From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 24 Jun 2017 11:16:03 +0000 (+0200)
Subject: auth/ntlmssp: enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2 client case
X-Git-Tag: tdb-1.3.14~162
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ee4f8236830eb3fa1b273fa6927792a800f86bd;p=thirdparty%2Fsamba.git

auth/ntlmssp: enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2 client case

Some servers may not announce the NTLMSSP_NEGOTIATE_NTLM2
(a.k.a. NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) bit.

But if we're acting as a client using NTLMv2 we need to
enforce this flag, because it's not really a negotiationable
in that case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12862

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/auth/ntlmssp/ntlmssp_util.c b/auth/ntlmssp/ntlmssp_util.c
index 4ae6101f025..9c7325a23e0 100644
--- a/auth/ntlmssp/ntlmssp_util.c
+++ b/auth/ntlmssp/ntlmssp_util.c
@@ -75,6 +75,27 @@ NTSTATUS ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
 {
 	uint32_t missing_flags = ntlmssp_state->required_flags;
 
+	if (ntlmssp_state->use_ntlmv2) {
+		/*
+		 * Using NTLMv2 as a client implies
+		 * using NTLMSSP_NEGOTIATE_NTLM2
+		 * (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY)
+		 *
+		 * Note that 'use_ntlmv2' is only set
+		 * true in the client case.
+		 *
+		 * Even if the server has a bug and does not announce
+		 * it, we need to assume it's present.
+		 *
+		 * Note that we also have the flag
+		 * in ntlmssp_state->required_flags,
+		 * see gensec_ntlmssp_client_start().
+		 *
+		 * See bug #12862.
+		 */
+		flags |= NTLMSSP_NEGOTIATE_NTLM2;
+	}
+
 	if (flags & NTLMSSP_NEGOTIATE_UNICODE) {
 		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
 		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM;