summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-05-07 12:58:59 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-05-07 12:58:59 +0000
commit2752f4a533a5546df794aa7c02f6765185ccc4cc (patch)
tree8d2c51561ad0ab7abd01c05e32189fd3a134f84d
parent2b9fc2840fe3a516bc912d4852bbbbc7dd30ac75 (diff)
downloadsamba-2752f4a533a5546df794aa7c02f6765185ccc4cc.tar.gz
samba-2752f4a533a5546df794aa7c02f6765185ccc4cc.tar.bz2
samba-2752f4a533a5546df794aa7c02f6765185ccc4cc.zip
SMB Signing with NTLMv2 works!
(well, under certain conditions :-) There is no length limit on the size of the authentication response added into the MD5 hash. (We had previously limited this to lengths like 40, 44 or 64 in attempts to make sense of what the SNIA spec tells us). Instead, the entire authentication response is added in. Currently, this only works on a Win2k domain members with a Samba PDC, becouse our NTLMv2 code currently fails against an Win2k PDC. However, this splits the problem in half - particularly as the NTLMv2 format is known, and even has an ethereal disector! (thanks tpot). Andrew Bartlett (This used to be commit 7645d3d28afbb8eea502c0e063df3afb3aa812f4)
-rw-r--r--source3/libsmb/smb_signing.c13
1 files changed, 2 insertions, 11 deletions
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index 76e3eb8988..0f56cd15d9 100644
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -21,15 +21,6 @@
#include "includes.h"
-/* the SNIA Technical Reference tells us that this is '40 or 44' bytes
- long, but NTLM only uses 40, and we don't know what value to use for
- NTLMv2 */
-
-/* my guess is 64, and other evidence indicates we don't setup the
- session key correctly, so that's why it's failing */
-
-#define SIMPLE_SMB_SIGNING_MAC_KEY_LEN 64
-
struct smb_basic_signing_context {
DATA_BLOB mac_key;
uint32 send_seq_num;
@@ -246,10 +237,10 @@ BOOL cli_simple_set_signing(struct cli_state *cli, const uchar user_session_key[
data = smb_xmalloc(sizeof(*data));
cli->sign_info.signing_context = data;
- data->mac_key = data_blob(NULL, MIN(response.length + 16, SIMPLE_SMB_SIGNING_MAC_KEY_LEN));
+ data->mac_key = data_blob(NULL, response.length + 16);
memcpy(&data->mac_key.data[0], user_session_key, 16);
- memcpy(&data->mac_key.data[16],response.data, MIN(response.length, SIMPLE_SMB_SIGNING_MAC_KEY_LEN - 16));
+ memcpy(&data->mac_key.data[16],response.data, response.length);
/* Initialise the sequence number */
data->send_seq_num = 0;