s3:libads: Disable NTLMSSP if not allowed (for builds without kerberos)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14955 Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
author: Pavel Filipenský <pfilipen@redhat.com> 2022-01-03 11:13:06 +0100
committer: Stefan Metzmacher <metze@samba.org> 2022-01-21 23:33:36 +0000
commit: 17ea2ccdabbe935ef571e1227908d51b755707bc (patch)
tree: 6e10692cf3289bf236f8bf38b6646b577ced92d6
parent: 5f6251abf2f468b3744a96376b0e1c3bc317c738 (diff)
download: samba-17ea2ccdabbe935ef571e1227908d51b755707bc.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index ea98aa47ecd..1bcfe0490a8 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -617,6 +617,12 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
 	   library for HMAC_MD4 encryption */
 	mech = "NTLMSSP";
 
+	if (!(ads->auth.flags & ADS_AUTH_ALLOW_NTLMSSP)) {
+		DBG_WARNING("We can't use NTLMSSP, it is not allowed.\n");
+		status = ADS_ERROR_NT(NT_STATUS_NETWORK_CREDENTIAL_CONFLICT);
+		goto done;
+	}
+
 	if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
 		DBG_WARNING("We can't fallback to NTLMSSP, weak crypto is"
 			    " disallowed.\n");
author	Pavel Filipenský <pfilipen@redhat.com>	2022-01-03 11:13:06 +0100
committer	Stefan Metzmacher <metze@samba.org>	2022-01-21 23:33:36 +0000
commit	17ea2ccdabbe935ef571e1227908d51b755707bc (patch)
tree	6e10692cf3289bf236f8bf38b6646b577ced92d6
parent	5f6251abf2f468b3744a96376b0e1c3bc317c738 (diff)
download	samba-17ea2ccdabbe935ef571e1227908d51b755707bc.tar.gz