diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-07-12 00:02:50 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:10:03 -0500 |
commit | 51de50de292df3af48a68366eef4ee526ceb801d (patch) | |
tree | 03cb88c3995c8e57599ed1d5480cd58cd80276ca /source4/auth | |
parent | 571052fec8767d7b9005512d61d4687d40e465e8 (diff) | |
download | samba-51de50de292df3af48a68366eef4ee526ceb801d.tar.gz samba-51de50de292df3af48a68366eef4ee526ceb801d.tar.bz2 samba-51de50de292df3af48a68366eef4ee526ceb801d.zip |
r16961: Merge 'seperate policy from logic' changes from Samba3. The 56-bit
flag is handled just like all the others.
Also negotiate the unknown 0x02000000 flag, to match windows.
Andrew Bartlett
(This used to be commit 1d0befdb681ed9974d1bdff46ce56353552ee0e0)
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp.c | 9 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp.h | 1 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp_server.c | 6 |
3 files changed, 12 insertions, 4 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c index fff0c9c7e9..bb9ff9cc63 100644 --- a/source4/auth/ntlmssp/ntlmssp.c +++ b/source4/auth/ntlmssp/ntlmssp.c @@ -260,9 +260,6 @@ void ntlmssp_handle_neg_flags(struct gensec_ntlmssp_state *gensec_ntlmssp_state, if (!(neg_flags & NTLMSSP_NEGOTIATE_128)) { gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_128; - if (neg_flags & NTLMSSP_NEGOTIATE_56) { - gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56; - } } if (!(neg_flags & NTLMSSP_NEGOTIATE_56)) { @@ -273,6 +270,12 @@ void ntlmssp_handle_neg_flags(struct gensec_ntlmssp_state *gensec_ntlmssp_state, gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_KEY_EXCH; } + /* Woop Woop - unknown flag for Windows compatibility... + What does this really do ? JRA. */ + if (!(neg_flags & NTLMSSP_UNKNOWN_02000000)) { + gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_UNKNOWN_02000000; + } + if ((neg_flags & NTLMSSP_REQUEST_TARGET)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_REQUEST_TARGET; } diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h index 1efb1afd54..a9ad988a5f 100644 --- a/source4/auth/ntlmssp/ntlmssp.h +++ b/source4/auth/ntlmssp/ntlmssp.h @@ -62,6 +62,7 @@ enum ntlmssp_message_type #define NTLMSSP_CHAL_NON_NT_SESSION_KEY 0x00040000 #define NTLMSSP_NEGOTIATE_NTLM2 0x00080000 #define NTLMSSP_CHAL_TARGET_INFO 0x00800000 +#define NTLMSSP_UNKNOWN_02000000 0x02000000 #define NTLMSSP_NEGOTIATE_128 0x20000000 /* 128-bit encryption */ #define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000 #define NTLMSSP_NEGOTIATE_56 0x80000000 diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index 44f7fa8b8c..b574622bbe 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -800,7 +800,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) gensec_ntlmssp_state->server_multiple_authentications = False; gensec_ntlmssp_state->neg_flags = - NTLMSSP_NEGOTIATE_NTLM; + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_UNKNOWN_02000000; gensec_ntlmssp_state->lm_resp = data_blob(NULL, 0); gensec_ntlmssp_state->nt_resp = data_blob(NULL, 0); @@ -810,6 +810,10 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128; } + if (lp_parm_bool(-1, "ntlmssp_server", "56bit", True)) { + gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56; + } + if (lp_parm_bool(-1, "ntlmssp_server", "keyexchange", True)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH; } |