diff options
author | Stefan Metzmacher <metze@samba.org> | 2018-05-09 13:30:13 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2018-05-16 00:13:19 +0200 |
commit | 7f2bebf09cd8056b3f901dd9ff1fc9e9525f3e9d (patch) | |
tree | e1434bc439616b2e3f71dd8b569a06f7f286affc /auth/ntlmssp | |
parent | 5ebe3183fded1ab060ed60baeedeac859d0c137e (diff) | |
download | samba-7f2bebf09cd8056b3f901dd9ff1fc9e9525f3e9d.tar.gz |
auth/ntlmssp: add ntlmssp_client:ldap_style_send_seal option
This will be used to similate a Windows client only
using NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL
on an LDAP connection, which is indicated internally by
GENSEC_FEATURE_LDAP_STYLE.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth/ntlmssp')
-rw-r--r-- | auth/ntlmssp/ntlmssp_client.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c index 7dcf2356941..ab406a2c5be 100644 --- a/auth/ntlmssp/ntlmssp_client.c +++ b/auth/ntlmssp/ntlmssp_client.c @@ -869,13 +869,23 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security) * is requested. */ ntlmssp_state->force_wrap_seal = true; - /* - * We want also work against old Samba servers - * which didn't had GENSEC_FEATURE_LDAP_STYLE - * we negotiate SEAL too. We may remove this - * in a few years. As all servers should have - * GENSEC_FEATURE_LDAP_STYLE by then. - */ + } + } + if (ntlmssp_state->force_wrap_seal) { + bool ret; + + /* + * We want also work against old Samba servers + * which didn't had GENSEC_FEATURE_LDAP_STYLE + * we negotiate SEAL too. We may remove this + * in a few years. As all servers should have + * GENSEC_FEATURE_LDAP_STYLE by then. + */ + ret = gensec_setting_bool(gensec_security->settings, + "ntlmssp_client", + "ldap_style_send_seal", + true); + if (ret) { ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL; } } |