by one second */ + new_clnt_time.time = clnt_cred->timestamp.time + 1; + + /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */ + new_cred = IVAL(dc->clnt_cred.challenge.data, 0); + new_cred += new_clnt_time.time; + + DEBUG(5,("deal_with_creds: new_cred[0]=%lx\n", new_cred)); + + /* doesn't matter that server time is 0 */ + srv_cred->timestamp.time = 0; + + DEBUG(5,("deal_with_creds: new_clnt_time=%lx\n", new_clnt_time.time)); + + /* create return credentials for inclusion in the reply */ + cred_create(dc->sess_key, &(dc->clnt_cred.challenge), new_clnt_time, + &(srv_cred->challenge)); + + DEBUG(5,("deal_with_creds: clnt_cred[0]=%lx\n", + dc->clnt_cred.challenge.data[0])); + + /* store new seed in client and server credentials */ + SIVAL(dc->clnt_cred.challenge.data, 0, new_cred); + SIVAL(dc->srv_cred .challenge.data, 0, new_cred); + + return True; +} + + +#if 0 +/**************************************************************************** + checks credentials; generates next step in the credential chain +****************************************************************************/ +BOOL clnt_deal_with_creds(struct dcinfo *dc, DOM_CRED *srv_cred, DOM_CRED *clnt_cred) +{ + UTIME new_clnt_time; + uint32 new_cred; + + DEBUG(5,("deal_with_creds: %d\n", __LINE__)); + + /* setup new client time */ + dc->clnt_cred.timestamp.time = time(NULL); + + /* create sent credentials for inclusion in the reply */ + cred_create(dc->sess_key, srv_cred, dc->clnt_cred.timestamp.time, clnt_cred); + + /* increment client time by one second */ + (dc->clnt_cred.timestamp.time)++; + + /* create expected return credentials to be received from server */ + cred_create(dc->sess_key, srv_cred, dc->clnt_cred.timestamp.time, clnt_cred); + + + + /* check that the server credentials are valid */ + if (!cred_assert(&(srv_cred->challenge), dc->sess_key, + &(dc->clnt_cred), clnt_cred->timestamp)) + { + return False; + } + /* increment client time by one second */ + new_clnt_time = (dc->clnt_cred.timestamp.time += 1); + + /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */ + new_cred = IVAL(dc->clnt_cred.data, 0); + new_cred += new_clnt_time.time; + + DEBUG(5,("deal_with_creds: new_cred[0]=%lx\n", new_cred)); + + /* create new client credentials */ + cred_create(dc->sess_key, new_cred, new_clnt_time, clnt_cred); + + DEBUG(5,("deal_with_creds: new_clnt_time=%lx\n", new_clnt_time.time)); + + /* create return credentials for inclusion in the reply + cred_create(dc->sess_key, srv_cred, new_clnt_time, + clnt_cred); + */ + DEBUG(5,("deal_with_creds: clnt_cred[0]=%lx\n", + dc->clnt_cred.data[0])); + + /* store new seed in client and server credentials */ + SIVAL(dc->clnt_cred.data, 0, new_cred); + SIVAL(dc->srv_cred .data, 0, new_cred); + + return True; +} + +#endif |