summaryrefslogtreecommitdiff
path: root/auth/ntlmssp
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2015-12-01 14:58:19 +0100
committerStefan Metzmacher <metze@samba.org>2016-04-12 19:25:22 +0200
commit7a6b3efdc6451c3cbb157ad8d808f86d154625dd (patch)
tree302dde60a6746d3cba1a4825edd3bb6be950861d /auth/ntlmssp
parent2843f012b6bfb6d56e11b1723c0b35531ebf669f (diff)
downloadsamba-7a6b3efdc6451c3cbb157ad8d808f86d154625dd.tar.gz
CVE-2016-2110: auth/ntlmssp: split allow_lm_response from allow_lm_key
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'auth/ntlmssp')
-rw-r--r--auth/ntlmssp/gensec_ntlmssp_server.c5
-rw-r--r--auth/ntlmssp/ntlmssp.h1
-rw-r--r--auth/ntlmssp/ntlmssp_client.c8
3 files changed, 10 insertions, 4 deletions
diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c
index ede6f465122..9186ce993e8 100644
--- a/auth/ntlmssp/gensec_ntlmssp_server.c
+++ b/auth/ntlmssp/gensec_ntlmssp_server.c
@@ -118,7 +118,10 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE;
- if (lpcfg_lanman_auth(gensec_security->settings->lp_ctx) &&
+ ntlmssp_state->allow_lm_response =
+ lpcfg_lanman_auth(gensec_security->settings->lp_ctx);
+
+ if (ntlmssp_state->allow_lm_response &&
gensec_setting_bool(gensec_security->settings,
"ntlmssp_server", "allow_lm_key", false))
{
diff --git a/auth/ntlmssp/ntlmssp.h b/auth/ntlmssp/ntlmssp.h
index 31062e5f919..8c254f36e83 100644
--- a/auth/ntlmssp/ntlmssp.h
+++ b/auth/ntlmssp/ntlmssp.h
@@ -64,6 +64,7 @@ struct ntlmssp_state
bool use_ccache;
bool resume_ccache;
bool use_nt_response; /* Set to 'False' to debug what happens when the NT response is omited */
+ bool allow_lm_response;/* The LM_RESPONSE code is not very secure... */
bool allow_lm_key; /* The LM_KEY code is not very secure... */
const char *user;
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index c8b7c432f8a..8a7d58ff573 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -447,7 +447,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
if (ntlmssp_state->use_nt_response) {
flags |= CLI_CRED_NTLM_AUTH;
}
- if (lpcfg_client_lanman_auth(gensec_security->settings->lp_ctx)) {
+ if (ntlmssp_state->allow_lm_response) {
flags |= CLI_CRED_LANMAN_AUTH;
}
@@ -474,7 +474,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
}
if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
- && lpcfg_client_lanman_auth(gensec_security->settings->lp_ctx) && lm_session_key.length == 16) {
+ && ntlmssp_state->allow_lm_key && lm_session_key.length == 16) {
DATA_BLOB new_session_key = data_blob_talloc(mem_ctx, NULL, 16);
if (lm_response.length == 24) {
SMBsesskeygen_lm_sess_key(lm_session_key.data, lm_response.data,
@@ -582,7 +582,9 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
ntlmssp_state->use_nt_response = gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "send_nt_reponse", true);
- ntlmssp_state->allow_lm_key = (lpcfg_client_lanman_auth(gensec_security->settings->lp_ctx)
+ ntlmssp_state->allow_lm_response = lpcfg_client_lanman_auth(gensec_security->settings->lp_ctx);
+
+ ntlmssp_state->allow_lm_key = (ntlmssp_state->allow_lm_response
&& (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "allow_lm_key", false)
|| gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "lm_key", false)));