From 18bc0b2bc231825dc650c4e6cef73e277d3f2a54 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 17 Dec 2003 06:18:41 +0000 Subject: Make sure we correctly generate the lm session key. This fixes a problem joining a Samba domain from a vanilla win2k client that doesn't set the NTLMSSP_NEGOTIATE_NTLM2 flag. Reported on samba ml as "decode_pw: incorrect password length" when handling a samr_set_userinfo(23 or 24) RPC. (This used to be commit 14558c942beb05cd12c0e40c1bb30c3dcde8ce48) --- source3/libsmb/ntlmssp.c | 8 ++++++-- source3/libsmb/smbencrypt.c | 20 ++++++++++++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) (limited to 'source3/libsmb') diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index ca1aa67403..3cfd6d2043 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -660,6 +660,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); hmac_md5(nt_session_key.data, session_nonce, sizeof(session_nonce), session_key.data); + DEBUG(10,("NTLM2 session key set\n")); dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length); } @@ -667,12 +668,14 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, if (lm_session_key.data && lm_session_key.length >= 8 && ntlmssp_state->lm_resp.data && ntlmssp_state->lm_resp.length == 24) { session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); - SMBsesskeygen_lmv1(lm_session_key.data, ntlmssp_state->lm_resp.data, + SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state->lm_resp.data, session_key.data); + DEBUG(10,("LM KEY session key set\n")); dump_data_pw("LM session key:\n", session_key.data, session_key.length); } } else if (nt_session_key.data) { session_key = nt_session_key; + DEBUG(10,("unmodified session key set\n")); dump_data_pw("unmodified session key:\n", session_key.data, session_key.length); } @@ -695,7 +698,8 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, ntlmssp_state->session_key = data_blob_talloc(ntlmssp_state->mem_ctx, encrypted_session_key.data, encrypted_session_key.length); - dump_data_pw("KEY_EXCH session key:\n", session_key.data, session_key.length); + dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, + encrypted_session_key.length); } } else { ntlmssp_state->session_key = session_key; diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 2d02a23394..cfcc24a1df 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -325,6 +325,26 @@ void SMBsesskeygen_lmv1(const uchar lm_hash[16], #endif } +void SMBsesskeygen_lm_sess_key(const uchar lm_hash[16], + const uchar lm_resp[24], /* only uses 8 */ + uint8 sess_key[16]) +{ + uchar p24[24]; + uchar partial_lm_hash[16]; + + memcpy(partial_lm_hash, lm_hash, 8); + memset(partial_lm_hash + 8, 0xbd, 8); + + SMBOWFencrypt(partial_lm_hash, lm_resp, p24); + + memcpy(sess_key, p24, 16); + +#ifdef DEBUG_PASSWORD + DEBUG(100, ("SMBsesskeygen_lmv1_jerry:\n")); + dump_data(100, sess_key, 16); +#endif +} + DATA_BLOB NTLMv2_generate_names_blob(const char *hostname, const char *domain) { -- cgit