diff options
author | Gerald Carter <jerry@samba.org> | 2003-12-17 06:18:41 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2003-12-17 06:18:41 +0000 |
commit | 18bc0b2bc231825dc650c4e6cef73e277d3f2a54 (patch) | |
tree | 8ec3727a67d144ba278d9635d27eedff984ddbe8 /source3 | |
parent | 86f53a0da1e0fab1ce8daf6433c803ebd61181d7 (diff) | |
download | samba-18bc0b2bc231825dc650c4e6cef73e277d3f2a54.tar.gz samba-18bc0b2bc231825dc650c4e6cef73e277d3f2a54.tar.bz2 samba-18bc0b2bc231825dc650c4e6cef73e277d3f2a54.zip |
Make sure we correctly generate the lm session key.
This fixes a problem joining a Samba domain from a
vanilla win2k client that doesn't set the
NTLMSSP_NEGOTIATE_NTLM2 flag.
Reported on samba ml as "decode_pw: incorrect password length"
when handling a samr_set_userinfo(23 or 24) RPC.
(This used to be commit 14558c942beb05cd12c0e40c1bb30c3dcde8ce48)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/libsmb/ntlmssp.c | 8 | ||||
-rw-r--r-- | source3/libsmb/smbencrypt.c | 20 |
2 files changed, 26 insertions, 2 deletions
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index ca1aa67403..3cfd6d2043 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -660,6 +660,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); hmac_md5(nt_session_key.data, session_nonce, sizeof(session_nonce), session_key.data); + DEBUG(10,("NTLM2 session key set\n")); dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length); } @@ -667,12 +668,14 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, if (lm_session_key.data && lm_session_key.length >= 8 && ntlmssp_state->lm_resp.data && ntlmssp_state->lm_resp.length == 24) { session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); - SMBsesskeygen_lmv1(lm_session_key.data, ntlmssp_state->lm_resp.data, + SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state->lm_resp.data, session_key.data); + DEBUG(10,("LM KEY session key set\n")); dump_data_pw("LM session key:\n", session_key.data, session_key.length); } } else if (nt_session_key.data) { session_key = nt_session_key; + DEBUG(10,("unmodified session key set\n")); dump_data_pw("unmodified session key:\n", session_key.data, session_key.length); } @@ -695,7 +698,8 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, ntlmssp_state->session_key = data_blob_talloc(ntlmssp_state->mem_ctx, encrypted_session_key.data, encrypted_session_key.length); - dump_data_pw("KEY_EXCH session key:\n", session_key.data, session_key.length); + dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, + encrypted_session_key.length); } } else { ntlmssp_state->session_key = session_key; diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 2d02a23394..cfcc24a1df 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -325,6 +325,26 @@ void SMBsesskeygen_lmv1(const uchar lm_hash[16], #endif } +void SMBsesskeygen_lm_sess_key(const uchar lm_hash[16], + const uchar lm_resp[24], /* only uses 8 */ + uint8 sess_key[16]) +{ + uchar p24[24]; + uchar partial_lm_hash[16]; + + memcpy(partial_lm_hash, lm_hash, 8); + memset(partial_lm_hash + 8, 0xbd, 8); + + SMBOWFencrypt(partial_lm_hash, lm_resp, p24); + + memcpy(sess_key, p24, 16); + +#ifdef DEBUG_PASSWORD + DEBUG(100, ("SMBsesskeygen_lmv1_jerry:\n")); + dump_data(100, sess_key, 16); +#endif +} + DATA_BLOB NTLMv2_generate_names_blob(const char *hostname, const char *domain) { |