Make sure we correctly generate the lm session key.

This fixes a problem joining a Samba domain from a
vanilla win2k client that doesn't set the
NTLMSSP_NEGOTIATE_NTLM2 flag.

Reported on samba ml as "decode_pw: incorrect password length"
when handling a samr_set_userinfo(23 or 24) RPC.
(This used to be commit ef4ab8d7c497e4229d0c1deeb20d05c95bd8feb9)

source3/libsmb/ntlmssp.c

@@ -660,6 +660,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
 			session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16);
 			hmac_md5(nt_session_key.data, session_nonce, 
 				 sizeof(session_nonce), session_key.data);
+			DEBUG(10,("NTLM2 session key set\n"));
 			dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length);
 
 		}
@@ -667,12 +668,14 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
 		if (lm_session_key.data && lm_session_key.length >= 8 && 
 		    ntlmssp_state->lm_resp.data && ntlmssp_state->lm_resp.length == 24) {
 			session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16);
-			SMBsesskeygen_lmv1(lm_session_key.data, ntlmssp_state->lm_resp.data, 
+			SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state->lm_resp.data, 
 					   session_key.data);
+			DEBUG(10,("LM KEY session key set\n"));
 			dump_data_pw("LM session key:\n", session_key.data, session_key.length);
 		}
 	} else if (nt_session_key.data) {
 		session_key = nt_session_key;
+		DEBUG(10,("unmodified session key set\n"));
 		dump_data_pw("unmodified session key:\n", session_key.data, session_key.length);
 	}
 
@@ -695,7 +698,8 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
 			ntlmssp_state->session_key = data_blob_talloc(ntlmssp_state->mem_ctx, 
 								      encrypted_session_key.data, 
 								      encrypted_session_key.length);
-			dump_data_pw("KEY_EXCH session key:\n", session_key.data, session_key.length);
+			dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, 
+				encrypted_session_key.length);
 		}
 	} else {
 		ntlmssp_state->session_key = session_key;

source3/libsmb/smbencrypt.c

@@ -325,6 +325,26 @@ void SMBsesskeygen_lmv1(const uchar lm_hash[16],
 #endif
 }
 
+void SMBsesskeygen_lm_sess_key(const uchar lm_hash[16],
+			const uchar lm_resp[24], /* only uses 8 */ 
+			uint8 sess_key[16])
+{
+	uchar p24[24];
+	uchar partial_lm_hash[16];
+	
+	memcpy(partial_lm_hash, lm_hash, 8);
+	memset(partial_lm_hash + 8, 0xbd, 8);    
+
+	SMBOWFencrypt(partial_lm_hash, lm_resp, p24);
+	
+	memcpy(sess_key, p24, 16);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100, ("SMBsesskeygen_lmv1_jerry:\n"));
+	dump_data(100, sess_key, 16);
+#endif
+}
+
 DATA_BLOB NTLMv2_generate_names_blob(const char *hostname, 
 				     const char *domain)
 {