From c616ab09655611e560f98f3c949a06c389b87767 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 31 Jan 2012 16:01:45 +1100 Subject: s3-auth: Allow NTLMSSP features to be disabled with smb.conf options for testing Signed-off-by: Stefan Metzmacher --- source3/auth/auth_ntlmssp.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 8feb45a8c9..2f6e8ade71 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -251,15 +251,6 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu ntlmssp_state->allow_lm_key = true; } - ntlmssp_state->neg_flags = - NTLMSSP_NEGOTIATE_128 | - NTLMSSP_NEGOTIATE_56 | - NTLMSSP_NEGOTIATE_VERSION | - NTLMSSP_NEGOTIATE_ALWAYS_SIGN | - NTLMSSP_NEGOTIATE_NTLM | - NTLMSSP_NEGOTIATE_NTLM2 | - NTLMSSP_NEGOTIATE_KEY_EXCH; - ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name); if (!ntlmssp_state->server.dns_name) { return NT_STATUS_NO_MEMORY; @@ -269,6 +260,29 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu return NT_STATUS_NO_MEMORY; } + ntlmssp_state->neg_flags = + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_VERSION; + + if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "128bit", true)) { + ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128; + } + + if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "56bit", true)) { + ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56; + } + + if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "keyexchange", true)) { + ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH; + } + + if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "alwayssign", true)) { + ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN; + } + + if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "ntlm2", true)) { + ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; + } + if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; } -- cgit