[PATCH] Use ntlmv2 for wbinfo -a

Volker Lendecke vl at samba.org
Mon Nov 14 15:40:42 UTC 2016 

Hi!

Review appreciated!

Thanks, Volker
-------------- next part --------------
>From c0278f157a61226e444a923ee0404dfef5fbb6e8 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 14 Nov 2016 16:38:29 +0100
Subject: [PATCH] wbinfo: Use ntlmv2 by default for wbinfo -a

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 docs-xml/manpages/wbinfo.1.xml | 11 ++++++++++-
 nsswitch/wbinfo.c              |  9 ++++++---
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/docs-xml/manpages/wbinfo.1.xml b/docs-xml/manpages/wbinfo.1.xml
index 48d2f74..f31de7e 100644
--- a/docs-xml/manpages/wbinfo.1.xml
+++ b/docs-xml/manpages/wbinfo.1.xml
@@ -49,6 +49,7 @@
 		<arg choice="opt">-m</arg>
 		<arg choice="opt">-n name</arg>
 		<arg choice="opt">-N netbios-name</arg>
+		<arg choice="opt">--ntlmv1</arg>
 		<arg choice="opt">--ntlmv2</arg>
 		<arg choice="opt">--online-status</arg>
 		<arg choice="opt">--own-domain</arg>
@@ -330,8 +331,16 @@
 		</varlistentry>
 
 		<varlistentry>
+		<term>--ntlmv1</term>
+		<listitem><para>Use NTLMv1 cryptography for user authentication.
+		</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
 		<term>--ntlmv2</term>
-		<listitem><para>Use NTLMv2 cryptography for user authentication.
+		<listitem><para>Use NTLMv2 cryptography for user
+		authentication. NTLMv2 is the default method, this
+		option is only maintained for compatibility.
 		</para></listitem>
 		</varlistentry>
 
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index f7b5ace..80b245a 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -2228,6 +2228,7 @@ enum {
 	OPT_CHANGE_USER_PASSWORD,
 	OPT_CCACHE_SAVE,
 	OPT_SID_TO_FULLNAME,
+	OPT_NTLMV1,
 	OPT_NTLMV2,
 	OPT_PAM_LOGON,
 	OPT_LOGOFF,
@@ -2249,7 +2250,7 @@ int main(int argc, const char **argv, char **envp)
 	int int_subarg = -1;
 	int result = 1;
 	bool verbose = false;
-	bool use_ntlmv2 = false;
+	bool use_ntlmv2 = true;
 	bool use_lanman = false;
 	char *logoff_user = getenv("USER");
 	int logoff_uid = geteuid();
@@ -2343,6 +2344,8 @@ int main(int argc, const char **argv, char **envp)
 		{ "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL },
 		{ "verbose", 0, POPT_ARG_NONE, 0, OPT_VERBOSE, "Print additional information per command", NULL },
 		{ "change-user-password", 0, POPT_ARG_STRING, &string_arg, OPT_CHANGE_USER_PASSWORD, "Change the password for a user", NULL },
+		{ "ntlmv1", 0, POPT_ARG_NONE, 0, OPT_NTLMV1,
+		  "Use NTLMv1 cryptography for user authentication", NULL},
 		{ "ntlmv2", 0, POPT_ARG_NONE, 0, OPT_NTLMV2, "Use NTLMv2 cryptography for user authentication", NULL},
 		{ "lanman", 0, POPT_ARG_NONE, 0, OPT_LANMAN, "Use lanman cryptography for user authentication", NULL},
 		POPT_COMMON_VERSION
@@ -2371,8 +2374,8 @@ int main(int argc, const char **argv, char **envp)
 		case OPT_VERBOSE:
 			verbose = true;
 			break;
-		case OPT_NTLMV2:
-			use_ntlmv2 = true;
+		case OPT_NTLMV1:
+			use_ntlmv2 = false;
 			break;
 		case OPT_LANMAN:
 			use_lanman = true;
-- 
2.1.4

More information about the samba-technical mailing list