summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-08-06 20:24:35 +1000
committerGünther Deschner <gd@samba.org>2010-08-10 12:13:00 +0200
commitd112557a05b23480abd3f2f52c1c7b8ded2b4f66 (patch)
treeaf45de685dfe75d5f704d16b7d45a3e471a78f53
parentf6cc686036281ee9b467ba18e96ee5086b89bef7 (diff)
downloadsamba-d112557a05b23480abd3f2f52c1c7b8ded2b4f66.tar.gz
samba-d112557a05b23480abd3f2f52c1c7b8ded2b4f66.tar.bz2
samba-d112557a05b23480abd3f2f52c1c7b8ded2b4f66.zip
s3:ntlmssp Don't permit LM_KEY in combination with NTLMv2
This is another 'belts and braces' check to avoid the use of the weak 'LM_KEY' encryption when the client has chosen NTLMv2. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
-rw-r--r--source3/libsmb/ntlmssp.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 7ac20826de..2fdc938f49 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -617,7 +617,10 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
DEBUG(10,("ntlmssp_server_auth: Failed to create NTLM2 session key.\n"));
session_key = data_blob_null;
}
- } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) {
+ } else if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
+ /* Ensure we can never get here on NTLMv2 */
+ && (ntlmssp_state->nt_resp.length == 0 || ntlmssp_state->nt_resp.length == 24)) {
+
if (lm_session_key.data && lm_session_key.length >= 8) {
if (ntlmssp_state->lm_resp.data && ntlmssp_state->lm_resp.length == 24) {
session_key = data_blob_talloc(ntlmssp_state,