summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-08-12 05:53:43 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-08-12 05:53:43 +0000
commit3b8485d047492788925b530e9e622a61c66f2dbd (patch)
treeef5fd11a578270d38290fb9f4125fa86bd7ab19f
parent225048e2e67e85ac6ff33ed4984435ffb7ccab62 (diff)
downloadsamba-3b8485d047492788925b530e9e622a61c66f2dbd.tar.gz
samba-3b8485d047492788925b530e9e622a61c66f2dbd.tar.bz2
samba-3b8485d047492788925b530e9e622a61c66f2dbd.zip
As described in http://davenport.sourceforge.net/ntlm.html add NTLM2
authentication. NTLM2 is a version of NTLM, that involves both a client and server challenge, and the creating of a new (presuable more secure) session key. Unfortunetly this is not quite the same as NTLMv2, and we don't know how to get the session key. I suggest looking very closely at what MSCHAPv2, and other MS auth protocols do... Andrew Bartlett (This used to be commit d4a5f4fdf97b707b44a0787267e1e4388d1b5388)
-rw-r--r--source3/libsmb/ntlmssp.c43
1 files changed, 40 insertions, 3 deletions
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index a314aa15db..47e283dc51 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -23,6 +23,12 @@
#include "includes.h"
+#if 0
+/* we currently do not know how to get the right session key for this, so
+ we cannot enable it by default... :-( */
+#define USE_NTLM2 1
+#endif
+
/**
* Print out the NTLMSSP flags for debugging
* @param neg_flags The flags from the packet
@@ -415,6 +421,10 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_client_state *ntlmssp_stat
if (ntlmssp_state->use_ntlmv2) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
}
+
+#ifdef USE_NTLM2
+ ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
+#endif
/* generate the ntlmssp negotiate packet */
msrpc_gen(next_request, "CddAA",
@@ -560,7 +570,34 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_client_state *ntlmssp_st
data_blob_free(&struct_blob);
return NT_STATUS_NO_MEMORY;
}
+#ifdef USE_NTLM2
+ } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
+ struct MD5Context md5_session_nonce_ctx;
+ uchar nt_hash[16];
+ uchar session_nonce[16];
+ E_md4hash(ntlmssp_state->password, nt_hash);
+
+ generate_random_buffer(lm_response.data, 8, False);
+ memset(lm_response.data+8, 0, 16);
+
+ MD5Init(&md5_session_nonce_ctx);
+ MD5Update(&md5_session_nonce_ctx, challenge_blob.data, 8);
+ MD5Update(&md5_session_nonce_ctx, lm_response.data, 8);
+ MD5Final(session_nonce, &md5_session_nonce_ctx);
+
+ nt_response = data_blob(NULL, 24);
+ SMBNTencrypt(ntlmssp_state->password,
+ challenge_blob.data,
+ nt_response.data);
+
+ /* This is *NOT* the correct session key algorithm - just
+ fill in the bytes with something... */
+ session_key = data_blob(NULL, 16);
+ SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
+#endif
} else {
+
+
uchar lm_hash[16];
uchar nt_hash[16];
E_deshash(ntlmssp_state->password, lm_hash);
@@ -571,15 +608,15 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_client_state *ntlmssp_st
lm_response = data_blob(NULL, 24);
SMBencrypt(ntlmssp_state->password,challenge_blob.data,
lm_response.data);
- }
+ }
nt_response = data_blob(NULL, 24);
SMBNTencrypt(ntlmssp_state->password,challenge_blob.data,
nt_response.data);
-
+
session_key = data_blob(NULL, 16);
if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
- && lp_client_lanman_auth()) {
+ && lp_client_lanman_auth()) {
SMBsesskeygen_lmv1(lm_hash, lm_response.data,
session_key.data);
} else {