From 60e458b33b67aa0634bdf1196b467e3e406432a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Wed, 20 Dec 2006 00:38:43 +0000
Subject: [PATCH] Add NTLM_NEG_NTLM2_SESSION, NTLMv2 session security (disable
 because missing sign and seal).

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19465 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/gssapi/ntlm/init_sec_context.c | 33 ++++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/lib/gssapi/ntlm/init_sec_context.c b/lib/gssapi/ntlm/init_sec_context.c
index a5a7eaf8f..9c78f2150 100644
--- a/lib/gssapi/ntlm/init_sec_context.c
+++ b/lib/gssapi/ntlm/init_sec_context.c
@@ -140,9 +140,15 @@ _gss_ntlm_init_sec_context
 	else
 	    flags |= NTLM_NEG_ALWAYS_SIGN;
 
+	flags |= NTLM_NEG_UNICODE;
+	flags |= NTLM_NEG_NTLM;
+#if 0
+	flags |= NTLM_NEG_NTLM2_SESSION;
+#endif
+
 	memset(&type1, 0, sizeof(type1));
 	
-	type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_NTLM | flags;
+	type1.flags = flags;
 	type1.domain = name->domain;
 	type1.hostname = NULL;
 	type1.os[0] = 0;
@@ -191,11 +197,34 @@ _gss_ntlm_init_sec_context
 	{
 	    struct ntlm_buf key;
 	    struct ntlm_buf sessionkey;
+	    unsigned char challange[8];
+
 	    heim_ntlm_nt_key(ctx->password, &key);
 	    memset(ctx->password, 0, strlen(ctx->password));
 
+	    if (type2.flags & NTLM_NEG_NTLM2_SESSION) {
+		unsigned char sessionhash[MD5_DIGEST_LENGTH];
+		MD5_CTX md5ctx;
+
+		type3.lm.data = calloc(1, 24);
+		type3.lm.length = 24;
+		
+		if (RAND_bytes(type3.lm.data, 8) != 1)
+		    abort();
+
+		MD5_Init(&md5ctx);
+		MD5_Update(&md5ctx, type2.challange, sizeof(type2.challange));
+		MD5_Update(&md5ctx, type3.lm.data, 8);
+		MD5_Final(sessionhash, &md5ctx);
+
+		memcpy(challange, sessionhash, 8);
+	    } else {
+		memcpy(challange, type2.challange, 8);
+	    }
+
+
 	    heim_ntlm_calculate_ntlm1(key.data, key.length,
-				      type2.challange,
+				      challange,
 				      &type3.ntlm);
 
 	    ret = heim_ntlm_build_ntlm1_master(key.data, key.length,