git.samba.org / abartlet / samba.git / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f744e42) | patch
s3:ntlmssp Don't use the lm key if the user didn't supply one.
authorAndrew Bartlett <abartlet@samba.org>
Fri, 6 Aug 2010 09:01:34 +0000 (19:01 +1000)
committerGünther Deschner <gd@samba.org>
Tue, 10 Aug 2010 10:13:00 +0000 (12:13 +0200)
commit3c0a17a1274df1b38b3acd9335192cd78730b01c
tree1ea7e8fc50edd90ad92c6fcae8845770f081d373tree
parentf744e42bd08cd724da09b5b04bafb68de07888cccommit | diff
s3:ntlmssp Don't use the lm key if the user didn't supply one.

This may help to avoid a number of possible MITM attacks where LM_KEY is
spoofed into the session.  If the login wasn't with lanman
(and so the user chose to disclose their lanman response),
don't disclose back anything based on their lanman password.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
source3/libsmb/ntlmssp.c diff | blob | history
Unnamed repository; edit this file to name it for gitweb.