SMB Signing with NTLMv2 works!

(well, under certain conditions :-)

There is no length limit on the size of the authentication response added
into the MD5 hash.  (We had previously limited this to lengths like 40, 44 or
64 in attempts to make sense of what the SNIA spec tells us).

Instead, the entire authentication response is added in.

Currently, this only works on a Win2k domain members with a Samba PDC,
becouse our NTLMv2 code currently fails against an Win2k PDC.

However, this splits the problem in half - particularly as the NTLMv2 format
is known, and even has an ethereal disector! (thanks tpot).

Andrew Bartlett
(This used to be commit 7645d3d28afbb8eea502c0e063df3afb3aa812f4)

1 files changed, 2 insertions, 11 deletions

diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index 76e3eb8988..0f56cd15d9 100644
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -21,15 +21,6 @@
 
 #include "includes.h"
 
-/* the SNIA Technical Reference tells us that this is '40 or 44' bytes
-   long, but NTLM only uses 40, and we don't know what value to use for
-   NTLMv2 */
-
-/* my guess is 64, and other evidence indicates we don't setup the
-   session key correctly, so that's why it's failing */
-
-#define SIMPLE_SMB_SIGNING_MAC_KEY_LEN 64
-
 struct smb_basic_signing_context {
 	DATA_BLOB mac_key;
 	uint32 send_seq_num;
@@ -246,10 +237,10 @@ BOOL cli_simple_set_signing(struct cli_state *cli, const uchar user_session_key[
 	data = smb_xmalloc(sizeof(*data));
 	cli->sign_info.signing_context = data;
 	
-	data->mac_key = data_blob(NULL, MIN(response.length + 16, SIMPLE_SMB_SIGNING_MAC_KEY_LEN));
+	data->mac_key = data_blob(NULL, response.length + 16);
 
 	memcpy(&data->mac_key.data[0], user_session_key, 16);
-	memcpy(&data->mac_key.data[16],response.data, MIN(response.length, SIMPLE_SMB_SIGNING_MAC_KEY_LEN - 16));
+	memcpy(&data->mac_key.data[16],response.data, response.length);
 
 	/* Initialise the sequence number */
 	data->send_seq_num = 0;