diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp.c | 10 | ||||
-rwxr-xr-x | source4/script/tests/test_session_key.sh | 35 |
2 files changed, 26 insertions, 19 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c index d4edfb97aa..5d90ceadc3 100644 --- a/source4/auth/ntlmssp/ntlmssp.c +++ b/source4/auth/ntlmssp/ntlmssp.c @@ -302,16 +302,18 @@ DATA_BLOB ntlmssp_weakend_key(struct gensec_ntlmssp_state *gensec_ntlmssp_state, to do this for the LM_KEY. */ if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) { - if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) { - - } else if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) { + /* LM key doesn't support 128 bit crypto, so this is + * the best we can do. If you negotiate 128 bit, but + * not 56, you end up with 40 bit... */ + if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) { weakened_key.data[7] = 0xa0; + weakened_key.length = 8; } else { /* forty bits */ weakened_key.data[5] = 0xe5; weakened_key.data[6] = 0x38; weakened_key.data[7] = 0xb0; + weakened_key.length = 8; } - weakened_key.length = 8; } return weakened_key; } diff --git a/source4/script/tests/test_session_key.sh b/source4/script/tests/test_session_key.sh index ea23cab9d3..97a1634db0 100755 --- a/source4/script/tests/test_session_key.sh +++ b/source4/script/tests/test_session_key.sh @@ -18,22 +18,27 @@ incdir=`dirname $0` failed=0 transport="ncacn_np" +for bindoptions in validate seal; do + for keyexchange in "yes" "no"; do + for ntlm2 in "yes" "no"; do + for lm_key in "yes" "no"; do for ntlmoptions in \ - "--option=usespnego=yes --option=ntlmssp_client:ntlm2=yes" \ - "--option=usespnego=yes --option=ntlmssp_client:ntlm2=no" \ - "--option=usespnego=yes --option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:128bit=no" \ - "--option=usespnego=yes --option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:128bit=no" \ - "--option=usespnego=yes --option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:keyexchange=no" \ - "--option=usespnego=yes --option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:keyexchange=no" \ - "--option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:keyexchange=no" \ - "--option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:keyexchange=yes" \ - "--option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:keyexchange=yes --option=ntlmssp_client:128bit=no" \ - "--option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:keyexchange=no --option=ntlmssp_client:128bit=no" \ - "--option=usespnego=no --option=clientntlmv2auth=yes" \ - "--option=usespnego=no" \ + "-k no --option=usespnego=yes" \ + "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no" \ + "-k no --option=usespnego=yes --option=ntlmssp_client:56bit=yes" \ + "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes" \ + "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=no" \ + "-k no --option=usespnego=yes --option=clientntlmv2auth=yes" \ + "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no" \ + "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes" \ + "-k no --option=usespnego=no --option=clientntlmv2auth=yes" \ + "-k no --option=usespnego=no" \ ; do - name="RPC-SECRETS on $transport with $ntlmoptions" - testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" $ntlmoptions -U"$username"%"$password" -W $domain RPC-SECRETS "$*" || failed=`expr $failed + 1` + name="RPC-SECRETS on $transport:$server[$bindoptions] with NTLM2:$ntlm2 KEYEX:$keyexchange LM_KEY:$lm_key $ntlmoptions" + testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" --option=ntlmssp_client:keyexchange=$keyexchange --option=ntlmssp_client:ntlm2=$ntlm2 --option=ntlmssp_client:lm_key=$lm_key $ntlmoptions -U"$username"%"$password" -W $domain RPC-SECRETS "$*" || failed=`expr $failed + 1` done - + done + done + done +done testok $0 $failed |