diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-05-05 05:15:54 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-05-05 05:15:54 +0000 |
commit | 423bd582f4f0f03ff086054060954e8e23cd02cd (patch) | |
tree | a5a379963446ac5f6cc8065f6e6318bc7205b941 | |
parent | 0e1c8fa7c38a7259150db4d2bb825e7ebbebbc02 (diff) | |
download | samba-423bd582f4f0f03ff086054060954e8e23cd02cd.tar.gz samba-423bd582f4f0f03ff086054060954e8e23cd02cd.tar.bz2 samba-423bd582f4f0f03ff086054060954e8e23cd02cd.zip |
Allow the NTLMv2 functions to spit out both possible varients on the session
key, so we can test it in ntlm_auth.
I suspect the 'lm' version doesn't exist, but it's easy to change back.
Andrew Bartlett
(This used to be commit 5efd95622c411f123660b6613b86c7a68bba68e8)
-rw-r--r-- | source3/libsmb/cliconnect.c | 2 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp.c | 2 | ||||
-rw-r--r-- | source3/libsmb/smbencrypt.c | 34 |
3 files changed, 25 insertions, 13 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 9dddb6a163..982cbfff06 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -261,7 +261,7 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user, server_chal = data_blob(cli->secblob.data, MIN(cli->secblob.length, 8)); if (!SMBNTLMv2encrypt(user, workgroup, pass, server_chal, - &lm_response, &nt_response, &session_key)) { + &lm_response, &nt_response, NULL, &session_key)) { data_blob_free(&server_chal); return False; } diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index d54655d17f..356bb0c4fe 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -501,7 +501,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_client_state *ntlmssp_st if (!SMBNTLMv2encrypt(ntlmssp_state->user, ntlmssp_state->domain, ntlmssp_state->password, challenge_blob, - &lm_response, &nt_response, &session_key)) { + &lm_response, &nt_response, NULL, &session_key)) { data_blob_free(&challenge_blob); return NT_STATUS_NO_MEMORY; } diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 28160d9609..bab18a07b1 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -76,10 +76,9 @@ void E_deshash(const char *passwd, uchar p16[16]) { fstring dospwd; ZERO_STRUCT(dospwd); - ZERO_STRUCTP(p16); /* Password must be converted to DOS charset - null terminated, uppercase. */ - push_ascii(dospwd, (const char *)passwd, sizeof(dospwd), STR_UPPER|STR_TERMINATE); + push_ascii(dospwd, passwd, sizeof(dospwd), STR_UPPER|STR_TERMINATE); /* Only the fisrt 14 chars are considered, password need not be null terminated. */ E_P16(dospwd, p16); @@ -324,7 +323,8 @@ static DATA_BLOB NTLMv2_generate_response(uchar ntlm_v2_hash[16], BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password, const DATA_BLOB server_chal, DATA_BLOB *lm_response, DATA_BLOB *nt_response, - DATA_BLOB *session_key) + DATA_BLOB *lm_session_key, + DATA_BLOB *nt_session_key) { uchar nt_hash[16]; uchar ntlm_v2_hash[16]; @@ -338,18 +338,30 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password return False; } - *nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 64 /* pick a number, > 8 */); + if (nt_response) { + *nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 64 /* pick a number, > 8 */); + if (nt_session_key) { + *nt_session_key = data_blob(NULL, 16); + + /* The NTLMv2 calculations also provide a session key, for signing etc later */ + /* use only the first 16 bytes of nt_response for session key */ + SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, nt_session_key->data); + } + } /* LMv2 */ - *lm_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 8); - - *session_key = data_blob(NULL, 16); + if (lm_response) { + *lm_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 8); + if (lm_session_key) { + *lm_session_key = data_blob(NULL, 16); + + /* The NTLMv2 calculations also provide a session key, for signing etc later */ + /* use only the first 16 bytes of nt_response for session key */ + SMBsesskeygen_ntv2(ntlm_v2_hash, lm_response->data, lm_session_key->data); + } + } - /* The NTLMv2 calculations also provide a session key, for signing etc later */ - /* use only the first 16 bytes of nt_response for session key */ - SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, session_key->data); - return True; } |