svn commit: samba r2096 - in branches/SAMBA_4_0/source/libcli/auth:
.
abartlet at samba.org
abartlet at samba.org
Sun Aug 29 11:28:31 GMT 2004
Author: abartlet
Date: 2004-08-29 11:28:31 +0000 (Sun, 29 Aug 2004)
New Revision: 2096
WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/branches/SAMBA_4_0/source/libcli/auth&rev=2096&nolog=1
Log:
Enable use of NTLM2 for connections that do not got on to be NTLMSSP
signed or sealed.
This allows NTLM2 for SMB connections, and NTLMSSP over HTTP for example.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/libcli/auth/gensec_ntlmssp.c
Changeset:
Modified: branches/SAMBA_4_0/source/libcli/auth/gensec_ntlmssp.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/auth/gensec_ntlmssp.c 2004-08-28 11:57:02 UTC (rev 2095)
+++ branches/SAMBA_4_0/source/libcli/auth/gensec_ntlmssp.c 2004-08-29 11:28:31 UTC (rev 2096)
@@ -186,6 +186,14 @@
gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
+ /* IF we are not doing Signing or Sealing, we can actually do
+ * NTLM2. When we crack the crypto puzzle, then we can enable
+ * this always, in the constant flags */
+
+ if (!(gensec_security->want_features & GENSEC_WANT_SIGN) && !(gensec_security->want_features & GENSEC_WANT_SEAL)) {
+ gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
+ }
+
ntlmssp_state = gensec_ntlmssp_state->ntlmssp_state;
if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&gensec_ntlmssp_state->auth_context))) {
return nt_status;
@@ -237,6 +245,14 @@
gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
+ /* IF we are not doing Signing or Sealing, we can actually do
+ * NTLM2. When we crack the crypto puzzle, then we can enable
+ * this always, in the constant flags */
+
+ if (!(gensec_security->want_features & GENSEC_WANT_SIGN) && !(gensec_security->want_features & GENSEC_WANT_SEAL)) {
+ gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
+ }
+
status = ntlmssp_set_domain(gensec_ntlmssp_state->ntlmssp_state,
gensec_security->user.domain);
if (!NT_STATUS_IS_OK(status)) {
More information about the samba-cvs
mailing list