diff options
author | Jeremy Allison <jra@samba.org> | 2006-02-09 07:03:23 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:09:59 -0500 |
commit | ad8b47a2ba4e81420bc2272e8438a727cc2223ee (patch) | |
tree | b6f23560649f3b54aa3458d3c8667f145805ec5b /source3/libsmb/credentials.c | |
parent | cf7c47aac990f67e1829a7e4b9d3550b7e93739b (diff) | |
download | samba-ad8b47a2ba4e81420bc2272e8438a727cc2223ee.tar.gz |
r13407: Change the credentials code to be more like the Samba4 structure,
makes fixes much easier to port. Fix the size of dc->sess_key to
be 16 bytes, not 8 bytes - only store 8 bytes in the inter-smbd
store in secrets.tdb though. Should fix some uses of the dc->sess_key
where we where assuming we could read 16 bytes.
Jeremy.
(This used to be commit 5b3c2e63c73fee8949108abe19ac7a448a033a7f)
Diffstat (limited to 'source3/libsmb/credentials.c')
-rw-r--r-- | source3/libsmb/credentials.c | 97 |
1 files changed, 40 insertions, 57 deletions
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index ad06cd9015f..795c30d12d6 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -36,38 +36,52 @@ char *credstr(const uchar *cred) /**************************************************************************** - Setup the session key. - Input: 8 byte challenge block - 8 byte server challenge block - 16 byte md4 encrypted password - Output: - 16 byte session key (last 8 bytes zero). + Setup the session key and the client and server creds in dc. + Used by both client and server creds setup. ****************************************************************************/ -static void cred_create_session_key(const DOM_CHAL *clnt_chal_in, +static void creds_init_64(struct dcinfo *dc, + const DOM_CHAL *clnt_chal_in, const DOM_CHAL *srv_chal_in, - const uchar *pass_in, - uchar session_key_out[16]) + const char mach_pw[16]) { uint32 sum[2]; unsigned char sum2[8]; + /* Just in case this isn't already there */ + memcpy(dc->mach_pw, mach_pw, 16); + sum[0] = IVAL(clnt_chal_in->data, 0) + IVAL(srv_chal_in->data, 0); sum[1] = IVAL(clnt_chal_in->data, 4) + IVAL(srv_chal_in->data, 4); SIVAL(sum2,0,sum[0]); SIVAL(sum2,4,sum[1]); - cred_hash1(session_key_out, sum2, pass_in); - memset(&session_key_out[8], '\0', 8); + ZERO_STRUCT(dc->sess_key); - /* debug output */ - DEBUG(4,("cred_create_session_key\n")); + des_crypt128(dc->sess_key, sum2, dc->mach_pw); + /* debug output */ + DEBUG(5,("creds_init_64\n")); DEBUG(5,(" clnt_chal_in: %s\n", credstr(clnt_chal_in->data))); DEBUG(5,(" srv_chal_in : %s\n", credstr(srv_chal_in->data))); DEBUG(5,(" clnt+srv : %s\n", credstr(sum2))); - DEBUG(5,(" sess_key_out : %s\n", credstr(session_key_out))); + DEBUG(5,(" sess_key_out : %s\n", credstr(dc->sess_key))); + + /* Generate the next client and server creds. */ + + des_crypt112(dc->clnt_chal.data, /* output */ + clnt_chal_in->data, /* input */ + dc->sess_key, /* input */ + 1); + + des_crypt112(dc->srv_chal.data, /* output */ + srv_chal_in->data, /* input */ + dc->sess_key, /* input */ + 1); + + /* Seed is the client chal. */ + memcpy(dc->seed_chal.data, dc->clnt_chal.data, 8); } /**************************************************************************** @@ -88,7 +102,7 @@ static void creds_step(struct dcinfo *dc) DEBUG(5,("\tseed+seq %s\n", credstr(time_chal.data) )); - cred_hash2(dc->clnt_chal.data, time_chal.data, dc->sess_key); + des_crypt112(dc->clnt_chal.data, time_chal.data, dc->sess_key, 1); DEBUG(5,("\tCLIENT %s\n", credstr(dc->clnt_chal.data) )); @@ -97,12 +111,11 @@ static void creds_step(struct dcinfo *dc) DEBUG(5,("\tseed+seq+1 %s\n", credstr(time_chal.data) )); - cred_hash2(dc->srv_chal.data, time_chal.data, dc->sess_key); + des_crypt112(dc->srv_chal.data, time_chal.data, dc->sess_key, 1); DEBUG(5,("\tSERVER %s\n", credstr(dc->srv_chal.data) )); } - /**************************************************************************** Create a server credential struct. ****************************************************************************/ @@ -117,29 +130,14 @@ void creds_server_init(struct dcinfo *dc, DEBUG(10,("creds_server_init: server chal : %s\n", credstr(srv_chal->data) )); dump_data_pw("creds_server_init: machine pass", (const unsigned char *)mach_pw, 16); - /* Just in case this isn't already there */ - memcpy(dc->mach_pw, mach_pw, 16); - - /* Generate the session key. */ - cred_create_session_key(clnt_chal, /* Stored client challenge. */ - srv_chal, /* Stored server challenge. */ - dc->mach_pw, /* input machine password. */ - dc->sess_key); /* output session key. */ + /* Generate the session key and the next client and server creds. */ + creds_init_64(dc, + clnt_chal, + srv_chal, + mach_pw); dump_data_pw("creds_server_init: session key", dc->sess_key, 16); - /* Generate the next client and server creds. */ - cred_hash2(dc->clnt_chal.data, /* output */ - clnt_chal->data, /* input */ - dc->sess_key); /* input */ - - cred_hash2(dc->srv_chal.data, /* output */ - srv_chal->data, /* input */ - dc->sess_key); /* input */ - - /* Seed is the client chal. */ - memcpy(dc->seed_chal.data, dc->clnt_chal.data, 8); - DEBUG(10,("creds_server_init: clnt : %s\n", credstr(dc->clnt_chal.data) )); DEBUG(10,("creds_server_init: server : %s\n", credstr(dc->srv_chal.data) )); DEBUG(10,("creds_server_init: seed : %s\n", credstr(dc->seed_chal.data) )); @@ -214,29 +212,14 @@ void creds_client_init(struct dcinfo *dc, DEBUG(10,("creds_client_init: server chal : %s\n", credstr(srv_chal->data) )); dump_data_pw("creds_client_init: machine pass", (const unsigned char *)mach_pw, 16); - /* Just in case this isn't already there */ - memcpy(dc->mach_pw, mach_pw, 16); - - /* Generate the session key. */ - cred_create_session_key(clnt_chal, /* Stored client challenge. */ - srv_chal, /* Stored server challenge. */ - dc->mach_pw, /* input machine password. */ - dc->sess_key); /* output session key. */ + /* Generate the session key and the next client and server creds. */ + creds_init_64(dc, + clnt_chal, + srv_chal, + mach_pw); dump_data_pw("creds_client_init: session key", dc->sess_key, 16); - /* Generate the next client and server creds. */ - cred_hash2(dc->clnt_chal.data, /* output */ - clnt_chal->data, /* input */ - dc->sess_key); /* input */ - - cred_hash2(dc->srv_chal.data, /* output */ - srv_chal->data, /* input */ - dc->sess_key); /* input */ - - /* Seed is the client cred. */ - memcpy(dc->seed_chal.data, dc->clnt_chal.data, 8); - DEBUG(10,("creds_client_init: clnt : %s\n", credstr(dc->clnt_chal.data) )); DEBUG(10,("creds_client_init: server : %s\n", credstr(dc->srv_chal.data) )); DEBUG(10,("creds_client_init: seed : %s\n", credstr(dc->seed_chal.data) )); |