CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC checking...
authorStefan Metzmacher <metze@samba.org>
Thu, 19 Nov 2015 15:02:58 +0000 (16:02 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:23 +0000 (19:25 +0200)
commitc0fc6a6d7f7a9d709f35c1a7e4812c0a89285977
tree135ea341544fd50b3853646fd5b3c25b63264c23
parent8b76b05fe7aafe4b2bdc32d477bf2a20be71b6f3
CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC checking (as server)

We now include a MsvAvTimestamp in our target info as indication
for the client to include a NTLMSSP_MIC in the AUTH_MESSAGE.
If the client uses NTLMv2 we check NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE
and require a valid MIC.

This is still disabled if the "map to guest" feature is used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: G√ľnther Deschner <gd@samba.org>
auth/ntlmssp/gensec_ntlmssp.c
auth/ntlmssp/gensec_ntlmssp_server.c
auth/ntlmssp/ntlmssp.h
auth/ntlmssp/ntlmssp_server.c