summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/libsmb/cliconnect.c52
-rw-r--r--source3/libsmb/smbencrypt.c31
2 files changed, 51 insertions, 32 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 827a086df3..9c7b168431 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -272,39 +272,27 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user,
uint32 capabilities = cli_session_setup_capabilities(cli);
DATA_BLOB lm_response = data_blob(NULL, 0);
DATA_BLOB nt_response = data_blob(NULL, 0);
- uchar user_session_key[16];
+ DATA_BLOB session_key = data_blob(NULL, 0);
+ BOOL ret = False;
char *p;
- BOOL have_plaintext = False;
if (passlen != 24) {
- uchar nt_hash[16];
- E_md4hash(pass, nt_hash);
-
if (lp_client_ntlmv2_auth()) {
- uchar ntlm_v2_hash[16];
DATA_BLOB server_chal;
server_chal = data_blob(cli->secblob.data, MIN(cli->secblob.length, 8));
- /* We don't use the NT# directly. Instead we use it mashed up with
- the username and domain.
- This prevents username swapping during the auth exchange
- */
- if (!ntv2_owf_gen(nt_hash, user, workgroup, ntlm_v2_hash)) {
+ if (!SMBNTLMv2encrypt(user, workgroup, pass, server_chal,
+ &lm_response, &nt_response, &session_key)) {
+ data_blob_free(&server_chal);
return False;
}
-
- nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 64 /* pick a number, > 8 */);
-
- /* LMv2 */
-
- lm_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 8);
-
- /* The NTLMv2 calculations also provide a session key, for signing etc later */
- /* use only the first 16 bytes of nt_response for session key */
- SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response.data, user_session_key);
+ data_blob_free(&server_chal);
} else {
+ uchar nt_hash[16];
+ E_md4hash(pass, nt_hash);
+
/* non encrypted password supplied. Ignore ntpass. */
if (lp_client_lanman_auth()) {
lm_response = data_blob(NULL, 24);
@@ -313,10 +301,10 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user,
nt_response = data_blob(NULL, 24);
SMBNTencrypt(pass,cli->secblob.data,nt_response.data);
- SMBsesskeygen_ntv1(nt_hash, NULL, user_session_key);
+ session_key = data_blob(NULL, 16);
+ SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
}
- have_plaintext = True;
set_temp_signing_on_cli(cli);
} else {
/* pre-encrypted password supplied. Only used for
@@ -356,17 +344,15 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user,
cli_setup_bcc(cli, p);
if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
- data_blob_free(&lm_response);
- data_blob_free(&nt_response);
- return False;
+ ret = False;
+ goto end;
}
show_msg(cli->inbuf);
if (cli_is_error(cli)) {
- data_blob_free(&lm_response);
- data_blob_free(&nt_response);
- return False;
+ ret = False;
+ goto end;
}
/* use the returned vuid from now on */
@@ -379,13 +365,15 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user,
fstrcpy(cli->user_name, user);
- if (have_plaintext) {
+ if (session_key.data) {
/* Have plaintext orginal */
- set_signing_on_cli(cli, user_session_key, nt_response);
+ set_signing_on_cli(cli, session_key.data, nt_response);
}
-
+
+end:
data_blob_free(&lm_response);
data_blob_free(&nt_response);
+ data_blob_free(&session_key);
return True;
}
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 28a20e76af..aa9391325f 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -321,6 +321,37 @@ DATA_BLOB NTLMv2_generate_response(uchar ntlm_v2_hash[16],
return final_response;
}
+BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password,
+ const DATA_BLOB server_chal,
+ DATA_BLOB *lm_response, DATA_BLOB *nt_response,
+ DATA_BLOB *session_key)
+{
+ uchar nt_hash[16];
+ uchar ntlm_v2_hash[16];
+ E_md4hash(password, nt_hash);
+
+ /* We don't use the NT# directly. Instead we use it mashed up with
+ the username and domain.
+ This prevents username swapping during the auth exchange
+ */
+ if (!ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash)) {
+ return False;
+ }
+
+ *nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 64 /* pick a number, > 8 */);
+
+ /* LMv2 */
+
+ *lm_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 8);
+
+ *session_key = data_blob(NULL, 16);
+
+ /* The NTLMv2 calculations also provide a session key, for signing etc later */
+ /* use only the first 16 bytes of nt_response for session key */
+ SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, session_key->data);
+
+ return True;
+}
/***********************************************************
encode a password buffer. The caller gets to figure out