sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code
72497e1f9d
samba-mirror/auth/ntlmssp
History
Stefan Metzmacher c7a3ce95ac auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as a server 
This fixes "NTLMSSP NTLM2 packet check failed due to invalid signature!"
error messages, which were generated if the client only sends
NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL on an LDAP
connection.

This fixes a regession in the combination of commits
77adac8c3c and
3a0b835408.

We need to evaluate GENSEC_FEATURE_LDAP_STYLE at the end
of the authentication (as a server, while we already
do so at the beginning as a client).

As a reminder I introduced GENSEC_FEATURE_LDAP_STYLE
(as an internal flag) in order to let us work as a
Windows using NTLMSSP for LDAP. Even if only signing is
negotiated during the authentication the following PDUs
will still be encrypted if NTLMSSP is used. This is exactly the
same as if the client would have negotiated NTLMSSP_NEGOTIATE_SEAL.
I guess it's a bug in Windows, but we have to reimplement that
bug. Note this only applies to NTLMSSP and only to LDAP!
Signing only works fine for LDAP with Kerberos
or DCERPC and NTLMSSP.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 16 03:26:03 CEST 2018 on sn-devel-144
2018-05-16 03:26:03 +02:00
..
gensec_ntlmssp_server.c auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as a server 2018-05-16 03:26:03 +02:00
gensec_ntlmssp.c CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC checking (as server) 2016-04-12 19:25:23 +02:00
ntlmssp_client.c auth/ntlmssp: add ntlmssp_client:ldap_style_send_seal option 2018-05-16 00:13:19 +02:00
ntlmssp_ndr.c ntlmssp: when pulling messages it is important to clear memory first. 2016-02-04 09:29:16 +01:00
ntlmssp_ndr.h
ntlmssp_private.h auth/ntlmssp: introduce ntlmssp_server_auth_send/recv 2017-08-07 15:20:03 +02:00
ntlmssp_server.c auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as a server 2018-05-16 03:26:03 +02:00
ntlmssp_sign.c define DBGC_AUTH class 2018-01-08 03:34:17 +01:00
ntlmssp_util.c define DBGC_AUTH class 2018-01-08 03:34:17 +01:00
ntlmssp.c define DBGC_AUTH class 2018-01-08 03:34:17 +01:00
ntlmssp.h lib: modules: Change XXX_init interface from XXX_init(void) to XXX_init(TALLOC_CTX *) 2017-04-22 01:17:00 +02:00
wscript_build auth/ntlmssp: implement GENSEC_FEATURE_NTLM_CCACHE 2016-03-10 06:52:28 +01:00