From b65e6f0c0da1ecb8d1b05a4190c1dc77ed9b465e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 6 Jan 2010 15:45:38 +0100 Subject: s3:ntlmssp: inline ntlmssp_weaken_keys() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit metze Signed-off-by: Günther Deschner --- source3/libsmb/ntlmssp.c | 41 ----------------------------------------- 1 file changed, 41 deletions(-) (limited to 'source3/libsmb/ntlmssp.c') diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index 1ca9810b5d..4c1fd24e3b 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -438,47 +438,6 @@ static void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state, } } -/** - Weaken NTLMSSP keys to cope with down-level clients and servers. - - We probably should have some parameters to control this, but as - it only occours for LM_KEY connections, and this is controlled - by the client lanman auth/lanman auth parameters, it isn't too bad. -*/ - -DATA_BLOB ntlmssp_weaken_keys(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx) -{ - DATA_BLOB weakened_key = data_blob_talloc(mem_ctx, - ntlmssp_state->session_key.data, - ntlmssp_state->session_key.length); - - /* Nothing to weaken. We certainly don't want to 'extend' the length... */ - if (weakened_key.length < 16) { - /* perhaps there was no key? */ - return weakened_key; - } - - /* Key weakening not performed on the master key for NTLM2 - and does not occour for NTLM1. Therefore we only need - to do this for the LM_KEY. - */ - - if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) { - /* LM key doesn't support 128 bit crypto, so this is - * the best we can do. If you negotiate 128 bit, but - * not 56, you end up with 40 bit... */ - if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) { - weakened_key.data[7] = 0xa0; - } else { /* forty bits */ - weakened_key.data[5] = 0xe5; - weakened_key.data[6] = 0x38; - weakened_key.data[7] = 0xb0; - } - weakened_key.length = 8; - } - return weakened_key; -} - /** * Next state function for the Negotiate packet * -- cgit