Author: abartlet Date: 2006-03-25 01:00:37 +0000 (Sat, 25 Mar 2006) New Revision: 14701
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14701 Log: Allow, with non-default options, NTLMSSP to access the LM session key, even when not sending the LM response. Needed to pass the test_session_key against Win2k3. Yes, I think this is a security flaw in the use of Win2k3-compatible NTLM. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/credentials/credentials_ntlm.c branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_client.c Changeset: Modified: branches/SAMBA_4_0/source/auth/credentials/credentials_ntlm.c =================================================================== --- branches/SAMBA_4_0/source/auth/credentials/credentials_ntlm.c 2006-03-25 00:50:26 UTC (rev 14700) +++ branches/SAMBA_4_0/source/auth/credentials/credentials_ntlm.c 2006-03-25 01:00:37 UTC (rev 14701) @@ -144,6 +144,7 @@ /* LM Key is incompatible... */ *flags &= ~CLI_CRED_LANMAN_AUTH; } else { + uint8_t lm_hash[16]; nt_response = data_blob_talloc(mem_ctx, NULL, 24); SMBOWFencrypt(nt_hash->hash, challenge.data, nt_response.data); @@ -160,7 +161,6 @@ if (!password) { lm_response = nt_response; } else { - uint8_t lm_hash[16]; lm_response = data_blob_talloc(mem_ctx, NULL, 24); if (!SMBencrypt(password,challenge.data, lm_response.data)) { @@ -188,6 +188,15 @@ /* LM Key is incompatible... */ lm_response = nt_response; *flags &= ~CLI_CRED_LANMAN_AUTH; + + const char *password; + password = cli_credentials_get_password(cred); + if (password) { + E_deshash(password, lm_hash); + lm_session_key = data_blob_talloc(mem_ctx, NULL, 16); + memcpy(lm_session_key.data, lm_hash, 8); + memset(&lm_session_key.data[8], '\0', 8); + } } } if (_lm_response) { Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_client.c =================================================================== --- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_client.c 2006-03-25 00:50:26 UTC (rev 14700) +++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_client.c 2006-03-25 01:00:37 UTC (rev 14701) @@ -194,8 +194,9 @@ } if (!(flags & CLI_CRED_LANMAN_AUTH)) { - /* LM Key is incompatible... */ - gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY; + /* LM Key is still possible, just silly. Fortunetly + * we require command line options to end up here */ + /* gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY; */ } if (!(flags & CLI_CRED_NTLM2)) {