source/libsmb/credentials.c

   1 /*
   2    Unix SMB/Netbios implementation.
   3    Version 1.9.
   4    code to manipulate domain credentials
   5    Copyright (C) Andrew Tridgell 1997
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 2 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program; if not, write to the Free Software
  19    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  20 */
  21
  22 #include "includes.h"
  23
  24 extern int DEBUGLEVEL;
  25 /****************************************************************************
  26   setup the session key.
  27 Input: 8 byte challenge block
  28        8 byte server challenge block
  29       16 byte md4 encrypted password
  30 Output:
  31       8 byte session key
  32 ****************************************************************************/
  33 void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass,
  34                        uint32 session_key[2])
  35 {
  36         uint32 sum[2];
  37         char sum2[8];
  38         char buf[8];
  39         char netsesskey[8];
  40
  41         sum[0] = IVAL(clnt_chal->data, 0) + IVAL(srv_chal->data, 0);
  42         sum[1] = IVAL(clnt_chal->data, 4) + IVAL(srv_chal->data, 4);
  43
  44         SIVAL(sum2,0,sum[0]);
  45         SIVAL(sum2,4,sum[1]);
  46
  47         smbhash(buf, sum2, pass);
  48         smbhash(netsesskey, buf, pass+9);
  49
  50         session_key[0] = IVAL(netsesskey, 0);
  51         session_key[1] = IVAL(netsesskey, 4);
  52
  53         /* debug output */
  54         DEBUG(4,("cred_session_key\n"));
  55
  56         DEBUG(5,("      clnt_chal: %lx %lx\n", clnt_chal->data[0], clnt_chal->data[1]));
  57         DEBUG(5,("      srv_chal : %lx %lx\n", srv_chal ->data[0], srv_chal ->data[1]));
  58         DEBUG(5,("      clnt+srv : %lx %lx\n", sum            [0], sum            [1]));
  59         DEBUG(5,("      sess_key : %lx %lx\n", session_key    [0], session_key    [1]));
  60 }
  61
  62
  63 /****************************************************************************
  64 create a credential
  65
  66 Input:
  67       8 byte sesssion key
  68       8 byte stored credential
  69       4 byte timestamp
  70
  71 Output:
  72       8 byte credential
  73 ****************************************************************************/
  74 void cred_create(uint32 session_key[2], DOM_CHAL *stor_cred, UTIME timestamp,
  75                  DOM_CHAL *cred)
  76 {
  77         char key2[7];
  78         char buf[8];
  79         char calc_cred[8];
  80         char timecred[8];
  81         char netsesskey[8];
  82
  83         SIVAL(netsesskey, 0, session_key[0]);
  84         SIVAL(netsesskey, 4, session_key[1]);
  85
  86         SIVAL(timecred, 0, IVAL(stor_cred, 0) + timestamp.time);
  87         SIVAL(timecred, 4, IVAL(stor_cred, 4));
  88
  89         smbhash(buf, timecred, netsesskey);
  90         memset(key2, 0, 7);
  91         key2[0] = netsesskey[7];
  92         smbhash(calc_cred, buf, key2);
  93
  94         cred->data[0] = IVAL(calc_cred, 0);
  95         cred->data[1] = IVAL(calc_cred, 4);
  96
  97         /* debug output*/
  98         DEBUG(4,("cred_create\n"));
  99
 100         DEBUG(5,("      sess_key : %lx %lx\n", session_key    [0], session_key    [1]));
 101         DEBUG(5,("      stor_cred: %lx %lx\n", stor_cred->data[0], stor_cred->data[1]));
 102         DEBUG(5,("      timecred : %lx %lx\n", IVAL(timecred, 0),  IVAL(timecred, 4)));
 103         DEBUG(5,("      calc_cred: %lx %lx\n", cred     ->data[0], cred     ->data[1]));
 104 }
 105
 106
 107 /****************************************************************************
 108   check a supplied credential
 109
 110 Input:
 111       8 byte received credential
 112       8 byte sesssion key
 113       8 byte stored credential
 114       4 byte timestamp
 115
 116 Output:
 117       returns 1 if computed credential matches received credential
 118       returns 0 otherwise
 119 ****************************************************************************/
 120 int cred_assert(DOM_CHAL *cred, uint32 session_key[2], DOM_CHAL *stored_cred,
 121                 UTIME timestamp)
 122 {
 123         DOM_CHAL cred2;
 124
 125         cred_create(session_key, stored_cred, timestamp, &cred2);
 126
 127         /* debug output*/
 128         DEBUG(4,("cred_assert\n"));
 129
 130         DEBUG(5,("      challenge : %lx %lx\n", cred->data[0], cred->data[1]));
 131         DEBUG(5,("      calculated: %lx %lx\n", cred2.data[0], cred2.data[1]));
 132         DEBUG(5,("      challenge: "));
 133
 134         return memcmp(cred->data, cred2.data, 8) == 0;
 135 }
 136