From 77f31cab6a2cd21f967c9481e9af15b3cc71a484 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mantas=20Mikul=C4=97nas?= <grawity@gmail.com>
Date: Sat, 10 Sep 2016 22:14:31 +0300
Subject: [PATCH] ntlm_check: Allow NTLMv1 if MSV1_0_ALLOW_MSVCHAPV2 is given
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Commit 0b500d413c5b ("Added MSV1_0_ALLOW_MSVCHAPV2 flag to ntlm_auth")
added the --allow-mschapv2 option, but didn't implement checking for it
server-side. The option is useful as 'ntlm auth' is now off by default
in Samba.

Signed-off-by: Mantas Mikulėnas <grawity@gmail.com>
---
 libcli/auth/ntlm_check.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c
index 7f91b52..9943ad1 100644
--- a/libcli/auth/ntlm_check.c
+++ b/libcli/auth/ntlm_check.c
@@ -398,7 +398,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 			DEBUG(3,("ntlm_password_check: NTLMv2 password check failed\n"));
 		}
 	} else if (nt_response->length == 24 && stored_nt) {
-		if (ntlm_auth) {		
+		if (ntlm_auth || (logon_parameters & MSV1_0_ALLOW_MSVCHAPV2)) {
 			/* We have the NT MD4 hash challenge available - see if we can
 			   use it (ie. does it exist in the smbpasswd file).
 			*/
-- 
2.9.3