From e7630ebe47384328d6a4a44297cbd7d4f4ec8313 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 12 Feb 2006 14:19:31 +0000
Subject: r13472: After Volker's advise, try every combination of parameters. 
 This isn't every parameter on NTLMSSP, but it is most of the important ones.

This showed up that we had the '128bit && LM_KEY' case messed up.
This isn't supported, so we must look instead at the 56 bit flag.

Andrew Bartlett
(This used to be commit 990da31b5f63f1e707651af8bf1a3241a8309811)
---
 source4/auth/ntlmssp/ntlmssp.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'source4/auth')

diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c
index d4edfb97aa..5d90ceadc3 100644
--- a/source4/auth/ntlmssp/ntlmssp.c
+++ b/source4/auth/ntlmssp/ntlmssp.c
@@ -302,16 +302,18 @@ DATA_BLOB ntlmssp_weakend_key(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
 	   to do this for the LM_KEY.  
 	*/
 	if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) {
-		if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) {
-			
-		} else if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {
+		/* LM key doesn't support 128 bit crypto, so this is
+		 * the best we can do.  If you negotiate 128 bit, but
+		 * not 56, you end up with 40 bit... */
+		if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {
 			weakened_key.data[7] = 0xa0;
+			weakened_key.length = 8;
 		} else { /* forty bits */
 			weakened_key.data[5] = 0xe5;
 			weakened_key.data[6] = 0x38;
 			weakened_key.data[7] = 0xb0;
+			weakened_key.length = 8;
 		}
-		weakened_key.length = 8;
 	}
 	return weakened_key;
 }
-- 
cgit