summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-03-25 01:00:37 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:59:10 -0500
commiteb66b26cd18ceef2368506479d90bf7e4f0f83a0 (patch)
tree3612d2f97fe8257661b3d942c0c1c1049bc5e333
parent3fdc3cf0c224fd4ce923bb0df7e8f175356cecf2 (diff)
downloadsamba-eb66b26cd18ceef2368506479d90bf7e4f0f83a0.tar.gz
samba-eb66b26cd18ceef2368506479d90bf7e4f0f83a0.tar.bz2
samba-eb66b26cd18ceef2368506479d90bf7e4f0f83a0.zip
r14701: Allow, with non-default options, NTLMSSP to access the LM session key,
even when not sending the LM response. Needed to pass the test_session_key against Win2k3. Yes, I think this is a security flaw in the use of Win2k3-compatible NTLM. Andrew Bartlett (This used to be commit cb6c27b4f29878a6a904f798e228eea05cc658e1)
-rw-r--r--source4/auth/credentials/credentials_ntlm.c11
-rw-r--r--source4/auth/ntlmssp/ntlmssp_client.c5
2 files changed, 13 insertions, 3 deletions
diff --git a/source4/auth/credentials/credentials_ntlm.c b/source4/auth/credentials/credentials_ntlm.c
index aa9a113e8d..1d181ae958 100644
--- a/source4/auth/credentials/credentials_ntlm.c
+++ b/source4/auth/credentials/credentials_ntlm.c
@@ -144,6 +144,7 @@ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_
/* LM Key is incompatible... */
*flags &= ~CLI_CRED_LANMAN_AUTH;
} else {
+ uint8_t lm_hash[16];
nt_response = data_blob_talloc(mem_ctx, NULL, 24);
SMBOWFencrypt(nt_hash->hash, challenge.data,
nt_response.data);
@@ -160,7 +161,6 @@ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_
if (!password) {
lm_response = nt_response;
} else {
- uint8_t lm_hash[16];
lm_response = data_blob_talloc(mem_ctx, NULL, 24);
if (!SMBencrypt(password,challenge.data,
lm_response.data)) {
@@ -188,6 +188,15 @@ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_
/* LM Key is incompatible... */
lm_response = nt_response;
*flags &= ~CLI_CRED_LANMAN_AUTH;
+
+ const char *password;
+ password = cli_credentials_get_password(cred);
+ if (password) {
+ E_deshash(password, lm_hash);
+ lm_session_key = data_blob_talloc(mem_ctx, NULL, 16);
+ memcpy(lm_session_key.data, lm_hash, 8);
+ memset(&lm_session_key.data[8], '\0', 8);
+ }
}
}
if (_lm_response) {
diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c
index 79f62349a6..1244c0dfbc 100644
--- a/source4/auth/ntlmssp/ntlmssp_client.c
+++ b/source4/auth/ntlmssp/ntlmssp_client.c
@@ -194,8 +194,9 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
}
if (!(flags & CLI_CRED_LANMAN_AUTH)) {
- /* LM Key is incompatible... */
- gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
+ /* LM Key is still possible, just silly. Fortunetly
+ * we require command line options to end up here */
+ /* gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY; */
}
if (!(flags & CLI_CRED_NTLM2)) {