CVE-2016-2111: docs-xml: add "raw NTLMv2 auth" defaulting to "yes"

[kai/samba-autobuild/.git] / source3 / param / loadparm.c

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 50b29e323849e5239a13556f1c8b8335e075510a..3bdec236005c80d2753df4b4a9eb89b320cd103d 100644 (file)
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -690,6 +690,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
        Globals.client_plaintext_auth = false;  /* Do NOT use a plaintext password even if is requested by the server */
        Globals.lanman_auth = false;    /* Do NOT use the LanMan hash, even if it is supplied */
        Globals.ntlm_auth = true;       /* Do use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
+       Globals.raw_ntlmv2_auth = true; /* Allow NTLMv2 without NTLMSSP */
        Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
        /* Note, that we will also use NTLM2 session security (which is different), if it is available */
 
@@ -1372,7 +1373,6 @@ static void free_service_byindex(int idx)
 static int add_a_service(const struct loadparm_service *pservice, const char *name)
 {
        int i;
-       int num_to_alloc = iNumServices + 1;
        struct loadparm_service **tsp = NULL;
 
        /* it might already exist */
@@ -1393,7 +1393,7 @@ static int add_a_service(const struct loadparm_service *pservice, const char *na
                /* if not, then create one */
                tsp = talloc_realloc(NULL, ServicePtrs,
                                     struct loadparm_service *,
-                                    num_to_alloc);
+                                    iNumServices + 1);
                if (tsp == NULL) {
                        DEBUG(0, ("add_a_service: failed to enlarge "
                                  "ServicePtrs!\n"));