search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
removed two unneeded files after Richard backed out these changes.
[Samba.git] / source / libsmb / credentials.c
blob86adf03c402142d51dae629ac350aa5f2d152e7e
1 /*
2 Unix SMB/Netbios implementation.
3 Version 1.9.
4 code to manipulate domain credentials
5 Copyright (C) Andrew Tridgell 1997-1998
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 */
21
22 #include "includes.h"
23
24 /****************************************************************************
25 represent a credential as a string
26 ****************************************************************************/
27 char *credstr(const uchar *cred)
28 {
29 static fstring buf;
30 slprintf(buf, sizeof(buf) - 1, "%02X%02X%02X%02X%02X%02X%02X%02X",
31 cred[0], cred[1], cred[2], cred[3],
32 cred[4], cred[5], cred[6], cred[7]);
33 return buf;
34 }
35
36
37 /****************************************************************************
38 setup the session key.
39 Input: 8 byte challenge block
40 8 byte server challenge block
41 16 byte md4 encrypted password
42 Output:
43 8 byte session key
44 ****************************************************************************/
45 void cred_session_key(const DOM_CHAL *clnt_chal, const DOM_CHAL *srv_chal, const uchar *pass,
46 uchar session_key[8])
47 {
48 uint32 sum[2];
49 unsigned char sum2[8];
50
51 sum[0] = IVAL(clnt_chal->data, 0) + IVAL(srv_chal->data, 0);
52 sum[1] = IVAL(clnt_chal->data, 4) + IVAL(srv_chal->data, 4);
53
54 SIVAL(sum2,0,sum[0]);
55 SIVAL(sum2,4,sum[1]);
56
57 cred_hash1(session_key, sum2,pass);
58
59 /* debug output */
60 DEBUG(4,("cred_session_key\n"));
61
62 DEBUG(5,(" clnt_chal: %s\n", credstr(clnt_chal->data)));
63 DEBUG(5,(" srv_chal : %s\n", credstr(srv_chal->data)));
64 DEBUG(5,(" clnt+srv : %s\n", credstr(sum2)));
65 DEBUG(5,(" sess_key : %s\n", credstr(session_key)));
66 }
67
68
69 /****************************************************************************
70 create a credential
71
72 Input:
73 8 byte sesssion key
74 8 byte stored credential
75 4 byte timestamp
76
77 Output:
78 8 byte credential
79 ****************************************************************************/
80 void cred_create(uchar session_key[8], DOM_CHAL *stor_cred, UTIME timestamp,
81 DOM_CHAL *cred)
82 {
83 DOM_CHAL time_cred;
84
85 SIVAL(time_cred.data, 0, IVAL(stor_cred->data, 0) + timestamp.time);
86 SIVAL(time_cred.data, 4, IVAL(stor_cred->data, 4));
87
88 cred_hash2(cred->data, time_cred.data, session_key);
89
90 /* debug output*/
91 DEBUG(4,("cred_create\n"));
92
93 DEBUG(5,(" sess_key : %s\n", credstr(session_key)));
94 DEBUG(5,(" stor_cred: %s\n", credstr(stor_cred->data)));
95 DEBUG(5,(" timestamp: %x\n" , timestamp.time));
96 DEBUG(5,(" timecred : %s\n", credstr(time_cred.data)));
97 DEBUG(5,(" calc_cred: %s\n", credstr(cred->data)));
98 }
99
100
101 /****************************************************************************
102 check a supplied credential
103
104 Input:
105 8 byte received credential
106 8 byte sesssion key
107 8 byte stored credential
108 4 byte timestamp
109
110 Output:
111 returns 1 if computed credential matches received credential
112 returns 0 otherwise
113 ****************************************************************************/
114 int cred_assert(DOM_CHAL *cred, uchar session_key[8], DOM_CHAL *stored_cred,
115 UTIME timestamp)
116 {
117 DOM_CHAL cred2;
118
119 cred_create(session_key, stored_cred, timestamp, &cred2);
120
121 /* debug output*/
122 DEBUG(4,("cred_assert\n"));
123
124 DEBUG(5,(" challenge : %s\n", credstr(cred->data)));
125 DEBUG(5,(" calculated: %s\n", credstr(cred2.data)));
126
127 if (memcmp(cred->data, cred2.data, 8) == 0)
128 {
129 DEBUG(5, ("credentials check ok\n"));
130 return True;
131 }
132 else
133 {
134 DEBUG(5, ("credentials check wrong\n"));
135 return False;
136 }
137 }
138
139
140 /****************************************************************************
141 checks credentials; generates next step in the credential chain
142 ****************************************************************************/
143 BOOL clnt_deal_with_creds(uchar sess_key[8],
144 DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_srv_cred)
145 {
146 UTIME new_clnt_time;
147 uint32 new_cred;
148
149 DEBUG(5,("clnt_deal_with_creds: %d\n", __LINE__));
150
151 /* increment client time by one second */
152 new_clnt_time.time = sto_clnt_cred->timestamp.time + 1;
153
154 /* check that the received server credentials are valid */
155 if (!cred_assert(&rcv_srv_cred->challenge, sess_key,
156 &sto_clnt_cred->challenge, new_clnt_time))
157 {
158 return False;
159 }
160
161 /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */
162 new_cred = IVAL(sto_clnt_cred->challenge.data, 0);
163 new_cred += new_clnt_time.time;
164
165 /* store new seed in client credentials */
166 SIVAL(sto_clnt_cred->challenge.data, 0, new_cred);
167
168 DEBUG(5,(" new clnt cred: %s\n", credstr(sto_clnt_cred->challenge.data)));
169 return True;
170 }
171
172
173 /****************************************************************************
174 checks credentials; generates next step in the credential chain
175 ****************************************************************************/
176 BOOL deal_with_creds(uchar sess_key[8],
177 DOM_CRED *sto_clnt_cred,
178 DOM_CRED *rcv_clnt_cred, DOM_CRED *rtn_srv_cred)
179 {
180 UTIME new_clnt_time;
181 uint32 new_cred;
182
183 DEBUG(5,("deal_with_creds: %d\n", __LINE__));
184
185 /* check that the received client credentials are valid */
186 if (!cred_assert(&rcv_clnt_cred->challenge, sess_key,
187 &sto_clnt_cred->challenge, rcv_clnt_cred->timestamp))
188 {
189 return False;
190 }
191
192 /* increment client time by one second */
193 new_clnt_time.time = rcv_clnt_cred->timestamp.time + 1;
194
195 /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */
196 new_cred = IVAL(sto_clnt_cred->challenge.data, 0);
197 new_cred += new_clnt_time.time;
198
199 DEBUG(5,("deal_with_creds: new_cred[0]=%x\n", new_cred));
200
201 /* doesn't matter that server time is 0 */
202 rtn_srv_cred->timestamp.time = 0;
203
204 DEBUG(5,("deal_with_creds: new_clnt_time=%x\n", new_clnt_time.time));
205
206 /* create return credentials for inclusion in the reply */
207 cred_create(sess_key, &sto_clnt_cred->challenge, new_clnt_time,
208 &rtn_srv_cred->challenge);
209
210 DEBUG(5,("deal_with_creds: clnt_cred=%s\n", credstr(sto_clnt_cred->challenge.data)));
211
212 /* store new seed in client credentials */
213 SIVAL(sto_clnt_cred->challenge.data, 0, new_cred);
214
215 return True;
216 }
Samba GIT mirror