svn commit: samba r2096 - in branches/SAMBA_4_0/source/libcli/auth: .

abartlet at samba.org abartlet at samba.org
Sun Aug 29 11:28:31 GMT 2004 

Author: abartlet
Date: 2004-08-29 11:28:31 +0000 (Sun, 29 Aug 2004)
New Revision: 2096

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/branches/SAMBA_4_0/source/libcli/auth&rev=2096&nolog=1

Log:
Enable use of NTLM2 for connections that do not got on to be NTLMSSP
signed or sealed.

This allows NTLM2 for SMB connections, and NTLMSSP over HTTP for example.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/libcli/auth/gensec_ntlmssp.c


Changeset:
Modified: branches/SAMBA_4_0/source/libcli/auth/gensec_ntlmssp.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/auth/gensec_ntlmssp.c	2004-08-28 11:57:02 UTC (rev 2095)
+++ branches/SAMBA_4_0/source/libcli/auth/gensec_ntlmssp.c	2004-08-29 11:28:31 UTC (rev 2096)
@@ -186,6 +186,14 @@
 		gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
 	}
 
+	/* IF we are not doing Signing or Sealing, we can actually do
+	 * NTLM2.  When we crack the crypto puzzle, then we can enable
+	 * this always, in the constant flags */
+
+	if (!(gensec_security->want_features & GENSEC_WANT_SIGN) && !(gensec_security->want_features & GENSEC_WANT_SEAL)) {
+		gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
+	}
+
 	ntlmssp_state = gensec_ntlmssp_state->ntlmssp_state;
 	if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&gensec_ntlmssp_state->auth_context))) {
 		return nt_status;
@@ -237,6 +245,14 @@
 		gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
 	}
 
+	/* IF we are not doing Signing or Sealing, we can actually do
+	 * NTLM2.  When we crack the crypto puzzle, then we can enable
+	 * this always, in the constant flags */
+
+	if (!(gensec_security->want_features & GENSEC_WANT_SIGN) && !(gensec_security->want_features & GENSEC_WANT_SEAL)) {
+		gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
+	}
+
 	status = ntlmssp_set_domain(gensec_ntlmssp_state->ntlmssp_state, 
 				    gensec_security->user.domain);
 	if (!NT_STATUS_IS_OK(status)) {

More information about the samba-cvs mailing list