From e71801c3de1e2bc0cb710cb1157adea1b50e12e1 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 6 Jul 1999 21:26:39 +0000 Subject: reporting failure to accept ntlmv2 (only) with down-level protocols (LANMAN1 and below). (This used to be commit be7b978249ddb5e2e94aa160a360fecbf51f016e) --- source3/smbd/reply.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index c44cf069a9..29dccaf9e8 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -537,7 +537,8 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int smb_bufsize = SVAL(inbuf,smb_vwv2); - if (Protocol < PROTOCOL_NT1) { + if (Protocol < PROTOCOL_NT1) + { smb_apasslen = SVAL(inbuf,smb_vwv7); if (smb_apasslen > MAX_PASS_LEN) { @@ -551,7 +552,16 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int if (!doencrypt && (lp_security() != SEC_SERVER)) { smb_apasslen = strlen(smb_apasswd); } - } else { + + if (lp_server_ntlmv2() == True) + { + DEBUG(1,("NTLMv2-only accepted with NT LANMAN 1.0 and above.\n\ +user %s attempted down-level SMB connection\n", user)); + return(ERROR(ERRSRV,ERRbadpw)); + } + } + else + { uint16 passlen1 = SVAL(inbuf,smb_vwv7); uint16 passlen2 = SVAL(inbuf,smb_vwv8); enum remote_arch_types ra_type = get_remote_arch(); @@ -707,7 +717,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int * 128 length unicode. */ - if(smb_ntpasslen) + if (smb_ntpasslen) { if(!password_ok(user, smb_ntpasswd,smb_ntpasslen,NULL,user_sess_key)) DEBUG(0,("NT Password did not match ! Defaulting to Lanman\n")); -- cgit