diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-01-31 15:38:02 +1100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2012-02-17 10:48:09 +0100 |
commit | 98992b5b4eabb6c0727952e6cdb4fcfdced4583d (patch) | |
tree | 299d235c1d80a4687dc0af0614b50859161a2b30 | |
parent | 82e3098e8490168733f492b6a5745a279494d4fe (diff) | |
download | samba-98992b5b4eabb6c0727952e6cdb4fcfdced4583d.tar.gz samba-98992b5b4eabb6c0727952e6cdb4fcfdced4583d.tar.bz2 samba-98992b5b4eabb6c0727952e6cdb4fcfdced4583d.zip |
s3-auth: Only allow LM_KEY cryptography when extra options are set
This crypto is incredibly poor, and can technically be enabled on an otherwise more
secure connection that uses NTLM for the actual authentication leg. Therefore
disable it by default.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r-- | source3/auth/auth_ntlmssp.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 36e74924ab..66d31d5f23 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -262,7 +262,12 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE; - ntlmssp_state->allow_lm_key = lp_lanman_auth(); + if (lpcfg_lanman_auth(gensec_security->settings->lp_ctx) && + gensec_setting_bool(gensec_security->settings, + "ntlmssp_server", "allow_lm_key", false)) + { + ntlmssp_state->allow_lm_key = true; + } ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_128 | |