列挙型 | |
enum | ntlmssp_direction { NTLMSSP_SEND, NTLMSSP_RECEIVE } |
関数 | |
static void | calc_ntlmv2_key (unsigned char subkey[16], DATA_BLOB session_key, const char *constant) |
Some notes on then NTLM2 code: | |
static NTSTATUS | ntlmssp_make_packet_signature (NTLMSSP_STATE *ntlmssp_state, const uchar *data, size_t length, const uchar *whole_pdu, size_t pdu_length, enum ntlmssp_direction direction, DATA_BLOB *sig, BOOL encrypt_sig) |
NTSTATUS | ntlmssp_sign_packet (NTLMSSP_STATE *ntlmssp_state, const uchar *data, size_t length, const uchar *whole_pdu, size_t pdu_length, DATA_BLOB *sig) |
NTSTATUS | ntlmssp_check_packet (NTLMSSP_STATE *ntlmssp_state, const uchar *data, size_t length, const uchar *whole_pdu, size_t pdu_length, const DATA_BLOB *sig) |
Check the signature of an incoming packet | |
NTSTATUS | ntlmssp_seal_packet (NTLMSSP_STATE *ntlmssp_state, uchar *data, size_t length, uchar *whole_pdu, size_t pdu_length, DATA_BLOB *sig) |
Seal data with the NTLMSSP algorithm | |
NTSTATUS | ntlmssp_unseal_packet (NTLMSSP_STATE *ntlmssp_state, uchar *data, size_t length, uchar *whole_pdu, size_t pdu_length, DATA_BLOB *sig) |
Unseal data with the NTLMSSP algorithm | |
NTSTATUS | ntlmssp_sign_init (NTLMSSP_STATE *ntlmssp_state) |
Initialise the state for NTLMSSP signing. |
enum ntlmssp_direction |
static void calc_ntlmv2_key | ( | unsigned char | subkey[16], | |
DATA_BLOB | session_key, | |||
const char * | constant | |||
) | [static] |
Some notes on then NTLM2 code:
NTLM2 is a AEAD system. This means that the data encrypted is not all the data that is signed. In DCE-RPC case, the headers of the DCE-RPC packets are also signed. This prevents some of the fun-and-games one might have by changing them.
ntlmssp_sign.c の 39 行で定義されています。
参照先 data_blob_::data・data_blob_::length・MD5Final()・MD5Init()・MD5Update().
参照元 ntlmssp_sign_init().
00042 { 00043 struct MD5Context ctx3; 00044 MD5Init(&ctx3); 00045 MD5Update(&ctx3, session_key.data, session_key.length); 00046 MD5Update(&ctx3, (const unsigned char *)constant, strlen(constant)+1); 00047 MD5Final(subkey, &ctx3); 00048 }
static NTSTATUS ntlmssp_make_packet_signature | ( | NTLMSSP_STATE * | ntlmssp_state, | |
const uchar * | data, | |||
size_t | length, | |||
const uchar * | whole_pdu, | |||
size_t | pdu_length, | |||
enum ntlmssp_direction | direction, | |||
DATA_BLOB * | sig, | |||
BOOL | encrypt_sig | |||
) | [static] |
ntlmssp_sign.c の 55 行で定義されています。
参照先 crc32_calc_buffer()・ctx・data_blob_::data・data_blob()・dump_data_pw()・hmac_md5_final()・hmac_md5_init_limK_to_64()・hmac_md5_update()・data_blob_::length・msrpc_gen()・ntlmssp_state::neg_flags・ntlmssp_state::ntlm2_recv_seq_num・ntlmssp_state::ntlm2_send_seq_num・NTLMSSP_RECEIVE・NTLMSSP_SEND・ntlmssp_state::ntlmv1_arc4_state・ntlmssp_state::ntlmv1_seq_num・ntlmssp_state::recv_seal_arc4_state・ntlmssp_state::recv_sign_key・ntlmssp_state::send_seal_arc4_state・ntlmssp_state::send_sign_key・smb_arc4_crypt().
参照元 ntlmssp_check_packet()・ntlmssp_seal_packet()・ntlmssp_sign_packet().
