CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC checking (as server)
We now include a MsvAvTimestamp in our target info as indication
for the client to include a NTLMSSP_MIC in the AUTH_MESSAGE.
If the client uses NTLMv2 we check NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE
and require a valid MIC.
This is still disabled if the "map to guest" feature is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
git.samba.org / samba.git / commit