1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00

auth/ntlmssp: enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2 client case

Some servers may not announce the NTLMSSP_NEGOTIATE_NTLM2
(a.k.a. NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) bit.

But if we're acting as a client using NTLMv2 we need to
enforce this flag, because it's not really a negotiationable
in that case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12862

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 8ee4f8236830eb3fa1b273fa6927792a800f86bd)

Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Wed Jun 28 15:19:53 CEST 2017 on sn-devel-144
This commit is contained in:
Stefan Metzmacher 2017-06-24 13:16:03 +02:00 committed by Karolin Seeger
parent 8aea504d02
commit f625a639e7

View File

@ -75,6 +75,27 @@ NTSTATUS ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
{
uint32_t missing_flags = ntlmssp_state->required_flags;
if (ntlmssp_state->use_ntlmv2) {
/*
* Using NTLMv2 as a client implies
* using NTLMSSP_NEGOTIATE_NTLM2
* (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY)
*
* Note that 'use_ntlmv2' is only set
* true in the client case.
*
* Even if the server has a bug and does not announce
* it, we need to assume it's present.
*
* Note that we also have the flag
* in ntlmssp_state->required_flags,
* see gensec_ntlmssp_client_start().
*
* See bug #12862.
*/
flags |= NTLMSSP_NEGOTIATE_NTLM2;
}
if (flags & NTLMSSP_NEGOTIATE_UNICODE) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM;