diff options
-rw-r--r-- | source4/libcli/auth/gensec_ntlmssp.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/source4/libcli/auth/gensec_ntlmssp.c b/source4/libcli/auth/gensec_ntlmssp.c index ae03bc88e6..beee29a088 100644 --- a/source4/libcli/auth/gensec_ntlmssp.c +++ b/source4/libcli/auth/gensec_ntlmssp.c @@ -186,6 +186,14 @@ static NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_secur gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } + /* IF we are not doing Signing or Sealing, we can actually do + * NTLM2. When we crack the crypto puzzle, then we can enable + * this always, in the constant flags */ + + if (!(gensec_security->want_features & GENSEC_WANT_SIGN) && !(gensec_security->want_features & GENSEC_WANT_SEAL)) { + gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; + } + ntlmssp_state = gensec_ntlmssp_state->ntlmssp_state; if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&gensec_ntlmssp_state->auth_context))) { return nt_status; @@ -237,6 +245,14 @@ static NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_secur gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } + /* IF we are not doing Signing or Sealing, we can actually do + * NTLM2. When we crack the crypto puzzle, then we can enable + * this always, in the constant flags */ + + if (!(gensec_security->want_features & GENSEC_WANT_SIGN) && !(gensec_security->want_features & GENSEC_WANT_SEAL)) { + gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; + } + status = ntlmssp_set_domain(gensec_ntlmssp_state->ntlmssp_state, gensec_security->user.domain); if (!NT_STATUS_IS_OK(status)) { |