From 96145a7a51cc30731f0d72e78b884f5a8038ee26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Wed, 20 Dec 2006 00:19:46 +0000 Subject: [PATCH] Add support for generating NTLM2 session security answer. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19463 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kdc/digest.c | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/kdc/digest.c b/kdc/digest.c index 64ff49d96..20904d853 100644 --- a/kdc/digest.c +++ b/kdc/digest.c @@ -660,10 +660,19 @@ _kdc_do_digest(krb5_context context, } r.u.ntlmInitReply.flags |= - (ireq.u.ntlmInit.flags & (NTLM_NEG_SIGN|NTLM_NEG_SEAL)) | NTLM_NEG_TARGET_DOMAIN | NTLM_ENC_128; +#define ALL \ + NTLM_NEG_SIGN| \ + NTLM_NEG_SEAL| \ + NTLM_NEG_ALWAYS_SIGN| \ + NTLM_NEG_NTLM2_SESSION + + r.u.ntlmInitReply.flags |= (ireq.u.ntlmInit.flags & (ALL)); + +#undef ALL + targetname = strdup(krb5_principal_get_realm(context, client->entry.principal)); @@ -804,6 +813,23 @@ _kdc_do_digest(krb5_context context, goto out; } + if (flags & NTLM_NEG_NTLM2_SESSION) { + char sessionhash[MD5_DIGEST_LENGTH]; + MD5_CTX md5ctx; + + if (ireq.u.ntlmRequest.lm.length != 24) { + krb5_set_error_string(context, "LM hash have wrong length " + "for NTLM session key"); + goto out; + } + + MD5_Init(&md5ctx); + MD5_Update(&md5ctx, challange, sizeof(challange)); + MD5_Update(&md5ctx, ireq.u.ntlmRequest.lm.data, 8); + MD5_Final(sessionhash, &md5ctx); + memcpy(challange, sessionhash, sizeof(challange)); + } + ret = heim_ntlm_calculate_ntlm1(key->key.keyvalue.data, key->key.keyvalue.length, challange, &answer); @@ -830,8 +856,8 @@ _kdc_do_digest(krb5_context context, if (ireq.u.ntlmRequest.sessionkey->length != sizeof(masterkey)){ krb5_set_error_string(context, - "NTLM master key wrong length: %d", - ireq.u.ntlmRequest.sessionkey->length); + "NTLM master key wrong length: %lu", + (unsigned long)ireq.u.ntlmRequest.sessionkey->length); goto out; }