2 Unix SMB/Netbios implementation.
4 code to manipulate domain credentials
5 Copyright (C) Andrew Tridgell 1997
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 extern int DEBUGLEVEL
;
25 /****************************************************************************
26 setup the session key.
27 Input: 8 byte challenge block
28 8 byte server challenge block
29 16 byte md4 encrypted password
32 ****************************************************************************/
33 void cred_session_key(DOM_CHAL
*clnt_chal
, DOM_CHAL
*srv_chal
, char *pass
,
34 uint32 session_key
[2])
41 sum
[0] = IVAL(clnt_chal
->data
, 0) + IVAL(srv_chal
->data
, 0);
42 sum
[1] = IVAL(clnt_chal
->data
, 4) + IVAL(srv_chal
->data
, 4);
47 smbhash(buf
, sum2
, pass
);
48 smbhash(netsesskey
, buf
, pass
+9);
50 session_key
[0] = IVAL(netsesskey
, 0);
51 session_key
[1] = IVAL(netsesskey
, 4);
54 DEBUG(4,("cred_session_key\n"));
56 DEBUG(5,(" clnt_chal: %lx %lx\n", clnt_chal
->data
[0], clnt_chal
->data
[1]));
57 DEBUG(5,(" srv_chal : %lx %lx\n", srv_chal
->data
[0], srv_chal
->data
[1]));
58 DEBUG(5,(" clnt+srv : %lx %lx\n", sum
[0], sum
[1]));
59 DEBUG(5,(" sess_key : %lx %lx\n", session_key
[0], session_key
[1]));
63 /****************************************************************************
68 8 byte stored credential
73 ****************************************************************************/
74 void cred_create(uint32 session_key
[2], DOM_CHAL
*stor_cred
, UTIME timestamp
,
83 SIVAL(netsesskey
, 0, session_key
[0]);
84 SIVAL(netsesskey
, 4, session_key
[1]);
86 SIVAL(timecred
, 0, IVAL(stor_cred
, 0) + timestamp
.time
);
87 SIVAL(timecred
, 4, IVAL(stor_cred
, 4));
89 smbhash(buf
, timecred
, netsesskey
);
91 key2
[0] = netsesskey
[7];
92 smbhash(calc_cred
, buf
, key2
);
94 cred
->data
[0] = IVAL(calc_cred
, 0);
95 cred
->data
[1] = IVAL(calc_cred
, 4);
98 DEBUG(4,("cred_create\n"));
100 DEBUG(5,(" sess_key : %lx %lx\n", session_key
[0], session_key
[1]));
101 DEBUG(5,(" stor_cred: %lx %lx\n", stor_cred
->data
[0], stor_cred
->data
[1]));
102 DEBUG(5,(" timecred : %lx %lx\n", IVAL(timecred
, 0), IVAL(timecred
, 4)));
103 DEBUG(5,(" calc_cred: %lx %lx\n", cred
->data
[0], cred
->data
[1]));
107 /****************************************************************************
108 check a supplied credential
111 8 byte received credential
113 8 byte stored credential
117 returns 1 if computed credential matches received credential
119 ****************************************************************************/
120 int cred_assert(DOM_CHAL
*cred
, uint32 session_key
[2], DOM_CHAL
*stored_cred
,
125 cred_create(session_key
, stored_cred
, timestamp
, &cred2
);
128 DEBUG(4,("cred_assert\n"));
130 DEBUG(5,(" challenge : %lx %lx\n", cred
->data
[0], cred
->data
[1]));
131 DEBUG(5,(" calculated: %lx %lx\n", cred2
.data
[0], cred2
.data
[1]));
132 DEBUG(5,(" challenge: "));
134 return memcmp(cred
->data
, cred2
.data
, 8) == 0;