From d296c675037ac6486264ac653bd2fe4ab38e4045 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Thu, 28 Dec 2006 14:08:25 +0000
Subject: [PATCH] Set dummy ntlmv2 keys.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19528 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/gssapi/ntlm/init_sec_context.c | 54 ++++++++++++++++++++++++------
 1 file changed, 43 insertions(+), 11 deletions(-)

diff --git a/lib/gssapi/ntlm/init_sec_context.c b/lib/gssapi/ntlm/init_sec_context.c
index dce9f87d7..6098f7660 100644
--- a/lib/gssapi/ntlm/init_sec_context.c
+++ b/lib/gssapi/ntlm/init_sec_context.c
@@ -142,9 +142,7 @@ _gss_ntlm_init_sec_context
 
 	flags |= NTLM_NEG_UNICODE;
 	flags |= NTLM_NEG_NTLM;
-#if 0
 	flags |= NTLM_NEG_NTLM2_SESSION;
-#endif
 	flags |= NTLM_NEG_KEYEX;
 
 	memset(&type1, 0, sizeof(type1));
@@ -200,7 +198,6 @@ _gss_ntlm_init_sec_context
 	 * NTLM Version 1 if no targetinfo buffer.
 	 */
 
-	/* XXX disable ntlmv2 since we can't handle wrap/unwrap */
 	if (1 || type2.targetinfo.length == 0) {
 	    struct ntlm_buf key;
 	    struct ntlm_buf sessionkey;
@@ -270,19 +267,28 @@ _gss_ntlm_init_sec_context
 	    }
 	    ctx->status |= STATUS_SESSIONKEY; 
 
-	    RC4_set_key(&ctx->crypto_recv.key, 
-			ctx->sessionkey.length,
-			ctx->sessionkey.data);
-	    RC4_set_key(&ctx->crypto_send.key, 
-			ctx->sessionkey.length,
-			ctx->sessionkey.data);
-
 	} else {
 	    struct ntlm_buf key;
 	    struct ntlm_buf sessionkey;
 	    unsigned char ntlmv2[16];
+	    struct ntlm_targetinfo ti;
 
 	    /* verify infotarget */
+	    
+	    ret = heim_ntlm_decode_targetinfo(&type2.targetinfo, 1, &ti);
+	    if(ret) {
+		_gss_ntlm_delete_sec_context(minor_status, 
+					     context_handle, NULL);
+		*minor_status = ret;
+		return GSS_S_FAILURE;
+	    }
+
+	    if (ti.domainname && strcmp(ti.domainname, name->domain) != 0) {
+		_gss_ntlm_delete_sec_context(minor_status, 
+					     context_handle, NULL);
+		*minor_status = EINVAL;
+		return GSS_S_FAILURE;
+	    }
 
 	    heim_ntlm_nt_key(ctx->password, &key);
 	    memset(ctx->password, 0, strlen(ctx->password));
@@ -314,11 +320,37 @@ _gss_ntlm_init_sec_context
 		return GSS_S_FAILURE;
 	    }
 	    
-	    /* set session key in ctx */
+	    ctx->flags |= NTLM_NEG_NTLM2_SESSION;
 
+	    ret = krb5_data_copy(&ctx->sessionkey, 
+				 sessionkey.data, sessionkey.length);
 	    free(sessionkey.data);
 	}
 
+	if (ctx->flags & NTLM_NEG_NTLM2_SESSION) {
+	    ctx->status |= STATUS_SESSIONKEY; 
+	    ctx->u.v2.send.seq = 0;
+	    RC4_set_key(&ctx->u.v2.send.sealkey, 
+			ctx->sessionkey.length,
+			ctx->sessionkey.data);
+	    memcpy(ctx->u.v2.send.signkey, ctx->sessionkey.data, 16);
+	    ctx->u.v2.recv.seq = 0;
+	    RC4_set_key(&ctx->u.v2.recv.sealkey, 
+			ctx->sessionkey.length,
+			ctx->sessionkey.data);
+	    memcpy(ctx->u.v2.recv.signkey, ctx->sessionkey.data, 16);
+	} else {
+	    ctx->status |= STATUS_SESSIONKEY; 
+	    RC4_set_key(&ctx->u.v1.crypto_recv.key, 
+			ctx->sessionkey.length,
+			ctx->sessionkey.data);
+	    RC4_set_key(&ctx->u.v1.crypto_send.key, 
+			ctx->sessionkey.length,
+			ctx->sessionkey.data);
+	}
+	
+
+
 	ret = heim_ntlm_encode_type3(&type3, &data);
 	free(type3.sessionkey.data);
 	if (type3.lm.data)