2 Unix SMB/Netbios implementation.
4 code to manipulate domain credentials
5 Copyright (C) Andrew Tridgell 1997
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 extern int DEBUGLEVEL;
25 /****************************************************************************
26 setup the session key.
27 Input: 8 byte challenge block
28 8 byte server challenge block
29 16 byte md4 encrypted password
32 ****************************************************************************/
33 void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass,
40 sum[0] = IVAL(clnt_chal->data, 0) + IVAL(srv_chal->data, 0);
41 sum[1] = IVAL(clnt_chal->data, 4) + IVAL(srv_chal->data, 4);
46 smbhash(pass , sum2, buf);
47 smbhash(pass+9, buf , session_key);
50 DEBUG(4,("cred_session_key\n"));
52 DEBUG(5,(" clnt_chal: "));
53 dump_data(5, clnt_chal->data, 8);
55 DEBUG(5,(" srv_chal: "));
56 dump_data(5, srv_chal->data, 8);
58 DEBUG(5,(" clnt_chal+srv_chal: "));
59 dump_data(5, sum2, 8);
61 DEBUG(5,(" session_key: "));
62 dump_data(5, session_key, 16);
66 /****************************************************************************
71 8 byte stored credential
76 ****************************************************************************/
77 void cred_create(char *session_key, DOM_CHAL *stored_cred, UTIME timestamp,
84 memcpy(timecred, stored_cred->data, 8);
85 SIVAL(timecred, 0, IVAL(stored_cred, 0) + timestamp.time);
87 smbhash(session_key, timecred, buf);
89 key2[0] = session_key[7];
90 smbhash(key2, buf, cred->data);
93 DEBUG(4,("cred_create\n"));
95 DEBUG(5,(" session_key: "));
96 dump_data(5, session_key, 16);
98 DEBUG(5,(" stored_cred: "));
99 dump_data(5, stored_cred->data, 8);
101 DEBUG(5,(" timecred: "));
102 dump_data(5, timecred, 8);
104 DEBUG(5,(" cred: "));
105 dump_data(5, cred->data, 8);
109 /****************************************************************************
110 check a supplied credential
113 8 byte received credential
115 8 byte stored credential
119 returns 1 if computed credential matches received credential
121 ****************************************************************************/
122 int cred_assert(DOM_CHAL *cred, char *session_key, DOM_CHAL *stored_cred,
127 cred_create(session_key, stored_cred, timestamp, &cred2);
130 DEBUG(4,("cred_assert\n"));
132 DEBUG(5,(" challenge: "));
133 dump_data(5, cred->data, 16);
135 DEBUG(5,(" calculated: "));
136 dump_data(5, cred2.data, 8);
138 return memcmp(cred->data, cred2.data, 8) == 0;