summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-08-06 19:43:06 +1000
committerGünther Deschner <gd@samba.org>2010-08-10 12:13:00 +0200
commitf6cc686036281ee9b467ba18e96ee5086b89bef7 (patch)
treee74105755d35689de9756dd27e2b19bff3e6ce59
parent3c0a17a1274df1b38b3acd9335192cd78730b01c (diff)
downloadsamba-f6cc686036281ee9b467ba18e96ee5086b89bef7.tar.gz
samba-f6cc686036281ee9b467ba18e96ee5086b89bef7.tar.bz2
samba-f6cc686036281ee9b467ba18e96ee5086b89bef7.zip
s3:ntlmssp Don't reply with the LM_KEY negotiation flag when not available
This ensures the client isn't confused and we don't enter this weaker authentication scheme when we don't really, really need to. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
-rw-r--r--source3/libsmb/ntlmssp.c15
1 files changed, 15 insertions, 0 deletions
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 4398ecf4a3..7ac20826de 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -642,6 +642,9 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
dump_data_pw("LM session key:\n", session_key.data,
session_key.length);
} else {
+ /* LM Key not selected */
+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
+
DEBUG(10,("ntlmssp_server_auth: Failed to create NTLM session key.\n"));
session_key = data_blob_null;
}
@@ -649,13 +652,25 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
session_key = user_session_key;
DEBUG(10,("ntlmssp_server_auth: Using unmodified nt session key.\n"));
dump_data_pw("unmodified session key:\n", session_key.data, session_key.length);
+
+ /* LM Key not selected */
+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
+
} else if (lm_session_key.data) {
+ /* Very weird to have LM key, but no user session key, but anyway.. */
session_key = lm_session_key;
DEBUG(10,("ntlmssp_server_auth: Using unmodified lm session key.\n"));
dump_data_pw("unmodified session key:\n", session_key.data, session_key.length);
+
+ /* LM Key not selected */
+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
+
} else {
DEBUG(10,("ntlmssp_server_auth: Failed to create unmodified session key.\n"));
session_key = data_blob_null;
+
+ /* LM Key not selected */
+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
}
/* With KEY_EXCH, the client supplies the proposed session key,