return True;
}
+static void NTLMSSPcalc_ap( struct cli_state *cli, unsigned char *data, int len)
+{
+ unsigned char *hash = cli->ntlmssp_hash;
+ unsigned char index_i = hash[256];
+ unsigned char index_j = hash[257];
+ int ind;
+
+ for( ind = 0; ind < len; ind++)
+ {
+ unsigned char tc;
+ unsigned char t;
+
+ index_i++;
+ index_j += hash[index_i];
+
+ tc = hash[index_i];
+ hash[index_i] = hash[index_j];
+ hash[index_j] = tc;
+
+ t = hash[index_i] + hash[index_j];
+ data[ind] = data[ind] ^ hash[t];
+ }
+
+ hash[256] = index_i;
+ hash[257] = index_j;
+}
+
/****************************************************************************
decrypt data on an rpc pipe
****************************************************************************/
{
DEBUG(10,("rpc_auth_pipe: seal\n"));
dump_data(100, reply_data, data_len);
- NTLMSSPcalc(cli->ntlmssp_hash, (uchar*)reply_data, data_len);
+ NTLMSSPcalc_ap(cli, (uchar*)reply_data, data_len);
dump_data(100, reply_data, data_len);
}
DEBUG(10,("rpc_auth_pipe: verify\n"));
dump_data(100, data, auth_len);
- NTLMSSPcalc(cli->ntlmssp_hash, (uchar*)(data+4), auth_len - 4);
+ NTLMSSPcalc_ap(cli, (uchar*)(data+4), auth_len - 4);
prs_init(&auth_verf, 0x08, 4, 0, True);
memcpy(auth_verf.data->data, data, 16);
smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0);
if (auth_seal)
{
crc32 = crc32_calc_buffer(data->offset, mem_data(&data->data, 0));
- NTLMSSPcalc(cli->ntlmssp_hash, (uchar*)mem_data(&data->data, 0), data->offset);
+ NTLMSSPcalc_ap(cli, (uchar*)mem_data(&data->data, 0), data->offset);
}
if (auth_seal || auth_verify)
make_rpc_auth_ntlmssp_chk(&chk, NTLMSSP_SIGN_VERSION, crc32, cli->ntlmssp_seq_num++);
smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0);
- NTLMSSPcalc(cli->ntlmssp_hash, (uchar*)mem_data(&auth_verf.data, 4), 12);
+ NTLMSSPcalc_ap(cli, (uchar*)mem_data(&auth_verf.data, 4), 12);
}
if (auth_seal || auth_verify)
pwd_get_lm_nt_owf(&cli->pwd, lm_owf, NULL);
pwd_get_lm_nt_16(&cli->pwd, lm_hash, NULL);
NTLMSSPOWFencrypt(lm_hash, lm_owf, p24);
- NTLMSSPhash(cli->ntlmssp_hash, p24);
+ {
+ unsigned char j = 0;
+ int ind;
+ unsigned char k2[8];
+
+ memcpy(k2, p24, 5);
+ k2[5] = 0xe5;
+ k2[6] = 0x38;
+ k2[7] = 0xb0;
+
+ for (ind = 0; ind < 256; ind++)
+ {
+ cli->ntlmssp_hash[ind] = (unsigned char)ind;
+ }
+
+ for( ind = 0; ind < 256; ind++)
+ {
+ unsigned char tc;
+
+ j += (cli->ntlmssp_hash[ind] + k2[ind%8]);
+
+ tc = cli->ntlmssp_hash[ind];
+ cli->ntlmssp_hash[ind] = cli->ntlmssp_hash[j];
+ cli->ntlmssp_hash[j] = tc;
+ }
+
+ cli->ntlmssp_hash[256] = 0;
+ cli->ntlmssp_hash[257] = 0;
+ }
+/* NTLMSSPhash(cli->ntlmssp_hash, p24); */
bzero(lm_hash, sizeof(lm_hash));
/* this is a hack due to limitations in rpc_api_pipe */