diff options
Diffstat (limited to 'source4/auth/ntlmssp/ntlmssp_sign.c')
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp_sign.c | 39 |
1 files changed, 25 insertions, 14 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c index 222cb3e607..a47a0f334a 100644 --- a/source4/auth/ntlmssp/ntlmssp_sign.c +++ b/source4/auth/ntlmssp/ntlmssp_sign.c @@ -363,6 +363,9 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) const char *recv_sign_const; const char *recv_seal_const; + DATA_BLOB send_seal_key; + DATA_BLOB recv_seal_key; + switch (ntlmssp_state->role) { case NTLMSSP_CLIENT: send_sign_const = CLI_SIGN; @@ -380,6 +383,11 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) return NT_STATUS_INTERNAL_ERROR; } + ntlmssp_state->send_seal_hash = talloc(ntlmssp_state, struct arcfour_state); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->send_seal_hash); + ntlmssp_state->recv_seal_hash = talloc(ntlmssp_state, struct arcfour_state); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->recv_seal_hash); + /** Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions. @@ -407,18 +415,18 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) ntlmssp_state->send_sign_key.length); calc_ntlmv2_key(ntlmssp_state, - &ntlmssp_state->send_seal_key, + &send_seal_key, weak_session_key, send_seal_const); dump_data_pw("NTLMSSP send seal key:\n", - ntlmssp_state->send_seal_key.data, - ntlmssp_state->send_seal_key.length); + send_seal_key.data, + send_seal_key.length); arcfour_init(ntlmssp_state->send_seal_hash, - &ntlmssp_state->send_seal_key); + &send_seal_key); dump_data_pw("NTLMSSP send sesl hash:\n", - ntlmssp_state->send_seal_hash, - sizeof(ntlmssp_state->send_seal_hash)); + ntlmssp_state->send_seal_hash->sbox, + sizeof(ntlmssp_state->send_seal_hash->sbox)); /* RECV */ calc_ntlmv2_key(ntlmssp_state, @@ -429,24 +437,27 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state) ntlmssp_state->recv_sign_key.length); calc_ntlmv2_key(ntlmssp_state, - &ntlmssp_state->recv_seal_key, + &recv_seal_key, weak_session_key, recv_seal_const); dump_data_pw("NTLMSSP recv seal key:\n", - ntlmssp_state->recv_seal_key.data, - ntlmssp_state->recv_seal_key.length); + recv_seal_key.data, + recv_seal_key.length); arcfour_init(ntlmssp_state->recv_seal_hash, - &ntlmssp_state->recv_seal_key); + &recv_seal_key); dump_data_pw("NTLMSSP receive seal hash:\n", - ntlmssp_state->recv_seal_hash, - sizeof(ntlmssp_state->recv_seal_hash)); + ntlmssp_state->recv_seal_hash->sbox, + sizeof(ntlmssp_state->recv_seal_hash->sbox)); } else { DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n")); + ntlmssp_state->ntlmssp_hash = talloc(ntlmssp_state, struct arcfour_state); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->ntlmssp_hash); + arcfour_init(ntlmssp_state->ntlmssp_hash, &ntlmssp_state->session_key); - dump_data_pw("NTLMSSP hash:\n", ntlmssp_state->ntlmssp_hash, - sizeof(ntlmssp_state->ntlmssp_hash)); + dump_data_pw("NTLMSSP hash:\n", ntlmssp_state->ntlmssp_hash->sbox, + sizeof(ntlmssp_state->ntlmssp_hash->sbox)); } ntlmssp_state->ntlm_seq_num = 0; |