diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-03-25 01:00:37 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:59:10 -0500 |
commit | eb66b26cd18ceef2368506479d90bf7e4f0f83a0 (patch) | |
tree | 3612d2f97fe8257661b3d942c0c1c1049bc5e333 /source4/auth/credentials | |
parent | 3fdc3cf0c224fd4ce923bb0df7e8f175356cecf2 (diff) | |
download | samba-eb66b26cd18ceef2368506479d90bf7e4f0f83a0.tar.gz samba-eb66b26cd18ceef2368506479d90bf7e4f0f83a0.tar.bz2 samba-eb66b26cd18ceef2368506479d90bf7e4f0f83a0.zip |
r14701: Allow, with non-default options, NTLMSSP to access the LM session key,
even when not sending the LM response. Needed to pass the
test_session_key against Win2k3.
Yes, I think this is a security flaw in the use of Win2k3-compatible NTLM.
Andrew Bartlett
(This used to be commit cb6c27b4f29878a6a904f798e228eea05cc658e1)
Diffstat (limited to 'source4/auth/credentials')
-rw-r--r-- | source4/auth/credentials/credentials_ntlm.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/source4/auth/credentials/credentials_ntlm.c b/source4/auth/credentials/credentials_ntlm.c index aa9a113e8d..1d181ae958 100644 --- a/source4/auth/credentials/credentials_ntlm.c +++ b/source4/auth/credentials/credentials_ntlm.c @@ -144,6 +144,7 @@ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_ /* LM Key is incompatible... */ *flags &= ~CLI_CRED_LANMAN_AUTH; } else { + uint8_t lm_hash[16]; nt_response = data_blob_talloc(mem_ctx, NULL, 24); SMBOWFencrypt(nt_hash->hash, challenge.data, nt_response.data); @@ -160,7 +161,6 @@ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_ if (!password) { lm_response = nt_response; } else { - uint8_t lm_hash[16]; lm_response = data_blob_talloc(mem_ctx, NULL, 24); if (!SMBencrypt(password,challenge.data, lm_response.data)) { @@ -188,6 +188,15 @@ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_ /* LM Key is incompatible... */ lm_response = nt_response; *flags &= ~CLI_CRED_LANMAN_AUTH; + + const char *password; + password = cli_credentials_get_password(cred); + if (password) { + E_deshash(password, lm_hash); + lm_session_key = data_blob_talloc(mem_ctx, NULL, 16); + memcpy(lm_session_key.data, lm_hash, 8); + memset(&lm_session_key.data[8], '\0', 8); + } } } if (_lm_response) { |