2 Unix SMB/Netbios implementation.
4 code to manipulate domain credentials
5 Copyright (C) Andrew Tridgell 1997
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 extern int DEBUGLEVEL;
25 /****************************************************************************
26 setup the session key.
27 Input: 8 byte challenge block
28 8 byte server challenge block
29 16 byte md4 encrypted password
32 ****************************************************************************/
33 void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass,
34 uint32 session_key[2])
37 unsigned char sum2[8];
38 unsigned char netsesskey[8];
40 sum[0] = IVAL(clnt_chal->data, 0) + IVAL(srv_chal->data, 0);
41 sum[1] = IVAL(clnt_chal->data, 4) + IVAL(srv_chal->data, 4);
46 cred_hash1(netsesskey, sum2,(unsigned char *)pass);
48 session_key[0] = IVAL(netsesskey, 0);
49 session_key[1] = IVAL(netsesskey, 4);
52 DEBUG(4,("cred_session_key\n"));
54 DEBUG(5,(" clnt_chal: %lx %lx\n", clnt_chal->data[0], clnt_chal->data[1]));
55 DEBUG(5,(" srv_chal : %lx %lx\n", srv_chal ->data[0], srv_chal ->data[1]));
56 DEBUG(5,(" clnt+srv : %lx %lx\n", sum [0], sum [1]));
57 DEBUG(5,(" sess_key : %lx %lx\n", session_key [0], session_key [1]));
61 /****************************************************************************
66 8 byte stored credential
71 ****************************************************************************/
72 void cred_create(uint32 session_key[2], DOM_CHAL *stor_cred, UTIME timestamp,
75 unsigned char calc_cred[8];
76 unsigned char timecred[8];
77 unsigned char netsesskey[8];
79 SIVAL(netsesskey, 0, session_key[0]);
80 SIVAL(netsesskey, 4, session_key[1]);
82 SIVAL(timecred, 0, IVAL(stor_cred, 0) + timestamp.time);
83 SIVAL(timecred, 4, IVAL(stor_cred, 4));
85 cred_hash2(calc_cred, timecred, netsesskey);
87 cred->data[0] = IVAL(calc_cred, 0);
88 cred->data[1] = IVAL(calc_cred, 4);
91 DEBUG(4,("cred_create\n"));
93 DEBUG(5,(" sess_key : %lx %lx\n", session_key [0], session_key [1]));
94 DEBUG(5,(" stor_cred: %lx %lx\n", stor_cred->data[0], stor_cred->data[1]));
95 DEBUG(5,(" timecred : %lx %lx\n", IVAL(timecred, 0) , IVAL(timecred, 4) ));
96 DEBUG(5,(" calc_cred: %lx %lx\n", cred ->data[0], cred ->data[1]));
100 /****************************************************************************
101 check a supplied credential
104 8 byte received credential
106 8 byte stored credential
110 returns 1 if computed credential matches received credential
112 ****************************************************************************/
113 int cred_assert(DOM_CHAL *cred, uint32 session_key[2], DOM_CHAL *stored_cred,
118 cred_create(session_key, stored_cred, timestamp, &cred2);
121 DEBUG(4,("cred_assert\n"));
123 DEBUG(5,(" challenge : %lx %lx\n", cred->data[0], cred->data[1]));
124 DEBUG(5,(" calculated: %lx %lx\n", cred2.data[0], cred2.data[1]));
126 if (memcmp(cred->data, cred2.data, 8) == 0)
128 DEBUG(5, ("credentials check ok\n"));
133 DEBUG(5, ("credentials check wrong\n"));