diff options
-rw-r--r-- | source3/include/proto.h | 1 | ||||
-rw-r--r-- | source3/param/loadparm.c | 13 | ||||
-rw-r--r-- | source3/smbd/negprot.c | 33 |
3 files changed, 33 insertions, 14 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index f61d8e3ca8..577215913f 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1251,6 +1251,7 @@ BOOL lp_null_passwords(void); BOOL lp_strip_dot(void); BOOL lp_encrypted_passwords(void); BOOL lp_update_encrypted(void); +BOOL lp_server_ntlmv2(void); BOOL lp_syslog_only(void); BOOL lp_timestamp_logs(void); BOOL lp_browse_list(void); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 142ab4af32..34c405dd50 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -211,6 +211,7 @@ typedef struct BOOL bDomainLogons; BOOL bEncryptPasswords; BOOL bUpdateEncrypt; + BOOL bServerNTLMv2; BOOL bStripDot; BOOL bNullPasswords; BOOL bLoadPrinters; @@ -529,6 +530,7 @@ static struct parm_struct parm_table[] = {"security", P_ENUM, P_GLOBAL, &Globals.security, NULL, enum_security, FLAG_BASIC}, {"encrypt passwords",P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC}, {"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC}, + {"server ntlmv2", P_BOOL, P_GLOBAL, &Globals.bServerNTLMv2, NULL, enum_bool_auto, FLAG_BASIC}, {"use rhosts", P_BOOL, P_GLOBAL, &Globals.bUseRhosts, NULL, NULL, 0}, {"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, 0}, {"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, 0}, @@ -970,6 +972,10 @@ static void init_globals(void) Globals.sslCompatibility = False; #endif /* WITH_SSL */ +/* NTLMv2 */ + + Globals.bServerNTLMv2 = False; + /* these parameters are set to defaults that are more appropriate for the increasing samba install base: @@ -1244,6 +1250,7 @@ FN_GLOBAL_BOOL(lp_null_passwords,&Globals.bNullPasswords) FN_GLOBAL_BOOL(lp_strip_dot,&Globals.bStripDot) FN_GLOBAL_BOOL(lp_encrypted_passwords,&Globals.bEncryptPasswords) FN_GLOBAL_BOOL(lp_update_encrypted,&Globals.bUpdateEncrypt) +FN_GLOBAL_BOOL(lp_server_ntlmv2,&Globals.bUpdateEncrypt) FN_GLOBAL_BOOL(lp_syslog_only,&Globals.bSyslogOnly) FN_GLOBAL_BOOL(lp_timestamp_logs,&Globals.bTimestampLogs) FN_GLOBAL_BOOL(lp_browse_list,&Globals.bBrowseList) @@ -2927,7 +2934,9 @@ int lp_server_role(void) BOOL lp_domain_master(void) { if (Globals.bDomainMaster == Auto) - return (server_role == ROLE_DOMAIN_PDC); + { + return (lp_server_role() == ROLE_DOMAIN_PDC); + } return Globals.bDomainMaster; } @@ -2939,7 +2948,9 @@ BOOL lp_domain_master(void) BOOL lp_preferred_master(void) { if (Globals.bPreferredMaster == Auto) + { return (lp_local_master() && lp_domain_master()); + } return Globals.bPreferredMaster; } diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index d4e6180261..e66bf9f163 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -159,16 +159,6 @@ reply for the nt protocol static int reply_nt1(char *outbuf) { /* dual names + lock_and_read + nt SMBs + remote API calls */ - int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ| - (lp_nt_smb_support() ? CAP_NT_SMBS | CAP_RPC_REMOTE_APIS : 0) | - (SMB_OFF_T_BITS == 64 ? CAP_LARGE_FILES : 0); - - -/* - other valid capabilities which we may support at some time... - CAP_LARGE_READX|CAP_STATUS32|CAP_LEVEL_II_OPLOCKS; - */ - int secword=0; BOOL doencrypt = SMBENCRYPT(); time_t t = time(NULL); @@ -177,9 +167,26 @@ static int reply_nt1(char *outbuf) char cryptkey[8]; char crypt_len = 0; - if (lp_security() == SEC_SERVER) { - cli = server_cryptkey(); - } + int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ; + + if (lp_nt_smb_support()) + { + capabilities |= CAP_NT_SMBS | CAP_RPC_REMOTE_APIS; + } + + if (SMB_OFF_T_BITS == 64) + { + capabilities |= CAP_LARGE_FILES; + } +/* + other valid capabilities which we may support at some time... + CAP_LARGE_READX|CAP_STATUS32|CAP_LEVEL_II_OPLOCKS; + */ + + if (lp_security() == SEC_SERVER) + { + cli = server_cryptkey(); + } if (cli) { DEBUG(3,("using password server validation\n")); |