s3:ntlmssp Don't permit LM_KEY in combination with NTLMv2
authorAndrew Bartlett <abartlet@samba.org>
Fri, 6 Aug 2010 10:24:35 +0000 (20:24 +1000)
committerGünther Deschner <gd@samba.org>
Tue, 10 Aug 2010 10:13:00 +0000 (12:13 +0200)
This is another 'belts and braces' check to avoid the use of the
weak 'LM_KEY' encryption when the client has chosen NTLMv2.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
source3/libsmb/ntlmssp.c

index 7ac20826de517a36f864c73b03fb84050428b9cb..2fdc938f49e9c1ba3aad25ba5cd9d8b68d4d498f 100644 (file)
@@ -617,7 +617,10 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
                        DEBUG(10,("ntlmssp_server_auth: Failed to create NTLM2 session key.\n"));
                        session_key = data_blob_null;
                }
                        DEBUG(10,("ntlmssp_server_auth: Failed to create NTLM2 session key.\n"));
                        session_key = data_blob_null;
                }
-       } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) {
+       } else if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
+               /* Ensure we can never get here on NTLMv2 */
+               && (ntlmssp_state->nt_resp.length == 0 || ntlmssp_state->nt_resp.length == 24)) {
+
                if (lm_session_key.data && lm_session_key.length >= 8) {
                        if (ntlmssp_state->lm_resp.data && ntlmssp_state->lm_resp.length == 24) {
                                session_key = data_blob_talloc(ntlmssp_state,
                if (lm_session_key.data && lm_session_key.length >= 8) {
                        if (ntlmssp_state->lm_resp.data && ntlmssp_state->lm_resp.length == 24) {
                                session_key = data_blob_talloc(ntlmssp_state,