diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2003-08-12 05:53:43 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2003-08-12 05:53:43 +0000 |
| commit | d4a5f4fdf97b707b44a0787267e1e4388d1b5388 (patch) | |
| tree | e6c1c3f54c1b65b6f26270444f2bfe84a5c68a0b /source/libsmb/ntlmssp.c | |
| parent | 024d32f79390210bee6da8e75c228a4aaa7fe6b0 (diff) | |
| download | samba-d4a5f4fdf97b707b44a0787267e1e4388d1b5388.tar.gz samba-d4a5f4fdf97b707b44a0787267e1e4388d1b5388.tar.xz samba-d4a5f4fdf97b707b44a0787267e1e4388d1b5388.zip | |
As described in http://davenport.sourceforge.net/ntlm.html add NTLM2
authentication.
NTLM2 is a version of NTLM, that involves both a client and server challenge,
and the creating of a new (presuable more secure) session key.
Unfortunetly this is not quite the same as NTLMv2, and we don't know how to
get the session key. I suggest looking very closely at what MSCHAPv2, and
other MS auth protocols do...
Andrew Bartlett
Diffstat (limited to 'source/libsmb/ntlmssp.c')
| -rw-r--r-- | source/libsmb/ntlmssp.c | 43 |
1 files changed, 40 insertions, 3 deletions
diff --git a/source/libsmb/ntlmssp.c b/source/libsmb/ntlmssp.c index a314aa15dba..47e283dc510 100644 --- a/source/libsmb/ntlmssp.c +++ b/source/libsmb/ntlmssp.c @@ -23,6 +23,12 @@ #include "includes.h" +#if 0 +/* we currently do not know how to get the right session key for this, so + we cannot enable it by default... :-( */ +#define USE_NTLM2 1 +#endif + /** * Print out the NTLMSSP flags for debugging * @param neg_flags The flags from the packet @@ -415,6 +421,10 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_client_state *ntlmssp_stat if (ntlmssp_state->use_ntlmv2) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; } + +#ifdef USE_NTLM2 + ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; +#endif /* generate the ntlmssp negotiate packet */ msrpc_gen(next_request, "CddAA", @@ -560,7 +570,34 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_client_state *ntlmssp_st data_blob_free(&struct_blob); return NT_STATUS_NO_MEMORY; } +#ifdef USE_NTLM2 + } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { + struct MD5Context md5_session_nonce_ctx; + uchar nt_hash[16]; + uchar session_nonce[16]; + E_md4hash(ntlmssp_state->password, nt_hash); + + generate_random_buffer(lm_response.data, 8, False); + memset(lm_response.data+8, 0, 16); + + MD5Init(&md5_session_nonce_ctx); + MD5Update(&md5_session_nonce_ctx, challenge_blob.data, 8); + MD5Update(&md5_session_nonce_ctx, lm_response.data, 8); + MD5Final(session_nonce, &md5_session_nonce_ctx); + + nt_response = data_blob(NULL, 24); + SMBNTencrypt(ntlmssp_state->password, + challenge_blob.data, + nt_response.data); + + /* This is *NOT* the correct session key algorithm - just + fill in the bytes with something... */ + session_key = data_blob(NULL, 16); + SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data); +#endif } else { + + uchar lm_hash[16]; uchar nt_hash[16]; E_deshash(ntlmssp_state->password, lm_hash); @@ -571,15 +608,15 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_client_state *ntlmssp_st lm_response = data_blob(NULL, 24); SMBencrypt(ntlmssp_state->password,challenge_blob.data, lm_response.data); - } + } nt_response = data_blob(NULL, 24); SMBNTencrypt(ntlmssp_state->password,challenge_blob.data, nt_response.data); - + session_key = data_blob(NULL, 16); if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) - && lp_client_lanman_auth()) { + && lp_client_lanman_auth()) { SMBsesskeygen_lmv1(lm_hash, lm_response.data, session_key.data); } else { |