CVE-2016-2110: auth/ntlmssp: don't allow a downgrade from NTLMv2 to LM_AUTH

man smb.conf says "client ntlmv2 auth = yes" the default disables,
"client lanman auth = yes":

  ...
  Likewise, if the client ntlmv2 auth parameter is enabled, then only NTLMv2
  logins will be attempted.
  ...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index 8a7d58ff57312cf614c02b66f1972b764ac8636e..839d0595460e8b07dd6b47aacbdd261a4426be4b 100644 (file)
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -632,6 +632,8 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
 
        if (ntlmssp_state->use_ntlmv2) {
                ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
+               ntlmssp_state->allow_lm_response = false;
+               ntlmssp_state->allow_lm_key = false;
        }
 
        if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {