summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h1
-rw-r--r--source3/param/loadparm.c13
-rw-r--r--source3/smbd/negprot.c33
3 files changed, 33 insertions, 14 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index f61d8e3ca8..577215913f 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1251,6 +1251,7 @@ BOOL lp_null_passwords(void);
BOOL lp_strip_dot(void);
BOOL lp_encrypted_passwords(void);
BOOL lp_update_encrypted(void);
+BOOL lp_server_ntlmv2(void);
BOOL lp_syslog_only(void);
BOOL lp_timestamp_logs(void);
BOOL lp_browse_list(void);
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 142ab4af32..34c405dd50 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -211,6 +211,7 @@ typedef struct
BOOL bDomainLogons;
BOOL bEncryptPasswords;
BOOL bUpdateEncrypt;
+ BOOL bServerNTLMv2;
BOOL bStripDot;
BOOL bNullPasswords;
BOOL bLoadPrinters;
@@ -529,6 +530,7 @@ static struct parm_struct parm_table[] =
{"security", P_ENUM, P_GLOBAL, &Globals.security, NULL, enum_security, FLAG_BASIC},
{"encrypt passwords",P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC},
{"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC},
+ {"server ntlmv2", P_BOOL, P_GLOBAL, &Globals.bServerNTLMv2, NULL, enum_bool_auto, FLAG_BASIC},
{"use rhosts", P_BOOL, P_GLOBAL, &Globals.bUseRhosts, NULL, NULL, 0},
{"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, 0},
{"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, 0},
@@ -970,6 +972,10 @@ static void init_globals(void)
Globals.sslCompatibility = False;
#endif /* WITH_SSL */
+/* NTLMv2 */
+
+ Globals.bServerNTLMv2 = False;
+
/* these parameters are set to defaults that are more appropriate
for the increasing samba install base:
@@ -1244,6 +1250,7 @@ FN_GLOBAL_BOOL(lp_null_passwords,&Globals.bNullPasswords)
FN_GLOBAL_BOOL(lp_strip_dot,&Globals.bStripDot)
FN_GLOBAL_BOOL(lp_encrypted_passwords,&Globals.bEncryptPasswords)
FN_GLOBAL_BOOL(lp_update_encrypted,&Globals.bUpdateEncrypt)
+FN_GLOBAL_BOOL(lp_server_ntlmv2,&Globals.bUpdateEncrypt)
FN_GLOBAL_BOOL(lp_syslog_only,&Globals.bSyslogOnly)
FN_GLOBAL_BOOL(lp_timestamp_logs,&Globals.bTimestampLogs)
FN_GLOBAL_BOOL(lp_browse_list,&Globals.bBrowseList)
@@ -2927,7 +2934,9 @@ int lp_server_role(void)
BOOL lp_domain_master(void)
{
if (Globals.bDomainMaster == Auto)
- return (server_role == ROLE_DOMAIN_PDC);
+ {
+ return (lp_server_role() == ROLE_DOMAIN_PDC);
+ }
return Globals.bDomainMaster;
}
@@ -2939,7 +2948,9 @@ BOOL lp_domain_master(void)
BOOL lp_preferred_master(void)
{
if (Globals.bPreferredMaster == Auto)
+ {
return (lp_local_master() && lp_domain_master());
+ }
return Globals.bPreferredMaster;
}
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index d4e6180261..e66bf9f163 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -159,16 +159,6 @@ reply for the nt protocol
static int reply_nt1(char *outbuf)
{
/* dual names + lock_and_read + nt SMBs + remote API calls */
- int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ|
- (lp_nt_smb_support() ? CAP_NT_SMBS | CAP_RPC_REMOTE_APIS : 0) |
- (SMB_OFF_T_BITS == 64 ? CAP_LARGE_FILES : 0);
-
-
-/*
- other valid capabilities which we may support at some time...
- CAP_LARGE_READX|CAP_STATUS32|CAP_LEVEL_II_OPLOCKS;
- */
-
int secword=0;
BOOL doencrypt = SMBENCRYPT();
time_t t = time(NULL);
@@ -177,9 +167,26 @@ static int reply_nt1(char *outbuf)
char cryptkey[8];
char crypt_len = 0;
- if (lp_security() == SEC_SERVER) {
- cli = server_cryptkey();
- }
+ int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ;
+
+ if (lp_nt_smb_support())
+ {
+ capabilities |= CAP_NT_SMBS | CAP_RPC_REMOTE_APIS;
+ }
+
+ if (SMB_OFF_T_BITS == 64)
+ {
+ capabilities |= CAP_LARGE_FILES;
+ }
+/*
+ other valid capabilities which we may support at some time...
+ CAP_LARGE_READX|CAP_STATUS32|CAP_LEVEL_II_OPLOCKS;
+ */
+
+ if (lp_security() == SEC_SERVER)
+ {
+ cli = server_cryptkey();
+ }
if (cli) {
DEBUG(3,("using password server validation\n"));