00061 { 00062 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { 00063 HMACMD5Context ctx; 00064 uchar seq_num[4]; 00065 uchar digest[16]; 00066 00067 *sig = data_blob(NULL, NTLMSSP_SIG_SIZE); 00068 if (!sig->data) { 00069 return NT_STATUS_NO_MEMORY; 00070 } 00071 00072 switch (direction) { 00073 case NTLMSSP_SEND: 00074 DEBUG(100,("ntlmssp_make_packet_signature: SEND seq = %u, len = %u, pdu_len = %u\n", 00075 ntlmssp_state->ntlm2_send_seq_num, 00076 (unsigned int)length, 00077 (unsigned int)pdu_length)); 00078 00079 SIVAL(seq_num, 0, ntlmssp_state->ntlm2_send_seq_num); 00080 ntlmssp_state->ntlm2_send_seq_num++; 00081 hmac_md5_init_limK_to_64(ntlmssp_state->send_sign_key, 16, &ctx); 00082 break; 00083 case NTLMSSP_RECEIVE: 00084 00085 DEBUG(100,("ntlmssp_make_packet_signature: RECV seq = %u, len = %u, pdu_len = %u\n", 00086 ntlmssp_state->ntlm2_recv_seq_num, 00087 (unsigned int)length, 00088 (unsigned int)pdu_length)); 00089 00090 SIVAL(seq_num, 0, ntlmssp_state->ntlm2_recv_seq_num); 00091 ntlmssp_state->ntlm2_recv_seq_num++; 00092 hmac_md5_init_limK_to_64(ntlmssp_state->recv_sign_key, 16, &ctx); 00093 break; 00094 } 00095 00096 dump_data_pw("pdu data ", whole_pdu, pdu_length); 00097 00098 hmac_md5_update(seq_num, 4, &ctx); 00099 hmac_md5_update(whole_pdu, pdu_length, &ctx); 00100 hmac_md5_final(digest, &ctx); 00101 00102 if (encrypt_sig && (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) { 00103 switch (direction) { 00104 case NTLMSSP_SEND: 00105 smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, digest, 8); 00106 break; 00107 case NTLMSSP_RECEIVE: 00108 smb_arc4_crypt(ntlmssp_state->recv_seal_arc4_state, digest, 8); 00109 break; 00110 } 00111 } 00112 00113 SIVAL(sig->data, 0, NTLMSSP_SIGN_VERSION); 00114 memcpy(sig->data + 4, digest, 8); 00115 memcpy(sig->data + 12, seq_num, 4); 00116 00117 dump_data_pw("ntlmssp v2 sig ", sig->data, sig->length); 00118 00119 } else { 00120 uint32 crc; 00121 crc = crc32_calc_buffer((const char *)data, length); 00122 if (!msrpc_gen(sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlmv1_seq_num)) { 00123 return NT_STATUS_NO_MEMORY; 00124 } 00125 00126 ntlmssp_state->ntlmv1_seq_num++; 00127 00128 dump_data_pw("ntlmssp hash:\n", ntlmssp_state->ntlmv1_arc4_state, 00129 sizeof(ntlmssp_state->ntlmv1_arc4_state)); 00130 smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4); 00131 } 00132 return NT_STATUS_OK; 00133 }
NTSTATUS ntlmssp_sign_packet | ( | NTLMSSP_STATE * | ntlmssp_state, | |
const uchar * | data, | |||
size_t | length, | |||
const uchar * | whole_pdu, | |||
size_t | pdu_length, | |||
DATA_BLOB * | sig | |||
) |
ntlmssp_sign.c の 135 行で定義されています。
参照先 data_blob_::length・ntlmssp_state::neg_flags・ntlmssp_make_packet_signature()・NTLMSSP_SEND・ntlmssp_state::session_key.
参照元 add_ntlmssp_auth_footer()・create_next_pdu_ntlmssp().
