Allow the NTLMv2 functions to spit out both possible varients on the session

key, so we can test it in ntlm_auth.

I suspect the 'lm' version doesn't exist, but it's easy to change back.

Andrew Bartlett
(This used to be commit 5efd95622c411f123660b6613b86c7a68bba68e8)

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 9dddb6a1633063a962559833cfedf05d05388b24..982cbfff064cd771fa0b6a0c0fae5fd944b6bd47 100644 (file)
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -261,7 +261,7 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user,
                        server_chal = data_blob(cli->secblob.data, MIN(cli->secblob.length, 8)); 
 
                        if (!SMBNTLMv2encrypt(user, workgroup, pass, server_chal, 
-                                             &lm_response, &nt_response, &session_key)) {
+                                             &lm_response, &nt_response, NULL, &session_key)) {
                                data_blob_free(&server_chal);
                                return False;
                        }

diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index d54655d17f72acdd4c3e52f037855f43ad79b453..356bb0c4fe720c71cfbb08e31df097bc9c4c5f02 100644 (file)
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -501,7 +501,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_client_state *ntlmssp_st
                if (!SMBNTLMv2encrypt(ntlmssp_state->user, 
                                      ntlmssp_state->domain, 
                                      ntlmssp_state->password, challenge_blob, 
-                                     &lm_response, &nt_response, &session_key)) {
+                                     &lm_response, &nt_response, NULL, &session_key)) {
                        data_blob_free(&challenge_blob);
                        return NT_STATUS_NO_MEMORY;
                }

diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 28160d96094d14b245ba53a6840941893c7de4ff..bab18a07b1e9df61b1ba239a6ca0f50d5d31375e 100644 (file)
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -76,10 +76,9 @@ void E_deshash(const char *passwd, uchar p16[16])
 {
        fstring dospwd; 
        ZERO_STRUCT(dospwd);
-       ZERO_STRUCTP(p16);
        
        /* Password must be converted to DOS charset - null terminated, uppercase. */
-       push_ascii(dospwd, (const char *)passwd, sizeof(dospwd), STR_UPPER|STR_TERMINATE);
+       push_ascii(dospwd, passwd, sizeof(dospwd), STR_UPPER|STR_TERMINATE);
 
        /* Only the fisrt 14 chars are considered, password need not be null terminated. */
        E_P16(dospwd, p16);
@@ -324,7 +323,8 @@ static DATA_BLOB NTLMv2_generate_response(uchar ntlm_v2_hash[16],
 BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password, 
                      const DATA_BLOB server_chal, 
                      DATA_BLOB *lm_response, DATA_BLOB *nt_response, 
-                     DATA_BLOB *session_key) 
+                     DATA_BLOB *lm_session_key, 
+                     DATA_BLOB *nt_session_key) 
 {
        uchar nt_hash[16];
        uchar ntlm_v2_hash[16];
@@ -338,18 +338,30 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password
                return False;
        }
        
-       *nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 64 /* pick a number, > 8 */);
+       if (nt_response) {
+               *nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 64 /* pick a number, > 8 */);
+               if (nt_session_key) {
+                       *nt_session_key = data_blob(NULL, 16);
+                       
+                       /* The NTLMv2 calculations also provide a session key, for signing etc later */
+                       /* use only the first 16 bytes of nt_response for session key */
+                       SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, nt_session_key->data);
+               }
+       }
        
        /* LMv2 */
        
-       *lm_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 8);
-       
-       *session_key = data_blob(NULL, 16);
+       if (lm_response) {
+               *lm_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 8);
+               if (lm_session_key) {
+                       *lm_session_key = data_blob(NULL, 16);
+                       
+                       /* The NTLMv2 calculations also provide a session key, for signing etc later */
+                       /* use only the first 16 bytes of nt_response for session key */
+                       SMBsesskeygen_ntv2(ntlm_v2_hash, lm_response->data, lm_session_key->data);
+               }
+       }
        
-       /* The NTLMv2 calculations also provide a session key, for signing etc later */
-       /* use only the first 16 bytes of nt_response for session key */
-       SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, session_key->data);
-
        return True;
 }