From d4954eff579517f4a2189565bf7d49f119c886a2 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 5 Jan 2004 00:11:35 +0000
Subject: Make it clear that we cannot sign if we don't have a session key.
 (This used to be commit a2f6dec05b3b30292ec3e42808dc89f1bf5c7ab4)

---
 source3/libsmb/ntlmssp_sign.c | 57 ++++++++++++++++++++++++++++++++-----------
 1 file changed, 43 insertions(+), 14 deletions(-)

diff --git a/source3/libsmb/ntlmssp_sign.c b/source3/libsmb/ntlmssp_sign.c
index ea1a7037c9..6ce7a76743 100644
--- a/source3/libsmb/ntlmssp_sign.c
+++ b/source3/libsmb/ntlmssp_sign.c
@@ -53,7 +53,7 @@ static void NTLMSSPcalc_ap( unsigned char *hash, unsigned char *data, int len)
     hash[257] = index_j;
 }
 
-static void calc_hash(unsigned char *hash, const char *k2, int k2l)
+static void calc_hash(unsigned char hash[258], const char *k2, int k2l)
 {
 	unsigned char j = 0;
 	int ind;
@@ -78,7 +78,7 @@ static void calc_hash(unsigned char *hash, const char *k2, int k2l)
 	hash[257] = 0;
 }
 
-static void calc_ntlmv2_hash(unsigned char hash[16], char digest[16],
+static void calc_ntlmv2_hash(unsigned char hash[258], unsigned char digest[16],
 			     DATA_BLOB session_key, 
 			     const char *constant)
 {
@@ -91,8 +91,8 @@ static void calc_ntlmv2_hash(unsigned char hash[16], char digest[16],
 
 	MD5Init(&ctx3);
 	MD5Update(&ctx3, session_key.data, session_key.length);
-	MD5Update(&ctx3, (const unsigned char *)constant, strlen(constant));
-	MD5Final((unsigned char *)digest, &ctx3);
+	MD5Update(&ctx3, (const unsigned char *)constant, strlen(constant)+1);
+	MD5Final(digest, &ctx3);
 
 	calc_hash(hash, digest, 16);
 }
@@ -109,12 +109,12 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
 {
 	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
 		HMACMD5Context ctx;
-		char seq_num[4];
+		uchar seq_num[4];
 		uchar digest[16];
 		SIVAL(seq_num, 0, ntlmssp_state->ntlmssp_seq_num);
 
 		hmac_md5_init_limK_to_64((const unsigned char *)(ntlmssp_state->send_sign_const), 16, &ctx);
-		hmac_md5_update((const unsigned char *)seq_num, 4, &ctx);
+		hmac_md5_update(seq_num, 4, &ctx);
 		hmac_md5_update(data, length, &ctx);
 		hmac_md5_final(digest, &ctx);
 
@@ -122,13 +122,16 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
 			       , ntlmssp_state->ntlmssp_seq_num)) {
 			return NT_STATUS_NO_MEMORY;
 		}
-		switch (direction) {
-		case NTLMSSP_SEND:
-			NTLMSSPcalc_ap(ntlmssp_state->send_sign_hash,  sig->data+4, sig->length-4);
-			break;
-		case NTLMSSP_RECEIVE:
-			NTLMSSPcalc_ap(ntlmssp_state->recv_sign_hash,  sig->data+4, sig->length-4);
-			break;
+
+		if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
+			switch (direction) {
+			case NTLMSSP_SEND:
+				NTLMSSPcalc_ap(ntlmssp_state->send_sign_hash,  sig->data+4, sig->length-4);
+				break;
+			case NTLMSSP_RECEIVE:
+				NTLMSSPcalc_ap(ntlmssp_state->recv_sign_hash,  sig->data+4, sig->length-4);
+				break;
+			}
 		}
 	} else {
 		uint32 crc;
@@ -148,7 +151,13 @@ NTSTATUS ntlmssp_sign_packet(NTLMSSP_STATE *ntlmssp_state,
 				    const uchar *data, size_t length, 
 				    DATA_BLOB *sig) 
 {
-	NTSTATUS nt_status = ntlmssp_make_packet_signature(ntlmssp_state, data, length, NTLMSSP_SEND, sig);
+	NTSTATUS nt_status;
+	if (!ntlmssp_state->session_key.length) {
+		DEBUG(3, ("NO session key, cannot check sign packet\n"));
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+
+	nt_status = ntlmssp_make_packet_signature(ntlmssp_state, data, length, NTLMSSP_SEND, sig);
 
 	/* increment counter on send */
 	ntlmssp_state->ntlmssp_seq_num++;
@@ -168,6 +177,11 @@ NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state,
 	DATA_BLOB local_sig;
 	NTSTATUS nt_status;
 
+	if (!ntlmssp_state->session_key.length) {
+		DEBUG(3, ("NO session key, cannot check packet signature\n"));
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+
 	if (sig->length < 8) {
 		DEBUG(0, ("NTLMSSP packet check failed due to short signature (%lu bytes)!\n", 
 			  (unsigned long)sig->length));
@@ -208,6 +222,11 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state,
 			     uchar *data, size_t length,
 			     DATA_BLOB *sig)
 {	
+	if (!ntlmssp_state->session_key.length) {
+		DEBUG(3, ("NO session key, cannot seal packet\n"));
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+
 	DEBUG(10,("ntlmssp_seal_data: seal\n"));
 	dump_data_pw("ntlmssp clear data\n", data, length);
 	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
@@ -270,6 +289,11 @@ NTSTATUS ntlmssp_unseal_packet(NTLMSSP_STATE *ntlmssp_state,
 				      uchar *data, size_t length,
 				      DATA_BLOB *sig)
 {
+	if (!ntlmssp_state->session_key.length) {
+		DEBUG(3, ("NO session key, cannot unseal packet\n"));
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+
 	DEBUG(10,("ntlmssp__unseal_data: seal\n"));
 	dump_data_pw("ntlmssp sealed data\n", data, length);
 	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
@@ -295,6 +319,11 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state)
 	DEBUG(3, ("NTLMSSP Sign/Seal - Initialising with flags:\n"));
 	debug_ntlmssp_flags(ntlmssp_state->neg_flags);
 
+	if (!ntlmssp_state->session_key.length) {
+		DEBUG(3, ("NO session key, cannot intialise signing\n"));
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+
 	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
 	{
 		const char *send_sign_const;
-- 
cgit