diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-08-29 11:28:31 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:58:24 -0500 |
commit | 1685238339d61f5b0dfef9edc9d754fcd0947922 (patch) | |
tree | d438b9f2dfd8800d5a6e4842edd3baaaf43870a7 /source4 | |
parent | 2812998ae99ed96f5b9a7edff471eecf7359edac (diff) | |
download | samba-1685238339d61f5b0dfef9edc9d754fcd0947922.tar.gz samba-1685238339d61f5b0dfef9edc9d754fcd0947922.tar.bz2 samba-1685238339d61f5b0dfef9edc9d754fcd0947922.zip |
r2096: Enable use of NTLM2 for connections that do not got on to be NTLMSSP
signed or sealed.
This allows NTLM2 for SMB connections, and NTLMSSP over HTTP for example.
Andrew Bartlett
(This used to be commit e509451538eb5fac5a288e2c429d8481dbfb355f)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/libcli/auth/gensec_ntlmssp.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/source4/libcli/auth/gensec_ntlmssp.c b/source4/libcli/auth/gensec_ntlmssp.c index ae03bc88e6..beee29a088 100644 --- a/source4/libcli/auth/gensec_ntlmssp.c +++ b/source4/libcli/auth/gensec_ntlmssp.c @@ -186,6 +186,14 @@ static NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_secur gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } + /* IF we are not doing Signing or Sealing, we can actually do + * NTLM2. When we crack the crypto puzzle, then we can enable + * this always, in the constant flags */ + + if (!(gensec_security->want_features & GENSEC_WANT_SIGN) && !(gensec_security->want_features & GENSEC_WANT_SEAL)) { + gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; + } + ntlmssp_state = gensec_ntlmssp_state->ntlmssp_state; if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&gensec_ntlmssp_state->auth_context))) { return nt_status; @@ -237,6 +245,14 @@ static NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_secur gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } + /* IF we are not doing Signing or Sealing, we can actually do + * NTLM2. When we crack the crypto puzzle, then we can enable + * this always, in the constant flags */ + + if (!(gensec_security->want_features & GENSEC_WANT_SIGN) && !(gensec_security->want_features & GENSEC_WANT_SEAL)) { + gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; + } + status = ntlmssp_set_domain(gensec_ntlmssp_state->ntlmssp_state, gensec_security->user.domain); if (!NT_STATUS_IS_OK(status)) { |