00139 { 00140 NTSTATUS nt_status; 00141 00142 if (!(ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) { 00143 DEBUG(3, ("NTLMSSP Signing not negotiated - cannot sign packet!\n")); 00144 return NT_STATUS_INVALID_PARAMETER; 00145 } 00146 00147 if (!ntlmssp_state->session_key.length) { 00148 DEBUG(3, ("NO session key, cannot check sign packet\n")); 00149 return NT_STATUS_NO_USER_SESSION_KEY; 00150 } 00151 00152 nt_status = ntlmssp_make_packet_signature(ntlmssp_state, 00153 data, length, 00154 whole_pdu, pdu_length, 00155 NTLMSSP_SEND, sig, True); 00156 00157 return nt_status; 00158 }
NTSTATUS ntlmssp_check_packet | ( | NTLMSSP_STATE * | ntlmssp_state, | |
const uchar * | data, | |||
size_t | length, | |||
const uchar * | whole_pdu, | |||
size_t | pdu_length, | |||
const DATA_BLOB * | sig | |||
) |
Check the signature of an incoming packet
ntlmssp_sign.c の 166 行で定義されています。
参照先 data_blob_::data・data_blob_free()・dump_data()・dump_data_pw()・data_blob_::length・ntlmssp_state::neg_flags・nt_errstr()・ntlmssp_make_packet_signature()・NTLMSSP_RECEIVE・ntlmssp_state::session_key.
参照元 api_pipe_ntlmssp_auth_process()・cli_pipe_verify_ntlmssp()・ntlmssp_unseal_packet().
00170 { 00171 DATA_BLOB local_sig; 00172 NTSTATUS nt_status; 00173 00174 if (!ntlmssp_state->session_key.length) { 00175 DEBUG(3, ("NO session key, cannot check packet signature\n")); 00176 return NT_STATUS_NO_USER_SESSION_KEY; 00177 } 00178 00179 if (sig->length < 8) { 00180 DEBUG(0, ("NTLMSSP packet check failed due to short signature (%lu bytes)!\n", 00181 (unsigned long)sig->length)); 00182 } 00183 00184 nt_status = ntlmssp_make_packet_signature(ntlmssp_state, 00185 data, length, 00186 whole_pdu, pdu_length, 00187 NTLMSSP_RECEIVE, &local_sig, True); 00188 00189 if (!NT_STATUS_IS_OK(nt_status)) { 00190 DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status))); 00191 data_blob_free(&local_sig); 00192 return nt_status; 00193 } 00194 00195 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { 00196 if (local_sig.length != sig->length || 00197 memcmp(local_sig.data, sig->data, sig->length) != 0) { 00198 DEBUG(5, ("BAD SIG NTLM2: wanted signature of\n")); 00199 dump_data(5, (const char *)local_sig.data, local_sig.length); 00200 00201 DEBUG(5, ("BAD SIG: got signature of\n")); 00202 dump_data(5, (const char *)sig->data, sig->length); 00203 00204 DEBUG(0, ("NTLMSSP NTLM2 packet check failed due to invalid signature!\n")); 00205 data_blob_free(&local_sig); 00206 return NT_STATUS_ACCESS_DENIED; 00207 } 00208 } else { 00209 if (local_sig.length != sig->length || 00210 memcmp(local_sig.data + 8, sig->data + 8, sig->length - 8) != 0) { 00211 DEBUG(5, ("BAD SIG NTLM1: wanted signature of\n")); 00212 dump_data(5, (const char *)local_sig.data, local_sig.length); 00213 00214 DEBUG(5, ("BAD SIG: got signature of\n")); 00215 dump_data(5, (const char *)sig->data, sig->length); 00216 00217 DEBUG(0, ("NTLMSSP NTLM1 packet check failed due to invalid signature!\n")); 00218 data_blob_free(&local_sig); 00219 return NT_STATUS_ACCESS_DENIED; 00220 } 00221 } 00222 dump_data_pw("checked ntlmssp signature\n", sig->data, sig->length); 00223 DEBUG(10,("ntlmssp_check_packet: NTLMSSP signature OK !\n")); 00224 00225 data_blob_free(&local_sig); 00226 return NT_STATUS_OK; 00227 }
NTSTATUS ntlmssp_seal_packet | ( | NTLMSSP_STATE * | ntlmssp_state, | |
uchar * | data, | |||
size_t | length, | |||
uchar * | whole_pdu, | |||
size_t | pdu_length, | |||
DATA_BLOB * | sig | |||
) |
Seal data with the NTLMSSP algorithm
ntlmssp_sign.c の 234 行で定義されています。
参照先 crc32_calc_buffer()・data_blob_::data・dump_data_pw()・data_blob_::length・msrpc_gen()・ntlmssp_state::neg_flags・ntlmssp_make_packet_signature()・NTLMSSP_SEND・ntlmssp_state::ntlmv1_arc4_state・ntlmssp_state::ntlmv1_seq_num・ntlmssp_state::send_seal_arc4_state・ntlmssp_state::session_key・smb_arc4_crypt().
