summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-08-29 11:28:31 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:58:24 -0500
commit1685238339d61f5b0dfef9edc9d754fcd0947922 (patch)
treed438b9f2dfd8800d5a6e4842edd3baaaf43870a7 /source4
parent2812998ae99ed96f5b9a7edff471eecf7359edac (diff)
downloadsamba-1685238339d61f5b0dfef9edc9d754fcd0947922.tar.gz
samba-1685238339d61f5b0dfef9edc9d754fcd0947922.tar.bz2
samba-1685238339d61f5b0dfef9edc9d754fcd0947922.zip
r2096: Enable use of NTLM2 for connections that do not got on to be NTLMSSP
signed or sealed. This allows NTLM2 for SMB connections, and NTLMSSP over HTTP for example. Andrew Bartlett (This used to be commit e509451538eb5fac5a288e2c429d8481dbfb355f)
Diffstat (limited to 'source4')
-rw-r--r--source4/libcli/auth/gensec_ntlmssp.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/source4/libcli/auth/gensec_ntlmssp.c b/source4/libcli/auth/gensec_ntlmssp.c
index ae03bc88e6..beee29a088 100644
--- a/source4/libcli/auth/gensec_ntlmssp.c
+++ b/source4/libcli/auth/gensec_ntlmssp.c
@@ -186,6 +186,14 @@ static NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_secur
gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
+ /* IF we are not doing Signing or Sealing, we can actually do
+ * NTLM2. When we crack the crypto puzzle, then we can enable
+ * this always, in the constant flags */
+
+ if (!(gensec_security->want_features & GENSEC_WANT_SIGN) && !(gensec_security->want_features & GENSEC_WANT_SEAL)) {
+ gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
+ }
+
ntlmssp_state = gensec_ntlmssp_state->ntlmssp_state;
if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&gensec_ntlmssp_state->auth_context))) {
return nt_status;
@@ -237,6 +245,14 @@ static NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_secur
gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
+ /* IF we are not doing Signing or Sealing, we can actually do
+ * NTLM2. When we crack the crypto puzzle, then we can enable
+ * this always, in the constant flags */
+
+ if (!(gensec_security->want_features & GENSEC_WANT_SIGN) && !(gensec_security->want_features & GENSEC_WANT_SEAL)) {
+ gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
+ }
+
status = ntlmssp_set_domain(gensec_ntlmssp_state->ntlmssp_state,
gensec_security->user.domain);
if (!NT_STATUS_IS_OK(status)) {