added server ntlmv2 false/auto/true parameter, defaults to off.

(This used to be commit 209944dabc)

source3/include/proto.h

@@ -1251,6 +1251,7 @@ BOOL lp_null_passwords(void);
 BOOL lp_strip_dot(void);
 BOOL lp_encrypted_passwords(void);
 BOOL lp_update_encrypted(void);
+BOOL lp_server_ntlmv2(void);
 BOOL lp_syslog_only(void);
 BOOL lp_timestamp_logs(void);
 BOOL lp_browse_list(void);

source3/param/loadparm.c

@@ -211,6 +211,7 @@ typedef struct
   BOOL bDomainLogons;
   BOOL bEncryptPasswords;
   BOOL bUpdateEncrypt;
+  BOOL bServerNTLMv2;
   BOOL bStripDot;
   BOOL bNullPasswords;
   BOOL bLoadPrinters;
@@ -529,6 +530,7 @@ static struct parm_struct parm_table[] =
   {"security",         P_ENUM,    P_GLOBAL, &Globals.security,          NULL,   enum_security, FLAG_BASIC},
   {"encrypt passwords",P_BOOL,    P_GLOBAL, &Globals.bEncryptPasswords, NULL,   NULL,  FLAG_BASIC},
   {"update encrypted", P_BOOL,    P_GLOBAL, &Globals.bUpdateEncrypt,    NULL,   NULL,  FLAG_BASIC},
+  {"server ntlmv2",    P_BOOL,    P_GLOBAL, &Globals.bServerNTLMv2,     NULL,   enum_bool_auto,  FLAG_BASIC},
   {"use rhosts",       P_BOOL,    P_GLOBAL, &Globals.bUseRhosts,        NULL,   NULL,  0},
   {"map to guest",     P_ENUM,    P_GLOBAL, &Globals.map_to_guest,      NULL,   enum_map_to_guest, 0},
   {"null passwords",   P_BOOL,    P_GLOBAL, &Globals.bNullPasswords,    NULL,   NULL,  0},
@@ -970,6 +972,10 @@ static void init_globals(void)
   Globals.sslCompatibility = False;
 #endif        /* WITH_SSL */
 
+/* NTLMv2 */
+
+  Globals.bServerNTLMv2 = False; 
+
 /* these parameters are set to defaults that are more appropriate
    for the increasing samba install base:
 
@@ -1244,6 +1250,7 @@ FN_GLOBAL_BOOL(lp_null_passwords,&Globals.bNullPasswords)
 FN_GLOBAL_BOOL(lp_strip_dot,&Globals.bStripDot)
 FN_GLOBAL_BOOL(lp_encrypted_passwords,&Globals.bEncryptPasswords)
 FN_GLOBAL_BOOL(lp_update_encrypted,&Globals.bUpdateEncrypt)
+FN_GLOBAL_BOOL(lp_server_ntlmv2,&Globals.bUpdateEncrypt)
 FN_GLOBAL_BOOL(lp_syslog_only,&Globals.bSyslogOnly)
 FN_GLOBAL_BOOL(lp_timestamp_logs,&Globals.bTimestampLogs)
 FN_GLOBAL_BOOL(lp_browse_list,&Globals.bBrowseList)
@@ -2927,7 +2934,9 @@ int lp_server_role(void)
 BOOL lp_domain_master(void)
 {
 	if (Globals.bDomainMaster == Auto)
-		return (server_role == ROLE_DOMAIN_PDC);
+	{
+		return (lp_server_role() == ROLE_DOMAIN_PDC);
+	}
 
 	return Globals.bDomainMaster;
 }
@@ -2939,7 +2948,9 @@ BOOL lp_domain_master(void)
 BOOL lp_preferred_master(void)
 {
 	if (Globals.bPreferredMaster == Auto)
+	{
 		return (lp_local_master() && lp_domain_master());
+	}
 
 	return Globals.bPreferredMaster;
 }

source3/smbd/negprot.c

@@ -159,16 +159,6 @@ reply for the nt protocol
 static int reply_nt1(char *outbuf)
 {
   /* dual names + lock_and_read + nt SMBs + remote API calls */
-  int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ|
-                     (lp_nt_smb_support() ? CAP_NT_SMBS | CAP_RPC_REMOTE_APIS : 0) |
-                     (SMB_OFF_T_BITS == 64 ? CAP_LARGE_FILES : 0);
-
-
-/*
-  other valid capabilities which we may support at some time...
-                     CAP_LARGE_READX|CAP_STATUS32|CAP_LEVEL_II_OPLOCKS;
- */
-
   int secword=0;
   BOOL doencrypt = SMBENCRYPT();
   time_t t = time(NULL);
@@ -177,9 +167,26 @@ static int reply_nt1(char *outbuf)
   char cryptkey[8];
   char crypt_len = 0;
 
-  if (lp_security() == SEC_SERVER) {
-	  cli = server_cryptkey();
-  }
+  int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ;
+
+	if (lp_nt_smb_support())
+	{
+		capabilities |= CAP_NT_SMBS | CAP_RPC_REMOTE_APIS;
+	}
+
+	if (SMB_OFF_T_BITS == 64)
+	{
+		capabilities |= CAP_LARGE_FILES;
+	}
+/*
+  other valid capabilities which we may support at some time...
+                     CAP_LARGE_READX|CAP_STATUS32|CAP_LEVEL_II_OPLOCKS;
+ */
+
+	if (lp_security() == SEC_SERVER)
+	{
+		cli = server_cryptkey();
+	}
 
   if (cli) {
 	  DEBUG(3,("using password server validation\n"));