&& ntlmssp_state->allow_lm_key && lm_session_key.length == 16) {
DATA_BLOB new_session_key = data_blob_talloc(mem_ctx, NULL, 16);
if (lm_response.length == 24) {
- SMBsesskeygen_lm_sess_key(lm_session_key.data, lm_response.data,
- new_session_key.data);
+ nt_status = SMBsesskeygen_lm_sess_key(lm_session_key.data,
+ lm_response.data,
+ new_session_key.data);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
} else {
static const uint8_t zeros[24];
- SMBsesskeygen_lm_sess_key(lm_session_key.data, zeros,
- new_session_key.data);
+ nt_status = SMBsesskeygen_lm_sess_key(lm_session_key.data,
+ zeros,
+ new_session_key.data);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
}
session_key = new_session_key;
dump_data_pw("LM session key\n", session_key.data, session_key.length);
if (session_key.data == NULL) {
return NT_STATUS_NO_MEMORY;
}
- SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state->lm_resp.data,
- session_key.data);
+ nt_status = SMBsesskeygen_lm_sess_key(lm_session_key.data,
+ ntlmssp_state->lm_resp.data,
+ session_key.data);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
} else {
static const uint8_t zeros[24] = {0, };
if (session_key.data == NULL) {
return NT_STATUS_NO_MEMORY;
}
- SMBsesskeygen_lm_sess_key(zeros, zeros,
- session_key.data);
+ nt_status = SMBsesskeygen_lm_sess_key(zeros, zeros,
+ session_key.data);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
}
dump_data_pw("LM session key:\n", session_key.data,
const uint8_t *nt_resp,
uint8_t sess_key[16]);
void SMBsesskeygen_ntv1(const uint8_t kr[16], uint8_t sess_key[16]);
-void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
- const uint8_t lm_resp[24], /* only uses 8 */
- uint8_t sess_key[16]);
+NTSTATUS SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
+ const uint8_t lm_resp[24], /* only uses 8 */
+ uint8_t sess_key[16]);
DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx,
const char *hostname,
const char *domain);
#endif
}
-void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
+NTSTATUS SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
const uint8_t lm_resp[24], /* only uses 8 */
uint8_t sess_key[16])
{
but changes with each session) */
uint8_t p24[24];
uint8_t partial_lm_hash[14];
+ int rc;
memcpy(partial_lm_hash, lm_hash, 8);
memset(partial_lm_hash + 8, 0xbd, 6);
- des_crypt56(p24, lm_resp, partial_lm_hash, 1);
- des_crypt56(p24+8, lm_resp, partial_lm_hash + 7, 1);
+ rc = des_crypt56_gnutls(p24, lm_resp, partial_lm_hash, SAMBA_GNUTLS_ENCRYPT);
+ if (rc < 0) {
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+ }
+ rc = des_crypt56_gnutls(p24+8, lm_resp, partial_lm_hash + 7, SAMBA_GNUTLS_ENCRYPT);
+ if (rc < 0) {
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+ }
memcpy(sess_key, p24, 16);
DEBUG(100, ("SMBsesskeygen_lm_sess_key: \n"));
dump_data(100, sess_key, 16);
#endif
+
+ return NT_STATUS_OK;
}
DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx,
};
uint8_t crypt_sess_key[16];
+ NTSTATUS status;
- SMBsesskeygen_lm_sess_key(lm_hash, lm_resp, crypt_sess_key);
+ status = SMBsesskeygen_lm_sess_key(lm_hash, lm_resp, crypt_sess_key);
+ assert_true(NT_STATUS_IS_OK(status));
assert_memory_equal(crypt_sess_key, crypt_expected, 16);
}