From 68e692738b30f746a99a4392dd438ccdf14d95e0 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 17 Dec 2003 21:57:26 +0000
Subject: Add in comments explaining NTLMv2 selection. Use lm session key if
 that's all there is. Jeremy. (This used to be commit
 b611f8d170743f1f4d71b1def83bb757d9f467af)

---
 source3/libsmb/ntlmssp.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 10f2983180..7b821da0fd 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -645,7 +645,15 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
 		}
 	}
 
+	/*
+	 * Note we don't check here for NTLMv2 auth settings. If NTLMv2 auth
+	 * is required (by "ntlm auth = no" and "lm auth = no" being set in the
+	 * smb.conf file) and no NTLMv2 response was sent then the password check
+	 * will fail here. JRA.
+	 */
+
 	/* Finally, actually ask if the password is OK */
+
 	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_state->check_password(ntlmssp_state, &nt_session_key, &lm_session_key))) {
 		data_blob_free(&encrypted_session_key);
 		return nt_status;
@@ -685,9 +693,13 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
 		session_key = nt_session_key;
 		DEBUG(10,("ntlmssp_server_auth: Using unmodified nt session key.\n"));
 		dump_data_pw("unmodified session key:\n", session_key.data, session_key.length);
+	} else if (lm_session_key.data) {
+		session_key = lm_session_key;
+		DEBUG(10,("ntlmssp_server_auth: Using unmodified lm session key.\n"));
+		dump_data_pw("unmodified session key:\n", session_key.data, session_key.length);
 	} else {
 		data_blob_free(&encrypted_session_key);
-		DEBUG(10,("ntlmssp_server_auth: Failed to create unmodified nt session key.\n"));
+		DEBUG(10,("ntlmssp_server_auth: Failed to create unmodified session key.\n"));
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-- 
cgit