The Samba-Bugzilla – Attachment 13321 Details for
Bug 12862
Fix for a bug in MacOS X Sierra NTLMv2 processing
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 4.6.next, 4.5.next.
0001-auth-ntlmssp-enforce-NTLMSSP_NEGOTIATE_NTLM2-for-the.patch (text/plain), 1.83 KB, created by
Jeremy Allison
on 2017-06-27 23:43:12 UTC
(
hide
)
Description:
git-am fix for 4.6.next, 4.5.next.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2017-06-27 23:43:12 UTC
Size:
1.83 KB
patch
obsolete
>From 819ddd89707115f885412931aa4bbe11af7a055a Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Sat, 24 Jun 2017 13:16:03 +0200 >Subject: [PATCH] auth/ntlmssp: enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2 > client case > >Some servers may not announce the NTLMSSP_NEGOTIATE_NTLM2 >(a.k.a. NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) bit. > >But if we're acting as a client using NTLMv2 we need to >enforce this flag, because it's not really a negotiationable >in that case. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12862 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 8ee4f8236830eb3fa1b273fa6927792a800f86bd) >--- > auth/ntlmssp/ntlmssp_util.c | 21 +++++++++++++++++++++ > 1 file changed, 21 insertions(+) > >diff --git a/auth/ntlmssp/ntlmssp_util.c b/auth/ntlmssp/ntlmssp_util.c >index 4ae6101f025..9c7325a23e0 100644 >--- a/auth/ntlmssp/ntlmssp_util.c >+++ b/auth/ntlmssp/ntlmssp_util.c >@@ -75,6 +75,27 @@ NTSTATUS ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state, > { > uint32_t missing_flags = ntlmssp_state->required_flags; > >+ if (ntlmssp_state->use_ntlmv2) { >+ /* >+ * Using NTLMv2 as a client implies >+ * using NTLMSSP_NEGOTIATE_NTLM2 >+ * (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) >+ * >+ * Note that 'use_ntlmv2' is only set >+ * true in the client case. >+ * >+ * Even if the server has a bug and does not announce >+ * it, we need to assume it's present. >+ * >+ * Note that we also have the flag >+ * in ntlmssp_state->required_flags, >+ * see gensec_ntlmssp_client_start(). >+ * >+ * See bug #12862. >+ */ >+ flags |= NTLMSSP_NEGOTIATE_NTLM2; >+ } >+ > if (flags & NTLMSSP_NEGOTIATE_UNICODE) { > ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE; > ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM; >-- >2.13.2.725.g09c95d1e9-goog >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=13321">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 12862
:
13307
| 13321