From 54cff4535e8237c43977faa372ebac8baf88b034 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Wed, 17 Dec 2003 06:18:13 +0000
Subject: Make sure we correctly generate the lm session key. This fixes a
 problem joining a Samba domain from a vanilla win2k client that doesn't set
 the NTLMSSP_NEGOTIATE_NTLM2 flag.

Reported on samba ml as "decode_pw: incorrect password length"
when handling a samr_set_userinfo(23 or 24) RPC.
(This used to be commit ef4ab8d7c497e4229d0c1deeb20d05c95bd8feb9)
---
 source3/libsmb/ntlmssp.c    |  8 ++++++--
 source3/libsmb/smbencrypt.c | 20 ++++++++++++++++++++
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index ca1aa67403..3cfd6d2043 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -660,6 +660,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
 			session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16);
 			hmac_md5(nt_session_key.data, session_nonce, 
 				 sizeof(session_nonce), session_key.data);
+			DEBUG(10,("NTLM2 session key set\n"));
 			dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length);
 
 		}
@@ -667,12 +668,14 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
 		if (lm_session_key.data && lm_session_key.length >= 8 && 
 		    ntlmssp_state->lm_resp.data && ntlmssp_state->lm_resp.length == 24) {
 			session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16);
-			SMBsesskeygen_lmv1(lm_session_key.data, ntlmssp_state->lm_resp.data, 
+			SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state->lm_resp.data, 
 					   session_key.data);
+			DEBUG(10,("LM KEY session key set\n"));
 			dump_data_pw("LM session key:\n", session_key.data, session_key.length);
 		}
 	} else if (nt_session_key.data) {
 		session_key = nt_session_key;
+		DEBUG(10,("unmodified session key set\n"));
 		dump_data_pw("unmodified session key:\n", session_key.data, session_key.length);
 	}
 
@@ -695,7 +698,8 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
 			ntlmssp_state->session_key = data_blob_talloc(ntlmssp_state->mem_ctx, 
 								      encrypted_session_key.data, 
 								      encrypted_session_key.length);
-			dump_data_pw("KEY_EXCH session key:\n", session_key.data, session_key.length);
+			dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, 
+				encrypted_session_key.length);
 		}
 	} else {
 		ntlmssp_state->session_key = session_key;
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 2d02a23394..cfcc24a1df 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -325,6 +325,26 @@ void SMBsesskeygen_lmv1(const uchar lm_hash[16],
 #endif
 }
 
+void SMBsesskeygen_lm_sess_key(const uchar lm_hash[16],
+			const uchar lm_resp[24], /* only uses 8 */ 
+			uint8 sess_key[16])
+{
+	uchar p24[24];
+	uchar partial_lm_hash[16];
+	
+	memcpy(partial_lm_hash, lm_hash, 8);
+	memset(partial_lm_hash + 8, 0xbd, 8);    
+
+	SMBOWFencrypt(partial_lm_hash, lm_resp, p24);
+	
+	memcpy(sess_key, p24, 16);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100, ("SMBsesskeygen_lmv1_jerry:\n"));
+	dump_data(100, sess_key, 16);
+#endif
+}
+
 DATA_BLOB NTLMv2_generate_names_blob(const char *hostname, 
 				     const char *domain)
 {
-- 
cgit