s3:ntlmssp Don't use the lm key if the user didn't supply one.

This may help to avoid a number of possible MITM attacks where LM_KEY is
spoofed into the session.  If the login wasn't with lanman
(and so the user chose to disclose their lanman response),
don't disclose back anything based on their lanman password.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>

diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 2ad8d8783a3c63fd8453f0b8df53d280e44f35db..4398ecf4a33e7a3f401e266d5ef2601ef91eea7e 100644 (file)
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -635,9 +635,9 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
                                if (session_key.data == NULL) {
                                        return NT_STATUS_NO_MEMORY;
                                }
-                               SMBsesskeygen_lm_sess_key(
-                                       lm_session_key.data, zeros,
-                                       session_key.data);
+                               SMBsesskeygen_lm_sess_key(zeros, zeros,
+                                                         session_key.data);
+                               DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
                        }
                        dump_data_pw("LM session key:\n", session_key.data,
                                     session_key.length);