From cfb9a9d650a0217eaa751963f055f8cdd7aa3392 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 27 Dec 2011 19:50:36 +1100 Subject: s4-ntlmssp Do not allow LM key without a LM password --- source4/auth/ntlmssp/ntlmssp_client.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'source4/auth') diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c index 6ec56941e6..d5ece11e6a 100644 --- a/source4/auth/ntlmssp/ntlmssp_client.c +++ b/source4/auth/ntlmssp/ntlmssp_client.c @@ -229,9 +229,11 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, } if (!(flags & CLI_CRED_LANMAN_AUTH)) { - /* LM Key is still possible, just silly. Fortunetly - * we require command line options to end up here */ - /* ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY; */ + /* LM Key is still possible, just silly, so we do not + * allow it. Fortunetly all LM crypto is off by + * default and we require command line options to end + * up here */ + ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY; } if (!(flags & CLI_CRED_NTLM2)) { -- cgit