r443: Update Samba4 to the auth and NTLMSSP code from Samba3.

Not all the auth code is merged - only those parts that are actually being used in Samba4. There is a lot more work to do in the NTLMSSP area, and I hope to develop that work here. There is a start on this here - splitting NTLMSSP into two parts that my operate in an async fashion (before and after the actual authentication) Andrew Bartlett (This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f)
author: Andrew Bartlett <abartlet@samba.org> 2004-05-02 08:45:00 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 12:51:42 -0500
commit: 9f084101dd392ceb85f141f55ee56bed344626ef (patch)
tree: 2a9884d8e99e28b9dbfb153575e32c5b8bb9ef4c /source4/libcli/auth/ntlmssp_sign.c
parent: 585d87a9590ecf64681700d70c37e5276ee8514a (diff)
download: samba-9f084101dd392ceb85f141f55ee56bed344626ef.tar.gz
samba-9f084101dd392ceb85f141f55ee56bed344626ef.tar.bz2
samba-9f084101dd392ceb85f141f55ee56bed344626ef.zip
1 files changed, 47 insertions, 20 deletions
diff --git a/source4/libcli/auth/ntlmssp_sign.c b/source4/libcli/auth/ntlmssp_sign.c
index 2f510b0f98..5039a842bc 100644
--- a/source4/libcli/auth/ntlmssp_sign.c
+++ b/source4/libcli/auth/ntlmssp_sign.c
@@ -53,7 +53,7 @@ static void NTLMSSPcalc_ap( unsigned char *hash, unsigned char *data, int len)
     hash[257] = index_j;
 }
 
-static void calc_hash(unsigned char *hash, const char *k2, int k2l)
+static void calc_hash(unsigned char hash[258], const char *k2, int k2l)
 {
 	unsigned char j = 0;
 	int ind;
@@ -78,7 +78,7 @@ static void calc_hash(unsigned char *hash, const char *k2, int k2l)
 	hash[257] = 0;
 }
 
-static void calc_ntlmv2_hash(unsigned char hash[16], char digest[16],
+static void calc_ntlmv2_hash(unsigned char hash[258], unsigned char digest[16],
 			     DATA_BLOB session_key, 
 			     const char *constant)
 {
@@ -91,8 +91,8 @@ static void calc_ntlmv2_hash(unsigned char hash[16], char digest[16],
 
 	MD5Init(&ctx3);
 	MD5Update(&ctx3, session_key.data, session_key.length);
-	MD5Update(&ctx3, (const unsigned char *)constant, strlen(constant));
-	MD5Final((unsigned char *)digest, &ctx3);
+	MD5Update(&ctx3, (const unsigned char *)constant, strlen(constant)+1);
+	MD5Final(digest, &ctx3);
 
 	calc_hash(hash, digest, 16);
 }
@@ -109,12 +109,12 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
 {
 	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
 		HMACMD5Context ctx;
-		char seq_num[4];
+		uchar seq_num[4];
 		uchar digest[16];
 		SIVAL(seq_num, 0, ntlmssp_state->ntlmssp_seq_num);
 
 		hmac_md5_init_limK_to_64((const unsigned char *)(ntlmssp_state->send_sign_const), 16, &ctx);
-		hmac_md5_update((const unsigned char *)seq_num, 4, &ctx);
+		hmac_md5_update(seq_num, 4, &ctx);
 		hmac_md5_update(data, length, &ctx);
 		hmac_md5_final(digest, &ctx);
 
@@ -122,13 +122,16 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
 			       , ntlmssp_state->ntlmssp_seq_num)) {
 			return NT_STATUS_NO_MEMORY;
 		}
-		switch (direction) {
-		case NTLMSSP_SEND:
-			NTLMSSPcalc_ap(ntlmssp_state->send_sign_hash,  sig->data+4, sig->length-4);
-			break;
-		case NTLMSSP_RECEIVE:
-			NTLMSSPcalc_ap(ntlmssp_state->recv_sign_hash,  sig->data+4, sig->length-4);
-			break;
+
+		if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
+			switch (direction) {
+			case NTLMSSP_SEND:
+				NTLMSSPcalc_ap(ntlmssp_state->send_sign_hash,  sig->data+4, sig->length-4);
+				break;
+			case NTLMSSP_RECEIVE:
+				NTLMSSPcalc_ap(ntlmssp_state->recv_sign_hash,  sig->data+4, sig->length-4);
+				break;
+			}
 		}
 	} else {
 		uint32 crc;
@@ -145,10 +148,16 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
 }
 
