mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
param: Add new "disabled" value to "ntlm auth" to disable NTLM totally
Signed-off-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923 Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This commit is contained in:
parent
c278fa65eb
commit
00db3aba6c
@ -40,6 +40,11 @@
|
||||
moreinfo="none">ntlm_auth</command> tool).</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><constant>disabled</constant> - Do not allow NTLM (or
|
||||
LanMan) authentication of any level as a server.</para>
|
||||
</listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
<para>The default changed from <constant>yes</constant> to
|
||||
|
@ -332,6 +332,7 @@ static const struct enum_list enum_mangled_names[] = {
|
||||
};
|
||||
|
||||
static const struct enum_list enum_ntlm_auth[] = {
|
||||
{NTLM_AUTH_DISABLED, "disabled"},
|
||||
{NTLM_AUTH_NTLMV2_ONLY, "ntlmv2-only"},
|
||||
{NTLM_AUTH_NTLMV2_ONLY, "no"},
|
||||
{NTLM_AUTH_NTLMV2_ONLY, "false"},
|
||||
|
@ -296,6 +296,12 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
|
||||
DATA_BLOB tmp_sess_key;
|
||||
const char *upper_client_domain = NULL;
|
||||
|
||||
if (ntlm_auth == NTLM_AUTH_DISABLED) {
|
||||
DBG_WARNING("ntlm_password_check: NTLM authentication not "
|
||||
"permitted by configuration.\n");
|
||||
return NT_STATUS_NTLM_BLOCKED;
|
||||
}
|
||||
|
||||
if (client_domain != NULL) {
|
||||
upper_client_domain = talloc_strdup_upper(mem_ctx, client_domain);
|
||||
if (upper_client_domain == NULL) {
|
||||
|
@ -22,7 +22,7 @@
|
||||
#define __LIBCLI_AUTH_NTLM_CHECK_H__
|
||||
|
||||
/* mangled names options */
|
||||
enum ntlm_auth_level {NTLM_AUTH_ON,
|
||||
enum ntlm_auth_level {NTLM_AUTH_DISABLED, NTLM_AUTH_ON,
|
||||
NTLM_AUTH_NTLMV2_ONLY,
|
||||
NTLM_AUTH_MSCHAPv2_NTLMV2_ONLY};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user