From d112557a05b23480abd3f2f52c1c7b8ded2b4f66 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 6 Aug 2010 20:24:35 +1000
Subject: s3:ntlmssp Don't permit LM_KEY in combination with NTLMv2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is another 'belts and braces' check to avoid the use of the
weak 'LM_KEY' encryption when the client has chosen NTLMv2.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
---
 source3/libsmb/ntlmssp.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'source3')

diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 7ac20826de..2fdc938f49 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -617,7 +617,10 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
 			DEBUG(10,("ntlmssp_server_auth: Failed to create NTLM2 session key.\n"));
 			session_key = data_blob_null;
 		}
-	} else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) {
+	} else if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
+		/* Ensure we can never get here on NTLMv2 */
+		&& (ntlmssp_state->nt_resp.length == 0 || ntlmssp_state->nt_resp.length == 24)) {
+
 		if (lm_session_key.data && lm_session_key.length >= 8) {
 			if (ntlmssp_state->lm_resp.data && ntlmssp_state->lm_resp.length == 24) {
 				session_key = data_blob_talloc(ntlmssp_state,
-- 
cgit