CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require NTLM2 (EXTENDED_...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index 1b7f87aa7a1dac0e8a2d1dbaaec26b33cbf7f59c..49933cb11b9cbc532cf0c0ddfc2d2065a87dd97f 100644 (file)
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -633,7 +633,7 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
        }
 
        if (ntlmssp_state->use_ntlmv2) {
-               ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
+               ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_NTLM2;
                ntlmssp_state->allow_lm_response = false;
                ntlmssp_state->allow_lm_key = false;
        }