From 1da97d8bb89bc9d4c73195f87ee9d4396ae0c633 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 24 Jun 2017 13:16:03 +0200
Subject: [PATCH] auth/ntlmssp: enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2
 client case

Some server may not announce the NTLMSSP_NEGOTIATE_NTLM2
(a.k.a. NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) bit.

But if we're acting as a client using NTLMv2 we need to
implies this flag, because it's not really a negotiationable
in that case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12862

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 auth/ntlmssp/ntlmssp_util.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/auth/ntlmssp/ntlmssp_util.c b/auth/ntlmssp/ntlmssp_util.c
index 4ae6101..1d48095 100644
--- a/auth/ntlmssp/ntlmssp_util.c
+++ b/auth/ntlmssp/ntlmssp_util.c
@@ -75,6 +75,24 @@ NTSTATUS ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
 {
 	uint32_t missing_flags = ntlmssp_state->required_flags;
 
+	if (ntlmssp_state->use_ntlmv2) {
+		/*
+		 * Using NTLMv2 as a client implies
+		 * using NTLMSSP_NEGOTIATE_NTLM2
+		 * (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY)
+		 *
+		 * Even if the server has a bug an not announce
+		 * it, we need to assume it's present.
+		 *
+		 * Note that we also have the flag
+		 * in ntlmssp_state->required_flags,
+		 * see gensec_ntlmssp_client_start().
+		 *
+		 * See bug #12862.
+		 */
+		flags |= NTLMSSP_NEGOTIATE_NTLM2;
+	}
+
 	if (flags & NTLMSSP_NEGOTIATE_UNICODE) {
 		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
 		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM;
-- 
1.9.1