source3/libsmb/credentials.c

   1 /*
   2    Unix SMB/Netbios implementation.
   3    Version 1.9.
   4    code to manipulate domain credentials
   5    Copyright (C) Andrew Tridgell 1997
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 2 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program; if not, write to the Free Software
  19    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  20 */
  21
  22 #include "includes.h"
  23
  24 extern int DEBUGLEVEL;
  25 /****************************************************************************
  26   setup the session key.
  27 Input: 8 byte challenge block
  28        8 byte server challenge block
  29       16 byte md4 encrypted password
  30 Output:
  31       8 byte session key
  32 ****************************************************************************/
  33 void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass,
  34                        char *session_key)
  35 {
  36         uint32 sum[2];
  37         char sum2[8];
  38         char buf[8];
  39
  40         sum[0] = IVAL(clnt_chal->data, 0) + IVAL(srv_chal->data, 0);
  41         sum[1] = IVAL(clnt_chal->data, 4) + IVAL(srv_chal->data, 4);
  42
  43         SIVAL(sum2,0,sum[0]);
  44         SIVAL(sum2,4,sum[1]);
  45
  46         smbhash(pass  , sum2, buf);
  47         smbhash(pass+9, buf , session_key);
  48
  49         /* debug output*/
  50         DEBUG(4,("cred_session_key\n"));
  51
  52         DEBUG(5,("      clnt_chal: "));
  53         dump_data(5, clnt_chal->data, 8);
  54
  55         DEBUG(5,("      srv_chal: "));
  56         dump_data(5, srv_chal->data, 8);
  57
  58         DEBUG(5,("      clnt_chal+srv_chal: "));
  59         dump_data(5, sum2, 8);
  60
  61         DEBUG(5,("      session_key: "));
  62         dump_data(5, session_key, 16);
  63 }
  64
  65
  66 /****************************************************************************
  67 create a credential
  68
  69 Input:
  70       8 byte sesssion key
  71       8 byte stored credential
  72       4 byte timestamp
  73
  74 Output:
  75       8 byte credential
  76 ****************************************************************************/
  77 void cred_create(char *session_key, DOM_CHAL *stored_cred, UTIME timestamp,
  78                  DOM_CHAL *cred)
  79 {
  80         char key2[7];
  81         char buf[8];
  82         char timecred[8];
  83
  84         memcpy(timecred, stored_cred->data, 8);
  85         SIVAL(timecred, 0, IVAL(stored_cred, 0) + timestamp.time);
  86
  87         smbhash(session_key, timecred, buf);
  88         memset(key2, 0, 7);
  89         key2[0] = session_key[7];
  90         smbhash(key2, buf, cred->data);
  91
  92         /* debug output*/
  93         DEBUG(4,("cred_create\n"));
  94
  95         DEBUG(5,("      session_key: "));
  96         dump_data(5, session_key, 16);
  97
  98         DEBUG(5,("      stored_cred: "));
  99         dump_data(5, stored_cred->data, 8);
 100
 101         DEBUG(5,("      timecred: "));
 102         dump_data(5, timecred, 8);
 103
 104         DEBUG(5,("      cred: "));
 105         dump_data(5, cred->data, 8);
 106 }
 107
 108
 109 /****************************************************************************
 110   check a supplied credential
 111
 112 Input:
 113       8 byte received credential
 114       8 byte sesssion key
 115       8 byte stored credential
 116       4 byte timestamp
 117
 118 Output:
 119       returns 1 if computed credential matches received credential
 120       returns 0 otherwise
 121 ****************************************************************************/
 122 int cred_assert(DOM_CHAL *cred, char *session_key, DOM_CHAL *stored_cred,
 123                 UTIME timestamp)
 124 {
 125         DOM_CHAL cred2;
 126
 127         cred_create(session_key, stored_cred, timestamp, &cred2);
 128
 129         /* debug output*/
 130         DEBUG(4,("cred_assert\n"));
 131
 132         DEBUG(5,("      challenge: "));
 133         dump_data(5, cred->data, 16);
 134
 135         DEBUG(5,("      calculated: "));
 136         dump_data(5, cred2.data, 8);
 137
 138         return memcmp(cred->data, cred2.data, 8) == 0;
 139 }
 140