From 1685238339d61f5b0dfef9edc9d754fcd0947922 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 29 Aug 2004 11:28:31 +0000 Subject: r2096: Enable use of NTLM2 for connections that do not got on to be NTLMSSP signed or sealed. This allows NTLM2 for SMB connections, and NTLMSSP over HTTP for example. Andrew Bartlett (This used to be commit e509451538eb5fac5a288e2c429d8481dbfb355f) --- source4/libcli/auth/gensec_ntlmssp.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'source4') diff --git a/source4/libcli/auth/gensec_ntlmssp.c b/source4/libcli/auth/gensec_ntlmssp.c index ae03bc88e6..beee29a088 100644 --- a/source4/libcli/auth/gensec_ntlmssp.c +++ b/source4/libcli/auth/gensec_ntlmssp.c @@ -186,6 +186,14 @@ static NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_secur gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } + /* IF we are not doing Signing or Sealing, we can actually do + * NTLM2. When we crack the crypto puzzle, then we can enable + * this always, in the constant flags */ + + if (!(gensec_security->want_features & GENSEC_WANT_SIGN) && !(gensec_security->want_features & GENSEC_WANT_SEAL)) { + gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; + } + ntlmssp_state = gensec_ntlmssp_state->ntlmssp_state; if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&gensec_ntlmssp_state->auth_context))) { return nt_status; @@ -237,6 +245,14 @@ static NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_secur gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } + /* IF we are not doing Signing or Sealing, we can actually do + * NTLM2. When we crack the crypto puzzle, then we can enable + * this always, in the constant flags */ + + if (!(gensec_security->want_features & GENSEC_WANT_SIGN) && !(gensec_security->want_features & GENSEC_WANT_SEAL)) { + gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; + } + status = ntlmssp_set_domain(gensec_ntlmssp_state->ntlmssp_state, gensec_security->user.domain); if (!NT_STATUS_IS_OK(status)) { -- cgit