s3-auth: Allow NTLMSSP features to be disabled with smb.conf options for testing

Signed-off-by: Stefan Metzmacher <metze@samba.org>

1 files changed, 23 insertions, 9 deletions

diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 8feb45a8c9..2f6e8ade71 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -251,15 +251,6 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu
 		ntlmssp_state->allow_lm_key = true;
 	}
 
-	ntlmssp_state->neg_flags =
-		NTLMSSP_NEGOTIATE_128 |
-		NTLMSSP_NEGOTIATE_56 |
-		NTLMSSP_NEGOTIATE_VERSION |
-		NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
-		NTLMSSP_NEGOTIATE_NTLM |
-		NTLMSSP_NEGOTIATE_NTLM2 |
-		NTLMSSP_NEGOTIATE_KEY_EXCH;
-
 	ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name);
 	if (!ntlmssp_state->server.dns_name) {
 		return NT_STATUS_NO_MEMORY;
@@ -269,6 +260,29 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu
 		return NT_STATUS_NO_MEMORY;
 	}
 
+	ntlmssp_state->neg_flags =
+		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_VERSION;
+
+	if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "128bit", true)) {
+		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;
+	}
+
+	if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "56bit", true)) {
+		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;
+	}
+
+	if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "keyexchange", true)) {
+		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
+	}
+
+	if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "alwayssign", true)) {
+		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
+	}
+
+	if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "ntlm2", true)) {
+		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
+	}
+
 	if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
 		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
 	}