sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-09-11 09:44:19 +03:00
Code Activity

Further extract our NTLMv2 code into smbencrypt.c, prior to merge into our

Browse Source 
NTLMSSP client code.

Andrew Bartlett
(This used to be commit eaa8e7d1f8)
This commit is contained in:
Andrew Bartlett
2003-02-14 10:47:07 +00:00
parent dc75b89bfc
commit 938fd5652d
2 changed files with 51 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
source3/libsmb/cliconnect.c
View File

@@ -272,39 +272,27 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user,
uint32 capabilities = cli_session_setup_capabilities(cli); uint32 capabilities = cli_session_setup_capabilities(cli);
DATA_BLOB lm_response = data_blob(NULL, 0); DATA_BLOB lm_response = data_blob(NULL, 0);
DATA_BLOB nt_response = data_blob(NULL, 0); DATA_BLOB nt_response = data_blob(NULL, 0);
uchar user_session_key[16]; DATA_BLOB session_key = data_blob(NULL, 0);
BOOL ret = False;
char *p; char *p;
BOOL have_plaintext = False;
if (passlen != 24) { if (passlen != 24) {
uchar nt_hash[16];
E_md4hash(pass, nt_hash);
if (lp_client_ntlmv2_auth()) { if (lp_client_ntlmv2_auth()) {
uchar ntlm_v2_hash[16];
DATA_BLOB server_chal; DATA_BLOB server_chal;
server_chal = data_blob(cli->secblob.data, MIN(cli->secblob.length, 8)); server_chal = data_blob(cli->secblob.data, MIN(cli->secblob.length, 8));
/* We don't use the NT# directly. Instead we use it mashed up with if (!SMBNTLMv2encrypt(user, workgroup, pass, server_chal,
the username and domain. &lm_response, &nt_response, &session_key)) {
This prevents username swapping during the auth exchange data_blob_free(&server_chal);
*/
if (!ntv2_owf_gen(nt_hash, user, workgroup, ntlm_v2_hash)) {
return False; return False;
} }
data_blob_free(&server_chal);
nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 64 /* pick a number, > 8 */);
/* LMv2 */
lm_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 8);
/* The NTLMv2 calculations also provide a session key, for signing etc later */
/* use only the first 16 bytes of nt_response for session key */
SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response.data, user_session_key);
} else { } else {
uchar nt_hash[16];
E_md4hash(pass, nt_hash);
/* non encrypted password supplied. Ignore ntpass. */ /* non encrypted password supplied. Ignore ntpass. */
if (lp_client_lanman_auth()) { if (lp_client_lanman_auth()) {
lm_response = data_blob(NULL, 24); lm_response = data_blob(NULL, 24);
@@ -313,10 +301,10 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user,
nt_response = data_blob(NULL, 24); nt_response = data_blob(NULL, 24);
SMBNTencrypt(pass,cli->secblob.data,nt_response.data); SMBNTencrypt(pass,cli->secblob.data,nt_response.data);
SMBsesskeygen_ntv1(nt_hash, NULL, user_session_key); session_key = data_blob(NULL, 16);
SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
} }
have_plaintext = True;
set_temp_signing_on_cli(cli); set_temp_signing_on_cli(cli);
} else { } else {
/* pre-encrypted password supplied. Only used for /* pre-encrypted password supplied. Only used for
@@ -356,17 +344,15 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user,
cli_setup_bcc(cli, p); cli_setup_bcc(cli, p);
if (!cli_send_smb(cli) || !cli_receive_smb(cli)) { if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
data_blob_free(&lm_response); ret = False;
data_blob_free(&nt_response); goto end;
return False;
} }
show_msg(cli->inbuf); show_msg(cli->inbuf);
if (cli_is_error(cli)) { if (cli_is_error(cli)) {
data_blob_free(&lm_response); ret = False;
data_blob_free(&nt_response); goto end;
return False;
} }
/* use the returned vuid from now on */ /* use the returned vuid from now on */
@@ -379,13 +365,15 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user,
fstrcpy(cli->user_name, user); fstrcpy(cli->user_name, user);
if (have_plaintext) { if (session_key.data) {
/* Have plaintext orginal */ /* Have plaintext orginal */
set_signing_on_cli(cli, user_session_key, nt_response); set_signing_on_cli(cli, session_key.data, nt_response);
} }
end:
data_blob_free(&lm_response); data_blob_free(&lm_response);
data_blob_free(&nt_response); data_blob_free(&nt_response);
data_blob_free(&session_key);
return True; return True;
} }

31
source3/libsmb/smbencrypt.c
View File

@@ -321,6 +321,37 @@ DATA_BLOB NTLMv2_generate_response(uchar ntlm_v2_hash[16],
return final_response; return final_response;
} }
BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password,
const DATA_BLOB server_chal,
DATA_BLOB *lm_response, DATA_BLOB *nt_response,
DATA_BLOB *session_key)
{
uchar nt_hash[16];
uchar ntlm_v2_hash[16];
E_md4hash(password, nt_hash);
/* We don't use the NT# directly. Instead we use it mashed up with
the username and domain.
This prevents username swapping during the auth exchange
*/
if (!ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash)) {
return False;
}
*nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 64 /* pick a number, > 8 */);
/* LMv2 */
*lm_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 8);
*session_key = data_blob(NULL, 16);
/* The NTLMv2 calculations also provide a session key, for signing etc later */
/* use only the first 16 bytes of nt_response for session key */
SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, session_key->data);
return True;
}
/*********************************************************** /***********************************************************
encode a password buffer. The caller gets to figure out encode a password buffer. The caller gets to figure out