参照元 add_ntlmssp_auth_footer()・create_next_pdu_ntlmssp().
00238 { 00239 if (!(ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) { 00240 DEBUG(3, ("NTLMSSP Sealing not negotiated - cannot seal packet!\n")); 00241 return NT_STATUS_INVALID_PARAMETER; 00242 } 00243 00244 if (!ntlmssp_state->session_key.length) { 00245 DEBUG(3, ("NO session key, cannot seal packet\n")); 00246 return NT_STATUS_NO_USER_SESSION_KEY; 00247 } 00248 00249 DEBUG(10,("ntlmssp_seal_data: seal\n")); 00250 dump_data_pw("ntlmssp clear data\n", data, length); 00251 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { 00252 /* The order of these two operations matters - we must first seal the packet, 00253 then seal the sequence number - this is becouse the send_seal_hash is not 00254 constant, but is is rather updated with each iteration */ 00255 NTSTATUS nt_status = ntlmssp_make_packet_signature(ntlmssp_state, 00256 data, length, 00257 whole_pdu, pdu_length, 00258 NTLMSSP_SEND, sig, False); 00259 if (!NT_STATUS_IS_OK(nt_status)) { 00260 return nt_status; 00261 } 00262 00263 smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, data, length); 00264 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) { 00265 smb_arc4_crypt(ntlmssp_state->send_seal_arc4_state, sig->data+4, 8); 00266 } 00267 } else { 00268 uint32 crc; 00269 crc = crc32_calc_buffer((const char *)data, length); 00270 if (!msrpc_gen(sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlmv1_seq_num)) { 00271 return NT_STATUS_NO_MEMORY; 00272 } 00273 00274 /* The order of these two operations matters - we must first seal the packet, 00275 then seal the sequence number - this is becouse the ntlmv1_arc4_state is not 00276 constant, but is is rather updated with each iteration */ 00277 00278 dump_data_pw("ntlmv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state, 00279 sizeof(ntlmssp_state->ntlmv1_arc4_state)); 00280 smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, data, length); 00281 00282 dump_data_pw("ntlmv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state, 00283 sizeof(ntlmssp_state->ntlmv1_arc4_state)); 00284 00285 smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4); 00286 00287 ntlmssp_state->ntlmv1_seq_num++; 00288 } 00289 dump_data_pw("ntlmssp signature\n", sig->data, sig->length); 00290 dump_data_pw("ntlmssp sealed data\n", data, length); 00291 00292 return NT_STATUS_OK; 00293 }
NTSTATUS ntlmssp_unseal_packet | ( | NTLMSSP_STATE * | ntlmssp_state, | |
uchar * | data, | |||
size_t | length, | |||
uchar * | whole_pdu, | |||
size_t | pdu_length, | |||
DATA_BLOB * | sig | |||
) |
Unseal data with the NTLMSSP algorithm
ntlmssp_sign.c の 300 行で定義されています。
参照先 dump_data_pw()・data_blob_::length・ntlmssp_state::neg_flags・ntlmssp_check_packet()・ntlmssp_state::ntlmv1_arc4_state・ntlmssp_state::recv_seal_arc4_state・ntlmssp_state::session_key・smb_arc4_crypt().
参照元 api_pipe_ntlmssp_auth_process()・cli_pipe_verify_ntlmssp().
