mirror of
https://github.com/samba-team/samba.git
synced 2025-08-04 08:22:08 +03:00
Makefile :
adding bits for new nt domain code byteorder.h : trying to get macros right, and not to crash on SUNOS5... client.c : added #ifdef NTDOMAIN, and created do_nt_login() function. don't want to have to recompile client.c unless absolutely necessary. credentials.c : moved deal_with_creds() [possibly inappropriately] into credentials.c ipc.c reply.c server.c uid.c : attempting to make (un)become_root() functions calleable from smbclient. this is a little tricky: smbclient might have to be another setuid root program, immediately setuid'ing to non-root, so that we can reset-uid to root to get at the smbpasswd file. or, have a secure pipe mechanism to smbd to grab smbpasswd entries. or the like. smbdes.c smbencrypt.c : created a function to generate lm and nt owf hashes. lsaparse.c ntclient.c smbparse.c : added nt client LSA_AUTH2 code. it works, too! pipenetlog.c pipentlsa.c pipesrvsvc.c : simplification. code-shuffling. getting that damn offset right for the opcode in RPC_HDR. smb.h : changed dcinfo xxx_creds to DOM_CRED structures instead of DOM_CHAL. we might need to store the server times as well. proto.h : the usual.
This commit is contained in:
Luke Leighton
@ -135,3 +135,110 @@ int cred_assert(DOM_CHAL *cred, uint32 session_key[2], DOM_CHAL *stored_cred,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
checks credentials; generates next step in the credential chain
|
||||
****************************************************************************/
|
||||
BOOL srv_deal_with_creds(struct dcinfo *dc, DOM_CRED *clnt_cred, DOM_CRED *srv_cred)
|
||||
{
|
||||
UTIME new_clnt_time;
|
||||
uint32 new_cred;
|
||||
|
||||
DEBUG(5,("deal_with_creds: %d\n", __LINE__));
|
||||
|
||||
/* check that the client credentials are valid */
|
||||
if (!cred_assert(&(clnt_cred->challenge), dc->sess_key,
|
||||
&(dc->clnt_cred.challenge), clnt_cred->timestamp))
|
||||
{
|
||||
return False;
|
||||
}
|
||||
|
||||
/* increment client time by one second */
|
||||
new_clnt_time.time = clnt_cred->timestamp.time + 1;
|
||||
|
||||
/* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */
|
||||
new_cred = IVAL(dc->clnt_cred.challenge.data, 0);
|
||||
new_cred += new_clnt_time.time;
|
||||
|
||||
DEBUG(5,("deal_with_creds: new_cred[0]=%lx\n", new_cred));
|
||||
|
||||
/* doesn't matter that server time is 0 */
|
||||
srv_cred->timestamp.time = 0;
|
||||
|
||||
DEBUG(5,("deal_with_creds: new_clnt_time=%lx\n", new_clnt_time.time));
|
||||
|
||||
/* create return credentials for inclusion in the reply */
|
||||
cred_create(dc->sess_key, &(dc->clnt_cred.challenge), new_clnt_time,
|
||||
&(srv_cred->challenge));
|
||||
|
||||
DEBUG(5,("deal_with_creds: clnt_cred[0]=%lx\n",
|
||||
dc->clnt_cred.challenge.data[0]));
|
||||
|
||||
/* store new seed in client and server credentials */
|
||||
SIVAL(dc->clnt_cred.challenge.data, 0, new_cred);
|
||||
SIVAL(dc->srv_cred .challenge.data, 0, new_cred);
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
|
||||
#if 0
|
||||
/****************************************************************************
|
||||
checks credentials; generates next step in the credential chain
|
||||
****************************************************************************/
|
||||
BOOL clnt_deal_with_creds(struct dcinfo *dc, DOM_CRED *srv_cred, DOM_CRED *clnt_cred)
|
||||
{
|
||||
UTIME new_clnt_time;
|
||||
uint32 new_cred;
|
||||
|
||||
DEBUG(5,("deal_with_creds: %d\n", __LINE__));
|
||||
|
||||
/* setup new client time */
|
||||
dc->clnt_cred.timestamp.time = time(NULL);
|
||||
|
||||
/* create sent credentials for inclusion in the reply */
|
||||
cred_create(dc->sess_key, srv_cred, dc->clnt_cred.timestamp.time, clnt_cred);
|
||||
|
||||
/* increment client time by one second */
|
||||
(dc->clnt_cred.timestamp.time)++;
|
||||
|
||||
/* create expected return credentials to be received from server */
|
||||
cred_create(dc->sess_key, srv_cred, dc->clnt_cred.timestamp.time, clnt_cred);
|
||||
|
||||
|
||||
|
||||
/* check that the server credentials are valid */
|
||||
if (!cred_assert(&(srv_cred->challenge), dc->sess_key,
|
||||
&(dc->clnt_cred), clnt_cred->timestamp))
|
||||
{
|
||||
return False;
|
||||
}
|
||||
/* increment client time by one second */
|
||||
new_clnt_time = (dc->clnt_cred.timestamp.time += 1);
|
||||
|
||||
/* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */
|
||||
new_cred = IVAL(dc->clnt_cred.data, 0);
|
||||
new_cred += new_clnt_time.time;
|
||||
|
||||
DEBUG(5,("deal_with_creds: new_cred[0]=%lx\n", new_cred));
|
||||
|
||||
/* create new client credentials */
|
||||
cred_create(dc->sess_key, new_cred, new_clnt_time, clnt_cred);
|
||||
|
||||
DEBUG(5,("deal_with_creds: new_clnt_time=%lx\n", new_clnt_time.time));
|
||||
|
||||
/* create return credentials for inclusion in the reply
|
||||
cred_create(dc->sess_key, srv_cred, new_clnt_time,
|
||||
clnt_cred);
|
||||
*/
|
||||
DEBUG(5,("deal_with_creds: clnt_cred[0]=%lx\n",
|
||||
dc->clnt_cred.data[0]));
|
||||
|
||||
/* store new seed in client and server credentials */
|
||||
SIVAL(dc->clnt_cred.data, 0, new_cred);
|
||||
SIVAL(dc->srv_cred .data, 0, new_cred);
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user