Fix unsealing without extended session security

author Simo Sorce <simo@redhat.com>

Wed, 6 Aug 2014 16:47:09 +0000 (12:47 -0400)

committer Simo Sorce <simo@redhat.com>

Wed, 6 Aug 2014 19:44:52 +0000 (15:44 -0400)
author Simo Sorce <simo@redhat.com>
Wed, 6 Aug 2014 16:47:09 +0000 (12:47 -0400)
committer Simo Sorce <simo@redhat.com>
Wed, 6 Aug 2014 19:44:52 +0000 (15:44 -0400)
diff --git a/src/ntlm_crypto.c b/src/ntlm_crypto.c

index bf4878ab34e62d2750b342b0a68f31b7a33c0d32..b871997d704748896dac797b150515e3d1aa31d6 100644 (file)
--- a/src/ntlm_crypto.c
+++ b/src/ntlm_crypto.c
@@ -759,10 +759,7 @@ int ntlm_unseal(struct ntlm_rc4_handle *handle, uint32_t flags,
      struct ntlm_buffer msg_buffer;
      int ret;
  
-    if (!((flags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY)
-        && (flags & NTLMSSP_NEGOTIATE_SEAL))) {
-        /* we only support v2 for now as we can't sign w/o session security
-         * anyway */
+    if (!(flags & NTLMSSP_NEGOTIATE_SEAL)) {
          return ENOTSUP;
      }
  
@@ -772,9 +769,13 @@ int ntlm_unseal(struct ntlm_rc4_handle *handle, uint32_t flags,
      ret = RC4_UPDATE(handle, &msg_buffer, output);
      if (ret) return ret;
  
-    return ntlmv2_sign(sign_key, seq_num, handle,
-                      (flags & NTLMSSP_NEGOTIATE_KEY_EXCH),
-                      output, signature);
+    if (flags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) {
+        return ntlmv2_sign(sign_key, seq_num, handle,
+                           (flags & NTLMSSP_NEGOTIATE_KEY_EXCH),
+                           output, signature);
+    } else {
+        return ntlmv1_sign(handle, 0, seq_num, output, signature);
+    }
  }
  
  int ntlm_mic(struct ntlm_key *exported_session_key,
author	Simo Sorce <simo@redhat.com>
	Wed, 6 Aug 2014 16:47:09 +0000 (12:47 -0400)
committer	Simo Sorce <simo@redhat.com>
	Wed, 6 Aug 2014 19:44:52 +0000 (15:44 -0400)