r3655: As required by the new torture test, add the LM session key output

parameter to SMBNTLMv2encrypt().

Andrew Bartlett
(This used to be commit 75ff351faf0a3231e17f000b006beb9cb545d905)

2 files changed, 10 insertions, 2 deletions

diff --git a/source4/libcli/auth/ntlmssp.c b/source4/libcli/auth/ntlmssp.c
index 55a80d0d5e..f0003279e5 100644
--- a/source4/libcli/auth/ntlmssp.c
+++ b/source4/libcli/auth/ntlmssp.c
@@ -1104,7 +1104,8 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
 				      ntlmssp_state->domain, 
 				      ntlmssp_state->password, &challenge_blob, 
 				      &struct_blob, 
-				      &lm_response, &nt_response, &session_key)) {
+				      &lm_response, &nt_response, 
+				      NULL, &session_key)) {
 			data_blob_free(&challenge_blob);
 			data_blob_free(&struct_blob);
 			return NT_STATUS_NO_MEMORY;
diff --git a/source4/libcli/util/smbencrypt.c b/source4/libcli/util/smbencrypt.c
index 6034c0e327..d327b53f9d 100644
--- a/source4/libcli/util/smbencrypt.c
+++ b/source4/libcli/util/smbencrypt.c
@@ -378,7 +378,7 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password
 		      const DATA_BLOB *server_chal, 
 		      const DATA_BLOB *names_blob,
 		      DATA_BLOB *lm_response, DATA_BLOB *nt_response, 
-		      DATA_BLOB *user_session_key) 
+		      DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) 
 {
 	uint8_t nt_hash[16];
 	uint8_t ntlm_v2_hash[16];
@@ -408,6 +408,13 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password
 	
 	if (lm_response) {
 		*lm_response = LMv2_generate_response(ntlm_v2_hash, server_chal);
+		if (lm_session_key) {
+			*lm_session_key = data_blob(NULL, 16);
+			
+			/* The NTLMv2 calculations also provide a session key, for signing etc later */
+			/* use only the first 16 bytes of lm_response for session key */
+			SMBsesskeygen_ntv2(ntlm_v2_hash, lm_response->data, lm_session_key->data);
+		}
 	}
 	
 	return True;