Add in comments explaining NTLMv2 selection. Use lm session key if that's

all there is.
Jeremy.
(This used to be commit 3e6abeffe176cdba43d251f55f3b7aecd8fa55b1)

diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 10f2983180a696278b575ab8a7afd3ba3ec864ad..7b821da0fd6254a8a0b76ca388d9b1dbd0eaee88 100644 (file)
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -645,7 +645,15 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
                }
        }
 
+       /*
+        * Note we don't check here for NTLMv2 auth settings. If NTLMv2 auth
+        * is required (by "ntlm auth = no" and "lm auth = no" being set in the
+        * smb.conf file) and no NTLMv2 response was sent then the password check
+        * will fail here. JRA.
+        */
+
        /* Finally, actually ask if the password is OK */
+
        if (!NT_STATUS_IS_OK(nt_status = ntlmssp_state->check_password(ntlmssp_state, &nt_session_key, &lm_session_key))) {
                data_blob_free(&encrypted_session_key);
                return nt_status;
@@ -685,9 +693,13 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
                session_key = nt_session_key;
                DEBUG(10,("ntlmssp_server_auth: Using unmodified nt session key.\n"));
                dump_data_pw("unmodified session key:\n", session_key.data, session_key.length);
+       } else if (lm_session_key.data) {
+               session_key = lm_session_key;
+               DEBUG(10,("ntlmssp_server_auth: Using unmodified lm session key.\n"));
+               dump_data_pw("unmodified session key:\n", session_key.data, session_key.length);
        } else {
                data_blob_free(&encrypted_session_key);
-               DEBUG(10,("ntlmssp_server_auth: Failed to create unmodified nt session key.\n"));
+               DEBUG(10,("ntlmssp_server_auth: Failed to create unmodified session key.\n"));
                return NT_STATUS_INVALID_PARAMETER;
        }