CVE-2016-2111: s3:libsmb: don't send a raw NTLMv2 response when we want to use spnego
authorStefan Metzmacher <metze@samba.org>
Sat, 26 Mar 2016 17:08:16 +0000 (18:08 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:24 +0000 (19:25 +0200)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
source3/libsmb/cliconnect.c

index 50d1a0c22c591c93c15b442597c914517b279b02..d1848a279edce3d48a4462dd9634a8b2c6e38599 100644 (file)
@@ -2119,6 +2119,17 @@ struct tevent_req *cli_session_setup_send(TALLOC_CTX *mem_ctx,
                return req;
        } else {
                /* otherwise do a NT1 style session setup */
+               if (lp_client_ntlmv2_auth() && lp_client_use_spnego()) {
+                       /*
+                        * Don't send an NTLMv2 response without NTLMSSP
+                        * if we want to use spnego support
+                        */
+                       DEBUG(1, ("Server does not support EXTENDED_SECURITY "
+                                 " but 'client use spnego = yes"
+                                 " and 'client ntlmv2 auth = yes'\n"));
+                       tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+                       return tevent_req_post(req, ev);
+               }
 
                subreq = cli_session_setup_nt1_send(
                        state, ev, cli, user, pass, passlen, ntpass, ntpasslen,