sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

auth/ntlmssp: add ntlmssp_client:ldap_style_send_seal option

Browse Source 
This will be used to similate a Windows client only
using NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL
on an LDAP connection, which is indicated internally by
GENSEC_FEATURE_LDAP_STYLE.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2018-05-09 13:30:13 +02:00 committed by Andrew Bartlett
parent 5ebe3183fd
commit 7f2bebf09c
1 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
auth/ntlmssp/ntlmssp_client.c
View File

@ -869,13 +869,23 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
* is requested.
*/
ntlmssp_state->force_wrap_seal = true;
/*
* We want also work against old Samba servers
* which didn't had GENSEC_FEATURE_LDAP_STYLE
* we negotiate SEAL too. We may remove this
* in a few years. As all servers should have
* GENSEC_FEATURE_LDAP_STYLE by then.
*/
}
}
if (ntlmssp_state->force_wrap_seal) {
bool ret;
/*
* We want also work against old Samba servers
* which didn't had GENSEC_FEATURE_LDAP_STYLE
* we negotiate SEAL too. We may remove this
* in a few years. As all servers should have
* GENSEC_FEATURE_LDAP_STYLE by then.
*/
ret = gensec_setting_bool(gensec_security->settings,
"ntlmssp_client",
"ldap_style_send_seal",
true);
if (ret) {
ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
}