r13467: Add new parametric options (for testing) controlling LM_KEY and 56-bit
authorAndrew Bartlett <abartlet@samba.org>
Sun, 12 Feb 2006 12:06:08 +0000 (12:06 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:51:54 +0000 (13:51 -0500)
encryption behaviour.

Andrew Bartlett

source/auth/ntlmssp/ntlmssp_client.c

index 3f781825e3d674cec711c53eb217f255e806f4df..d058b84a2844dd15f6d65413f6298c9d146869ab 100644 (file)
@@ -144,9 +144,6 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
                auth_gen_string = "CdBBAAABd";
        }
 
-       DEBUG(3, ("NTLMSSP: Set final flags:\n"));
-       debug_ntlmssp_flags(gensec_ntlmssp_state->neg_flags);
-
        if (!msrpc_parse(mem_ctx,
                         &in, chal_parse_string,
                         "NTLMSSP",
@@ -215,7 +212,6 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
                        SMBsesskeygen_lm_sess_key(lm_session_key.data, zeros,
                                                  new_session_key.data);
                }
-               new_session_key.length = 16;
                session_key = new_session_key;
                dump_data_pw("LM session key\n", session_key.data, session_key.length);
        }
@@ -239,6 +235,9 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
                session_key = data_blob_talloc(mem_ctx, client_session_key, sizeof(client_session_key));
        }
 
+       DEBUG(3, ("NTLMSSP: Set final flags:\n"));
+       debug_ntlmssp_flags(gensec_ntlmssp_state->neg_flags);
+
        /* this generates the actual auth packet */
        if (!msrpc_gen(mem_ctx, 
                       out, auth_gen_string, 
@@ -304,7 +303,8 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
        gensec_ntlmssp_state->use_nt_response = lp_parm_bool(-1, "ntlmssp_client", "send_nt_reponse", True);
 
        gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth() 
-                                         && lp_parm_bool(-1, "ntlmssp_client", "allow_lm_key", False));
+                                             && (lp_parm_bool(-1, "ntlmssp_client", "allow_lm_key", False)
+                                                 || lp_parm_bool(-1, "ntlmssp_client", "lm_key", False)));
 
        gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth();
 
@@ -318,6 +318,14 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
                gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;               
        }
 
+       if (lp_parm_bool(-1, "ntlmssp_client", "56bit", False)) {
+               gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;                
+       }
+
+       if (lp_parm_bool(-1, "ntlmssp_client", "lm_key", False)) {
+               gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
+       }
+
        if (lp_parm_bool(-1, "ntlmssp_client", "keyexchange", True)) {
                gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;          
        }