summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-12-17 06:18:13 +0000
committerGerald Carter <jerry@samba.org>2003-12-17 06:18:13 +0000
commit54cff4535e8237c43977faa372ebac8baf88b034 (patch)
tree0fce76be3287ea24e9912c42b9e248897a47d2fd
parentc763e9548c94cdb526d8e486d1450b70b9d3969e (diff)
downloadsamba-54cff4535e8237c43977faa372ebac8baf88b034.tar.gz
samba-54cff4535e8237c43977faa372ebac8baf88b034.tar.bz2
samba-54cff4535e8237c43977faa372ebac8baf88b034.zip
Make sure we correctly generate the lm session key.
This fixes a problem joining a Samba domain from a vanilla win2k client that doesn't set the NTLMSSP_NEGOTIATE_NTLM2 flag. Reported on samba ml as "decode_pw: incorrect password length" when handling a samr_set_userinfo(23 or 24) RPC. (This used to be commit ef4ab8d7c497e4229d0c1deeb20d05c95bd8feb9)
-rw-r--r--source3/libsmb/ntlmssp.c8
-rw-r--r--source3/libsmb/smbencrypt.c20
2 files changed, 26 insertions, 2 deletions
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index ca1aa67403..3cfd6d2043 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -660,6 +660,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16);
hmac_md5(nt_session_key.data, session_nonce,
sizeof(session_nonce), session_key.data);
+ DEBUG(10,("NTLM2 session key set\n"));
dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length);
}
@@ -667,12 +668,14 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
if (lm_session_key.data && lm_session_key.length >= 8 &&
ntlmssp_state->lm_resp.data && ntlmssp_state->lm_resp.length == 24) {
session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16);
- SMBsesskeygen_lmv1(lm_session_key.data, ntlmssp_state->lm_resp.data,
+ SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state->lm_resp.data,
session_key.data);
+ DEBUG(10,("LM KEY session key set\n"));
dump_data_pw("LM session key:\n", session_key.data, session_key.length);
}
} else if (nt_session_key.data) {
session_key = nt_session_key;
+ DEBUG(10,("unmodified session key set\n"));
dump_data_pw("unmodified session key:\n", session_key.data, session_key.length);
}
@@ -695,7 +698,8 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->session_key = data_blob_talloc(ntlmssp_state->mem_ctx,
encrypted_session_key.data,
encrypted_session_key.length);
- dump_data_pw("KEY_EXCH session key:\n", session_key.data, session_key.length);
+ dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data,
+ encrypted_session_key.length);
}
} else {
ntlmssp_state->session_key = session_key;
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 2d02a23394..cfcc24a1df 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -325,6 +325,26 @@ void SMBsesskeygen_lmv1(const uchar lm_hash[16],
#endif
}
+void SMBsesskeygen_lm_sess_key(const uchar lm_hash[16],
+ const uchar lm_resp[24], /* only uses 8 */
+ uint8 sess_key[16])
+{
+ uchar p24[24];
+ uchar partial_lm_hash[16];
+
+ memcpy(partial_lm_hash, lm_hash, 8);
+ memset(partial_lm_hash + 8, 0xbd, 8);
+
+ SMBOWFencrypt(partial_lm_hash, lm_resp, p24);
+
+ memcpy(sess_key, p24, 16);
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100, ("SMBsesskeygen_lmv1_jerry:\n"));
+ dump_data(100, sess_key, 16);
+#endif
+}
+
DATA_BLOB NTLMv2_generate_names_blob(const char *hostname,
const char *domain)
{