00304 { 00305 if (!ntlmssp_state->session_key.length) { 00306 DEBUG(3, ("NO session key, cannot unseal packet\n")); 00307 return NT_STATUS_NO_USER_SESSION_KEY; 00308 } 00309 00310 DEBUG(10,("ntlmssp_unseal_packet: seal\n")); 00311 dump_data_pw("ntlmssp sealed data\n", data, length); 00312 00313 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { 00314 /* First unseal the data. */ 00315 smb_arc4_crypt(ntlmssp_state->recv_seal_arc4_state, data, length); 00316 dump_data_pw("ntlmv2 clear data\n", data, length); 00317 } else { 00318 smb_arc4_crypt(ntlmssp_state->ntlmv1_arc4_state, data, length); 00319 dump_data_pw("ntlmv1 clear data\n", data, length); 00320 } 00321 return ntlmssp_check_packet(ntlmssp_state, data, length, whole_pdu, pdu_length, sig); 00322 }
NTSTATUS ntlmssp_sign_init | ( | NTLMSSP_STATE * | ntlmssp_state | ) |
Initialise the state for NTLMSSP signing.
Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions. We probably should have some parameters to control this, once we get NTLM2 working.
Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions. We probably should have some parameters to control this, once we get NTLM2 working.
ntlmssp_sign.c の 327 行で定義されています。
参照先 calc_ntlmv2_key()・data_blob_::data・debug_ntlmssp_flags()・dump_data_pw()・data_blob_::length・ntlmssp_state::neg_flags・ntlmssp_state::ntlm2_recv_seq_num・ntlmssp_state::ntlm2_send_seq_num・NTLMSSP_CLIENT・NTLMSSP_SERVER・ntlmssp_weaken_keys()・ntlmssp_state::ntlmv1_arc4_state・ntlmssp_state::ntlmv1_seq_num・ntlmssp_state::recv_seal_arc4_state・ntlmssp_state::recv_seal_key・ntlmssp_state::recv_sign_key・ntlmssp_state::role・ntlmssp_state::send_seal_arc4_state・ntlmssp_state::send_seal_key・ntlmssp_state::send_sign_key・ntlmssp_state::session_key・smb_arc4_init()・talloc_init().
参照元 ntlmssp_client_challenge()・ntlmssp_server_auth().
00328 { 00329 unsigned char p24[24]; 00330 TALLOC_CTX *mem_ctx; 00331 ZERO_STRUCT(p24); 00332 00333 mem_ctx = talloc_init("weak_keys"); 00334 if (!mem_ctx) { 00335 return NT_STATUS_NO_MEMORY; 00336 } 00337 00338 DEBUG(3, ("NTLMSSP Sign/Seal - Initialising with flags:\n")); 00339 debug_ntlmssp_flags(ntlmssp_state->neg_flags); 00340 00341 if (ntlmssp_state->session_key.length < 8) { 00342 TALLOC_FREE(mem_ctx); 00343 DEBUG(3, ("NO session key, cannot intialise signing\n")); 00344 return NT_STATUS_NO_USER_SESSION_KEY; 00345 } 00346 00347 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { 00348 DATA_BLOB weak_session_key = ntlmssp_state->session_key; 00349 const char *send_sign_const; 00350 const char *send_seal_const; 00351 const char *recv_sign_const; 00352 const char *recv_seal_const; 00353 00354 switch (ntlmssp_state->role) { 00355 case NTLMSSP_CLIENT: 00356 send_sign_const = CLI_SIGN; 00357 send_seal_const = CLI_SEAL; 00358 recv_sign_const = SRV_SIGN; 00359 recv_seal_const = SRV_SEAL; 00360 break; 00361 case NTLMSSP_SERVER: 00362 send_sign_const = SRV_SIGN; 00363 send_seal_const = SRV_SEAL; 00364 recv_sign_const = CLI_SIGN; 00365 recv_seal_const = CLI_SEAL; 00366 break; 00367 default: 00368 TALLOC_FREE(mem_ctx); 00369 return NT_STATUS_INTERNAL_ERROR; 00370 } 00371 00372 /** 00373 Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions. 00374 We probably should have some parameters to control this, once we get NTLM2 working. 