From f6cc686036281ee9b467ba18e96ee5086b89bef7 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 6 Aug 2010 19:43:06 +1000
Subject: s3:ntlmssp Don't reply with the LM_KEY negotiation flag when not
 available
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This ensures the client isn't confused and we don't enter this
weaker authentication scheme when we don't really, really need to.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
---
 source3/libsmb/ntlmssp.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'source3')

diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 4398ecf4a3..7ac20826de 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -642,6 +642,9 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
 			dump_data_pw("LM session key:\n", session_key.data,
 				     session_key.length);
 		} else {
+			/* LM Key not selected */
+			ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
+
 			DEBUG(10,("ntlmssp_server_auth: Failed to create NTLM session key.\n"));
 			session_key = data_blob_null;
 		}
@@ -649,13 +652,25 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
 		session_key = user_session_key;
 		DEBUG(10,("ntlmssp_server_auth: Using unmodified nt session key.\n"));
 		dump_data_pw("unmodified session key:\n", session_key.data, session_key.length);
+
+		/* LM Key not selected */
+		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
+
 	} else if (lm_session_key.data) {
+		/* Very weird to have LM key, but no user session key, but anyway.. */
 		session_key = lm_session_key;
 		DEBUG(10,("ntlmssp_server_auth: Using unmodified lm session key.\n"));
 		dump_data_pw("unmodified session key:\n", session_key.data, session_key.length);
+
+		/* LM Key not selected */
+		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
+
 	} else {
 		DEBUG(10,("ntlmssp_server_auth: Failed to create unmodified session key.\n"));
 		session_key = data_blob_null;
+
+		/* LM Key not selected */
+		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
 	}
 
 	/* With KEY_EXCH, the client supplies the proposed session key,
-- 
cgit