sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code
d139d77ae3
samba-mirror/libcli
History
Andrew Bartlett d139d77ae3 auth: Allow NTLMv1 if MSV1_0_ALLOW_MSVCHAPV2 is given and re-factor 'ntlm auth =' 
The ntlm auth parameter is expanded to more clearly describe the
role of each option, and to allow the new mode that permits MSCHAPv2
(as declared by the client over the NETLOGON protocol) while
still banning NTLMv1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12252
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Based on a patch by Mantas Mikulėnas <mantas@utenos-kolegija.lt>:

Commit 0b500d413c ("Added MSV1_0_ALLOW_MSVCHAPV2 flag to ntlm_auth")
added the --allow-mschapv2 option, but didn't implement checking for it
server-side. This implements such checking.

Additionally, Samba now disables NTLMv1 authentication by default for
security reasons. To avoid having to re-enable it globally, 'ntlm auth'
becomes an enum and a new setting is added to allow only MSCHAPv2.

Signed-off-by: Mantas Mikulėnas <mantas@utenos-kolegija.lt>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-07-04 06:57:20 +02:00
..
auth auth: Allow NTLMv1 if MSV1_0_ALLOW_MSVCHAPV2 is given and re-factor 'ntlm auth =' 2017-07-04 06:57:20 +02:00
cldap s3: cldap: cldap_multi_netlogon_send() fails with one bad IPv6 address. 2016-10-18 02:16:20 +02:00
dns wscript: remove executable bits for all wscript* files 2017-01-11 20:21:01 +01:00
drsuapi werror: replace WERR_SEC_E_DECRYPT_FAILURE with HRES_SEC_E_DECRYPT_FAILURE 2016-09-28 00:04:35 +02:00
echo s4: torture: Change torture_register_suite() to add a TALLOC_CTX *. 2017-05-05 15:52:11 +02:00
ldap typo: mplementation => implementation 2016-05-06 05:03:16 +02:00
lsarpc libcli/lsarpc: add struct trustAuthInOutBlob; forward declaration 2014-04-02 09:03:42 +02:00
named_pipe_auth named_pipe_auth: Rename client -> remote_client and server -> local_server 2017-03-29 02:37:28 +02:00
nbt s4: nmblookup: Allocate event context off NULL instead of talloc_autofree_context(). 2017-05-13 21:01:25 +02:00
netlogon libcli/netlogon: We need to handle a bug in FreeIPA (at least <= 4.1.2). 2015-01-05 17:01:08 +01:00
registry build: Make util_reg subsystem in libcli/registry a library 2011-05-18 16:12:08 +02:00
samsync libcli: Use "all_zero" where appropriate 2017-01-03 16:04:28 +01:00
security libcli/security: fix dom_sid_in_domain() 2017-04-12 01:41:14 +02:00
smb libcli/smb: add smb_protocol_types_string() 2017-06-22 13:07:40 +02:00
smbreadline lib: smbreadline xfile->stdio 2016-12-11 11:17:24 +01:00
util libcli:util: Update werror table 2017-06-07 05:15:16 +02:00