From e7630ebe47384328d6a4a44297cbd7d4f4ec8313 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 12 Feb 2006 14:19:31 +0000 Subject: r13472: After Volker's advise, try every combination of parameters. This isn't every parameter on NTLMSSP, but it is most of the important ones. This showed up that we had the '128bit && LM_KEY' case messed up. This isn't supported, so we must look instead at the 56 bit flag. Andrew Bartlett (This used to be commit 990da31b5f63f1e707651af8bf1a3241a8309811) --- source4/auth/ntlmssp/ntlmssp.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source4/auth/ntlmssp') diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c index d4edfb97aa..5d90ceadc3 100644 --- a/source4/auth/ntlmssp/ntlmssp.c +++ b/source4/auth/ntlmssp/ntlmssp.c @@ -302,16 +302,18 @@ DATA_BLOB ntlmssp_weakend_key(struct gensec_ntlmssp_state *gensec_ntlmssp_state, to do this for the LM_KEY. */ if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) { - if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) { - - } else if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) { + /* LM key doesn't support 128 bit crypto, so this is + * the best we can do. If you negotiate 128 bit, but + * not 56, you end up with 40 bit... */ + if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) { weakened_key.data[7] = 0xa0; + weakened_key.length = 8; } else { /* forty bits */ weakened_key.data[5] = 0xe5; weakened_key.data[6] = 0x38; weakened_key.data[7] = 0xb0; + weakened_key.length = 8; } - weakened_key.length = 8; } return weakened_key; } -- cgit