-/*
+/*
Unix SMB/CIFS implementation.
code to manipulate domain credentials
Copyright (C) Andrew Tridgell 1997-2003
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
memset(zero, 0, sizeof(zero));
- hmac_md5_init_rfc2104(machine_password->hash, sizeof(machine_password->hash), &ctx);
+ hmac_md5_init_rfc2104(machine_password->hash, sizeof(machine_password->hash), &ctx);
MD5Init(&md5);
MD5Update(&md5, zero, sizeof(zero));
MD5Update(&md5, client_challenge->data, 8);
{
struct netr_Credential time_cred;
- DEBUG(5,("\tseed %08x:%08x\n",
+ DEBUG(5,("\tseed %08x:%08x\n",
IVAL(creds->seed.data, 0), IVAL(creds->seed.data, 4)));
SIVAL(time_cred.data, 0, IVAL(creds->seed.data, 0) + creds->sequence);
netlogon_creds_step_crypt(creds, &time_cred, &creds->client);
- DEBUG(5,("\tCLIENT %08x:%08x\n",
+ DEBUG(5,("\tCLIENT %08x:%08x\n",
IVAL(creds->client.data, 0), IVAL(creds->client.data, 4)));
SIVAL(time_cred.data, 0, IVAL(creds->seed.data, 0) + creds->sequence + 1);
SIVAL(time_cred.data, 4, IVAL(creds->seed.data, 4));
- DEBUG(5,("\tseed+time+1 %08x:%08x\n",
+ DEBUG(5,("\tseed+time+1 %08x:%08x\n",
IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
netlogon_creds_step_crypt(creds, &time_cred, &creds->server);
- DEBUG(5,("\tSERVER %08x:%08x\n",
+ DEBUG(5,("\tSERVER %08x:%08x\n",
IVAL(creds->server.data, 0), IVAL(creds->server.data, 4)));
creds->seed = time_cred;
initialise the credentials chain and return the first client
credentials
*/
-
-struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *mem_ctx,
+
+struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *mem_ctx,
const char *client_account,
- const char *client_computer_name,
+ const char *client_computer_name,
const struct netr_Credential *client_challenge,
const struct netr_Credential *server_challenge,
const struct samr_Password *machine_password,
uint32_t negotiate_flags)
{
struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
-
+
if (!creds) {
return NULL;
}
-
+
creds->sequence = time(NULL);
creds->negotiate_flags = negotiate_flags;
initialise the credentials structure with only a session key. The caller better know what they are doing!
*/
-struct netlogon_creds_CredentialState *netlogon_creds_client_init_session_key(TALLOC_CTX *mem_ctx,
+struct netlogon_creds_CredentialState *netlogon_creds_client_init_session_key(TALLOC_CTX *mem_ctx,
const uint8_t session_key[16])
{
struct netlogon_creds_CredentialState *creds;
if (!creds) {
return NULL;
}
-
+
memcpy(creds->session_key, session_key, 16);
return creds;
step the credentials to the next element in the chain, updating the
current client and server credentials and the seed
- produce the next authenticator in the sequence ready to send to
+ produce the next authenticator in the sequence ready to send to
the server
*/
void netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds,
struct netr_Authenticator *next)
-{
+{
creds->sequence += 2;
netlogon_creds_step(creds);
bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
const struct netr_Credential *received_credentials)
{
- if (!received_credentials ||
+ if (!received_credentials ||
memcmp(received_credentials->data, creds->server.data, 8) != 0) {
DEBUG(2,("credentials check failed\n"));
return false;
initialise the credentials chain and return the first server
credentials
*/
-struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *mem_ctx,
+struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *mem_ctx,
const char *client_account,
- const char *client_computer_name,
+ const char *client_computer_name,
uint16_t secure_channel_type,
const struct netr_Credential *client_challenge,
const struct netr_Credential *server_challenge,
struct netr_Credential *credentials_out,
uint32_t negotiate_flags)
{
-
+
struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
-
+
if (!creds) {
return NULL;
}
-
+
creds->negotiate_flags = negotiate_flags;
creds->secure_channel_type = secure_channel_type;
server_challenge,
machine_password);
} else if (negotiate_flags & NETLOGON_NEG_STRONG_KEYS) {
- netlogon_creds_init_128bit(creds, client_challenge, server_challenge,
+ netlogon_creds_init_128bit(creds, client_challenge, server_challenge,
machine_password);
} else {
- netlogon_creds_init_64bit(creds, client_challenge, server_challenge,
+ netlogon_creds_init_64bit(creds, client_challenge, server_challenge,
machine_password);
}
NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds,
struct netr_Authenticator *received_authenticator,
- struct netr_Authenticator *return_authenticator)
+ struct netr_Authenticator *return_authenticator)
{
if (!received_authenticator || !return_authenticator) {
return NT_STATUS_INVALID_PARAMETER;
void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *creds,
uint16_t validation_level,
- union netr_Validation *validation)
+ union netr_Validation *validation)
{
static const char zeros[16];
if (validation_level == 6) {
/* they aren't encrypted! */
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
- if (memcmp(base->key.key, zeros,
+ if (memcmp(base->key.key, zeros,
sizeof(base->key.key)) != 0) {
- netlogon_creds_arcfour_crypt(creds,
- base->key.key,
+ netlogon_creds_arcfour_crypt(creds,
+ base->key.key,
sizeof(base->key.key));
}
-
- if (memcmp(base->LMSessKey.key, zeros,
+
+ if (memcmp(base->LMSessKey.key, zeros,
sizeof(base->LMSessKey.key)) != 0) {
- netlogon_creds_arcfour_crypt(creds,
- base->LMSessKey.key,
+ netlogon_creds_arcfour_crypt(creds,
+ base->LMSessKey.key,
sizeof(base->LMSessKey.key));
}
} else {
- if (memcmp(base->LMSessKey.key, zeros,
+ if (memcmp(base->LMSessKey.key, zeros,
sizeof(base->LMSessKey.key)) != 0) {
- netlogon_creds_des_decrypt_LMKey(creds,
+ netlogon_creds_des_decrypt_LMKey(creds,
&base->LMSessKey);
}
}
-}
+}
/*
copy a netlogon_creds_CredentialState struct
git.samba.org / kai / samba.git / commitdiff