1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

param: Add new "disabled" value to "ntlm auth" to disable NTLM totally

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This commit is contained in:
Andrew Bartlett 2017-07-03 14:16:50 +12:00
parent c278fa65eb
commit 00db3aba6c
4 changed files with 13 additions and 1 deletions

View File

@ -40,6 +40,11 @@
moreinfo="none">ntlm_auth</command> tool).</para>
</listitem>
<listitem>
<para><constant>disabled</constant> - Do not allow NTLM (or
LanMan) authentication of any level as a server.</para>
</listitem>
</itemizedlist>
<para>The default changed from <constant>yes</constant> to

View File

@ -332,6 +332,7 @@ static const struct enum_list enum_mangled_names[] = {
};
static const struct enum_list enum_ntlm_auth[] = {
{NTLM_AUTH_DISABLED, "disabled"},
{NTLM_AUTH_NTLMV2_ONLY, "ntlmv2-only"},
{NTLM_AUTH_NTLMV2_ONLY, "no"},
{NTLM_AUTH_NTLMV2_ONLY, "false"},

View File

@ -296,6 +296,12 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
DATA_BLOB tmp_sess_key;
const char *upper_client_domain = NULL;
if (ntlm_auth == NTLM_AUTH_DISABLED) {
DBG_WARNING("ntlm_password_check: NTLM authentication not "
"permitted by configuration.\n");
return NT_STATUS_NTLM_BLOCKED;
}
if (client_domain != NULL) {
upper_client_domain = talloc_strdup_upper(mem_ctx, client_domain);
if (upper_client_domain == NULL) {

View File

@ -22,7 +22,7 @@
#define __LIBCLI_AUTH_NTLM_CHECK_H__
/* mangled names options */
enum ntlm_auth_level {NTLM_AUTH_ON,
enum ntlm_auth_level {NTLM_AUTH_DISABLED, NTLM_AUTH_ON,
NTLM_AUTH_NTLMV2_ONLY,
NTLM_AUTH_MSCHAPv2_NTLMV2_ONLY};