sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code

libcli/auth: add netlogon_creds_step_crypt() and netlogon_creds_first_step()

Browse Source 
This abstracts the usage of crypto functions instead of directly calling
des_crypt112().

metze

Signed-off-by: Günther Deschner <gd@samba.org>
This commit is contained in:
Stefan Metzmacher 2009-08-25 11:25:47 +02:00 committed by Günther Deschner
parent a69d8ab35c
commit 8d58472706
1 changed files with 21 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
libcli/auth/credentials.c
View File

@ -25,6 +25,13 @@
#include "../lib/crypto/crypto.h" #include "../lib/crypto/crypto.h"
#include "libcli/auth/libcli_auth.h" #include "libcli/auth/libcli_auth.h"
static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds,
const struct netr_Credential *in,
struct netr_Credential *out)
{
des_crypt112(out->data, in->data, creds->session_key, 1);
}
/* /*
initialise the credentials state for old-style 64 bit session keys initialise the credentials state for old-style 64 bit session keys
@ -47,11 +54,6 @@ static void netlogon_creds_init_64bit(struct netlogon_creds_CredentialState *cre
ZERO_STRUCT(creds->session_key); ZERO_STRUCT(creds->session_key);
des_crypt128(creds->session_key, sum2, machine_password->hash); des_crypt128(creds->session_key, sum2, machine_password->hash);
des_crypt112(creds->client.data, client_challenge->data, creds->session_key, 1);
des_crypt112(creds->server.data, server_challenge->data, creds->session_key, 1);
creds->seed = creds->client;
} }
/* /*
@ -80,14 +82,19 @@ static void netlogon_creds_init_128bit(struct netlogon_creds_CredentialState *cr
MD5Final(tmp, &md5); MD5Final(tmp, &md5);
hmac_md5_update(tmp, sizeof(tmp), &ctx); hmac_md5_update(tmp, sizeof(tmp), &ctx);
hmac_md5_final(creds->session_key, &ctx); hmac_md5_final(creds->session_key, &ctx);
}
des_crypt112(creds->client.data, client_challenge->data, creds->session_key, 1); static void netlogon_creds_first_step(struct netlogon_creds_CredentialState *creds,
des_crypt112(creds->server.data, server_challenge->data, creds->session_key, 1); const struct netr_Credential *client_challenge,
const struct netr_Credential *server_challenge)
{
netlogon_creds_step_crypt(creds, client_challenge, &creds->client);
netlogon_creds_step_crypt(creds, server_challenge, &creds->server);
creds->seed = creds->client; creds->seed = creds->client;
} }
/* /*
step the credentials to the next element in the chain, updating the step the credentials to the next element in the chain, updating the
current client and server credentials and the seed current client and server credentials and the seed
@ -104,7 +111,7 @@ static void netlogon_creds_step(struct netlogon_creds_CredentialState *creds)
DEBUG(5,("\tseed+time %08x:%08x\n", IVAL(time_cred.data, 0), IVAL(time_cred.data, 4))); DEBUG(5,("\tseed+time %08x:%08x\n", IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
des_crypt112(creds->client.data, time_cred.data, creds->session_key, 1); netlogon_creds_step_crypt(creds, &time_cred, &creds->client);
DEBUG(5,("\tCLIENT %08x:%08x\n", DEBUG(5,("\tCLIENT %08x:%08x\n",
IVAL(creds->client.data, 0), IVAL(creds->client.data, 4))); IVAL(creds->client.data, 0), IVAL(creds->client.data, 4)));
@ -115,7 +122,7 @@ static void netlogon_creds_step(struct netlogon_creds_CredentialState *creds)
DEBUG(5,("\tseed+time+1 %08x:%08x\n", DEBUG(5,("\tseed+time+1 %08x:%08x\n",
IVAL(time_cred.data, 0), IVAL(time_cred.data, 4))); IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
des_crypt112(creds->server.data, time_cred.data, creds->session_key, 1); netlogon_creds_step_crypt(creds, &time_cred, &creds->server);
DEBUG(5,("\tSERVER %08x:%08x\n", DEBUG(5,("\tSERVER %08x:%08x\n",
IVAL(creds->server.data, 0), IVAL(creds->server.data, 4))); IVAL(creds->server.data, 0), IVAL(creds->server.data, 4)));
@ -225,6 +232,8 @@ struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *me
netlogon_creds_init_64bit(creds, client_challenge, server_challenge, machine_password); netlogon_creds_init_64bit(creds, client_challenge, server_challenge, machine_password);
} }
netlogon_creds_first_step(creds, client_challenge, server_challenge);
dump_data_pw("Session key", creds->session_key, 16); dump_data_pw("Session key", creds->session_key, 16);
dump_data_pw("Credential ", creds->client.data, 8); dump_data_pw("Credential ", creds->client.data, 8);
@ -346,6 +355,8 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
machine_password); machine_password);
} }
netlogon_creds_first_step(creds, client_challenge, server_challenge);
/* And before we leak information about the machine account /* And before we leak information about the machine account
* password, check that they got the first go right */ * password, check that they got the first go right */
if (!netlogon_creds_server_check_internal(creds, credentials_in)) { if (!netlogon_creds_server_check_internal(creds, credentials_in)) {