 NTSTATUS ntlmssp_sign_packet(NTLMSSP_STATE *ntlmssp_state,
-			     const uchar *data, size_t length, 
-			     DATA_BLOB *sig) 
+				    const uchar *data, size_t length, 
+				    DATA_BLOB *sig) 
 {
-	NTSTATUS nt_status = ntlmssp_make_packet_signature(ntlmssp_state, data, length, NTLMSSP_SEND, sig);
+	NTSTATUS nt_status;
+	if (!ntlmssp_state->session_key.length) {
+		DEBUG(3, ("NO session key, cannot check sign packet\n"));
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+
+	nt_status = ntlmssp_make_packet_signature(ntlmssp_state, data, length, NTLMSSP_SEND, sig);
 
 	/* increment counter on send */
 	ntlmssp_state->ntlmssp_seq_num++;
@@ -168,6 +177,11 @@ NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state,
 	DATA_BLOB local_sig;
 	NTSTATUS nt_status;
 
+	if (!ntlmssp_state->session_key.length) {
+		DEBUG(3, ("NO session key, cannot check packet signature\n"));
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+
 	if (sig->length < 8) {
 		DEBUG(0, ("NTLMSSP packet check failed due to short signature (%lu bytes)!\n", 
 			  (unsigned long)sig->length));
@@ -194,8 +208,6 @@ NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state,
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	data_blob_free(&local_sig);
-
 	/* increment counter on recieive */
 	ntlmssp_state->ntlmssp_seq_num++;
 
@@ -212,6 +224,11 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state,
 			     uchar *data, size_t length,
 			     DATA_BLOB *sig)
 {	
+	if (!ntlmssp_state->session_key.length) {
+		DEBUG(3, ("NO session key, cannot seal packet\n"));
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+
 	DEBUG(10,("ntlmssp_seal_data: seal\n"));
 	dump_data_pw("ntlmssp clear data\n", data, length);
 	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
@@ -274,6 +291,11 @@ NTSTATUS ntlmssp_unseal_packet(NTLMSSP_STATE *ntlmssp_state,
 				      uchar *data, size_t length,
 				      DATA_BLOB *sig)
 {
+	if (!ntlmssp_state->session_key.length) {
+		DEBUG(3, ("NO session key, cannot unseal packet\n"));
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+
 	DEBUG(10,("ntlmssp__unseal_data: seal\n"));
 	dump_data_pw("ntlmssp sealed data\n", data, length);
 	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
@@ -299,6 +321,11 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state)
 	DEBUG(3, ("NTLMSSP Sign/Seal - Initialising with flags:\n"));
 	debug_ntlmssp_flags(ntlmssp_state->neg_flags);
 
+	if (!ntlmssp_state->session_key.length) {
+		DEBUG(3, ("NO session key, cannot intialise signing\n"));
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+
 	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
 	{
 		const char *send_sign_const;
@@ -337,14 +364,14 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state)
 
 		calc_ntlmv2_hash(ntlmssp_state->recv_sign_hash, 
 				 ntlmssp_state->recv_sign_const, 
-				 ntlmssp_state->session_key, send_sign_const);
+				 ntlmssp_state->session_key, recv_sign_const);
 		dump_data_pw("NTLMSSP receive sign hash:\n", 
 			     ntlmssp_state->recv_sign_hash, 
 			     sizeof(ntlmssp_state->recv_sign_hash));
 
 		calc_ntlmv2_hash(ntlmssp_state->recv_seal_hash, 
 				 ntlmssp_state->recv_seal_const, 
-				 ntlmssp_state->session_key, send_seal_const);
+				 ntlmssp_state->session_key, recv_seal_const);
 		dump_data_pw("NTLMSSP receive seal hash:\n", 
 			     ntlmssp_state->recv_sign_hash, 
 			     sizeof(ntlmssp_state->recv_sign_hash));
author	Andrew Bartlett <abartlet@samba.org>	2004-05-02 08:45:00 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 12:51:42 -0500
commit	9f084101dd392ceb85f141f55ee56bed344626ef (patch)
tree	2a9884d8e99e28b9dbfb153575e32c5b8bb9ef4c /source4/libcli/auth/ntlmssp_sign.c
parent	585d87a9590ecf64681700d70c37e5276ee8514a (diff)
download	samba-9f084101dd392ceb85f141f55ee56bed344626ef.tar.gz samba-9f084101dd392ceb85f141f55ee56bed344626ef.tar.bz2 samba-9f084101dd392ceb85f141f55ee56bed344626ef.zip