s3:ntlmssp: inline ntlmssp_weaken_keys()

metze

Signed-off-by: Günther Deschner <gd@samba.org>

2 files changed, 37 insertions, 71 deletions

diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 1ca9810b5d..4c1fd24e3b 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -439,47 +439,6 @@ static void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
 }
 
 /**
- Weaken NTLMSSP keys to cope with down-level clients and servers.
-
- We probably should have some parameters to control this, but as
- it only occours for LM_KEY connections, and this is controlled
- by the client lanman auth/lanman auth parameters, it isn't too bad.
-*/
-
-DATA_BLOB ntlmssp_weaken_keys(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx)
-{
-	DATA_BLOB weakened_key = data_blob_talloc(mem_ctx,
-					ntlmssp_state->session_key.data,
-					ntlmssp_state->session_key.length);
-
-	/* Nothing to weaken.  We certainly don't want to 'extend' the length... */
-	if (weakened_key.length < 16) {
-		/* perhaps there was no key? */
-		return weakened_key;
-	}
-
-	/* Key weakening not performed on the master key for NTLM2
-	   and does not occour for NTLM1.  Therefore we only need
-	   to do this for the LM_KEY.
-	*/
-
-	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) {
-		/* LM key doesn't support 128 bit crypto, so this is
-		 * the best we can do.  If you negotiate 128 bit, but
-		 * not 56, you end up with 40 bit... */
-		if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {
-			weakened_key.data[7] = 0xa0;
-		} else { /* forty bits */
-			weakened_key.data[5] = 0xe5;
-			weakened_key.data[6] = 0x38;
-			weakened_key.data[7] = 0xb0;
-		}
-		weakened_key.length = 8;
-	}
-	return weakened_key;
-}
-
-/**
  * Next state function for the Negotiate packet
  *
  * @param ntlmssp_state NTLMSSP State
diff --git a/source3/libsmb/ntlmssp_sign.c b/source3/libsmb/ntlmssp_sign.c
index e3d53ab137..26d35f9980 100644
--- a/source3/libsmb/ntlmssp_sign.c
+++ b/source3/libsmb/ntlmssp_sign.c
@@ -331,18 +331,10 @@ NTSTATUS ntlmssp_unseal_packet(struct ntlmssp_state *ntlmssp_state,
 */
 NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
 {
-	TALLOC_CTX *mem_ctx;
-
-	mem_ctx = talloc_init("weak_keys");
-	if (!mem_ctx) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
 	DEBUG(3, ("NTLMSSP Sign/Seal - Initialising with flags:\n"));
 	debug_ntlmssp_flags(ntlmssp_state->neg_flags);
 
 	if (ntlmssp_state->session_key.length < 8) {
-		TALLOC_FREE(mem_ctx);
 		DEBUG(3, ("NO session key, cannot intialise signing\n"));
 		return NT_STATUS_NO_USER_SESSION_KEY;
 	}
@@ -374,7 +366,6 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
 			recv_seal_const = CLI_SEAL;
 			break;
 		default:
-			TALLOC_FREE(mem_ctx);
 			return NT_STATUS_INTERNAL_ERROR;
 		}
 
@@ -434,33 +425,50 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
 
 
 	} else {
-#if 0
-		/* Hmmm. Shouldn't we also weaken keys for ntlmv1 ? JRA. */
+		uint8_t weak_session_key[8];
+		DATA_BLOB seal_session_key = ntlmssp_state->session_key;
+		bool do_weak = false;
 
-		DATA_BLOB weak_session_key = ntlmssp_state->session_key;
-		/**
-		  Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions.
-		  We probably should have some parameters to control this, once we get NTLM2 working.
-		*/
+		DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n"));
 
-		if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) {
-			;
-		} else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {
-			weak_session_key.length = 6;
-		} else { /* forty bits */
-			weak_session_key.length = 5;
+		/*
+		 * Key weakening not performed on the master key for NTLM2
+		 * and does not occour for NTLM1. Therefore we only need
+		 * to do this for the LM_KEY.
+		 */
+		if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) {
+			do_weak = true;
 		}
-		dump_data_pw("NTLMSSP weakend master key:\n",
-				weak_session_key.data,
-				weak_session_key.length);
-#endif
 
-		DATA_BLOB weak_session_key = ntlmssp_weaken_keys(ntlmssp_state, mem_ctx);
+		/*
+		 * Nothing to weaken.
+		 * We certainly don't want to 'extend' the length...
+		 */
+		if (seal_session_key.length < 16) {
+			/* TODO: is this really correct? */
+			do_weak = false;
+		}
 
-		DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n"));
+		if (do_weak) {
+			memcpy(weak_session_key, seal_session_key.data, 8);
+			seal_session_key = data_blob_const(weak_session_key, 8);
+
+			/*
+			 * LM key doesn't support 128 bit crypto, so this is
+			 * the best we can do. If you negotiate 128 bit, but
+			 * not 56, you end up with 40 bit...
+			 */
+			if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {
+				weak_session_key[7] = 0xa0;
+			} else { /* forty bits */
+				weak_session_key[5] = 0xe5;
+				weak_session_key[6] = 0x38;
+				weak_session_key[7] = 0xb0;
+			}
+		}
 
 		arcfour_init(&ntlmssp_state->ntlmv1_arc4_state,
-			     &weak_session_key);
+			     &seal_session_key);
 
                 dump_arc4_state("NTLMv1 arc4 state:\n",
 				&ntlmssp_state->ntlmv1_arc4_state);
@@ -468,6 +476,5 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
 		ntlmssp_state->ntlmv1_seq_num = 0;
 	}
 
-	TALLOC_FREE(mem_ctx);
 	return NT_STATUS_OK;
 }