00375 */ 00376 00377 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) { 00378 ; 00379 } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) { 00380 weak_session_key.length = 7; 00381 } else { /* forty bits */ 00382 weak_session_key.length = 5; 00383 } 00384 00385 dump_data_pw("NTLMSSP weakend master key:\n", 00386 weak_session_key.data, 00387 weak_session_key.length); 00388 00389 /* SEND: sign key */ 00390 calc_ntlmv2_key(ntlmssp_state->send_sign_key, 00391 ntlmssp_state->session_key, send_sign_const); 00392 dump_data_pw("NTLMSSP send sign key:\n", 00393 ntlmssp_state->send_sign_key, 16); 00394 00395 /* SEND: seal ARCFOUR pad */ 00396 calc_ntlmv2_key(ntlmssp_state->send_seal_key, 00397 weak_session_key, send_seal_const); 00398 dump_data_pw("NTLMSSP send seal key:\n", 00399 ntlmssp_state->send_seal_key, 16); 00400 00401 smb_arc4_init(ntlmssp_state->send_seal_arc4_state, 00402 ntlmssp_state->send_seal_key, 16); 00403 00404 dump_data_pw("NTLMSSP send seal arc4 state:\n", 00405 ntlmssp_state->send_seal_arc4_state, 00406 sizeof(ntlmssp_state->send_seal_arc4_state)); 00407 00408 /* RECV: sign key */ 00409 calc_ntlmv2_key(ntlmssp_state->recv_sign_key, 00410 ntlmssp_state->session_key, recv_sign_const); 00411 dump_data_pw("NTLMSSP recv send sign key:\n", 00412 ntlmssp_state->recv_sign_key, 16); 00413 00414 /* RECV: seal ARCFOUR pad */ 00415 calc_ntlmv2_key(ntlmssp_state->recv_seal_key, 00416 weak_session_key, recv_seal_const); 00417 00418 dump_data_pw("NTLMSSP recv seal key:\n", 00419 ntlmssp_state->recv_seal_key, 16); 00420 00421 smb_arc4_init(ntlmssp_state->recv_seal_arc4_state, 00422 ntlmssp_state->recv_seal_key, 16); 00423 00424 dump_data_pw("NTLMSSP recv seal arc4 state:\n", 00425 ntlmssp_state->recv_seal_arc4_state, 00426 sizeof(ntlmssp_state->recv_seal_arc4_state)); 00427 00428 ntlmssp_state->ntlm2_send_seq_num = 0; 00429 ntlmssp_state->ntlm2_recv_seq_num = 0; 00430 00431 00432 } else { 00433 #if 0 00434 /* Hmmm. Shouldn't we also weaken keys for ntlmv1 ? JRA. */ 00435 00436 DATA_BLOB weak_session_key = ntlmssp_state->session_key; 00437 /** 00438 Weaken NTLMSSP keys to cope with down-level clients, servers and export restrictions. 00439 We probably should have some parameters to control this, once we get NTLM2 working. 00440 */ 00441 00442 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) { 00443 ; 00444 } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) { 00445 weak_session_key.length = 6; 00446 } else { /* forty bits */ 00447 weak_session_key.length = 5; 00448 } 00449 dump_data_pw("NTLMSSP weakend master key:\n", 00450 weak_session_key.data, 00451 weak_session_key.length); 00452 #endif 00453 00454 DATA_BLOB weak_session_key = ntlmssp_weaken_keys(ntlmssp_state, mem_ctx); 00455 00456 DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n")); 00457 00458 smb_arc4_init(ntlmssp_state->ntlmv1_arc4_state, 00459 weak_session_key.data, weak_session_key.length); 00460 00461 dump_data_pw("NTLMv1 arc4 state:\n", ntlmssp_state->ntlmv1_arc4_state, 00462 sizeof(ntlmssp_state->ntlmv1_arc4_state)); 00463 00464 ntlmssp_state->ntlmv1_seq_num = 0; 00465 } 00466 00467 TALLOC_FREE(mem_ctx); 00468 return NT_STATUS_OK; 00469 }