sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00
Code

s3-auth: Only allow LM_KEY cryptography when extra options are set

Browse Source 
This crypto is incredibly poor, and can technically be enabled on an otherwise more
secure connection that uses NTLM for the actual authentication leg.  Therefore
disable it by default.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andrew Bartlett 2012-01-31 15:38:02 +11:00 committed by Stefan Metzmacher
parent 82e3098e84
commit 98992b5b4e
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
source3/auth/auth_ntlmssp.c
View File

@ -262,7 +262,12 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu
ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE;
ntlmssp_state->allow_lm_key = lp_lanman_auth();
if (lpcfg_lanman_auth(gensec_security->settings->lp_ctx) &&
gensec_setting_bool(gensec_security->settings,
"ntlmssp_server", "allow_lm_key", false))
{
ntlmssp_state->allow_lm_key = true;
}
ntlmssp_state->neg_flags =
NTLMSSP_NEGOTIATE_128 |