param: Disable LanMan authentication unless NTLMv1 is also enabled

Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923
author: Andrew Bartlett <abartlet@samba.org> 2017-07-03 14:11:47 +1200
committer: Andrew Bartlett <abartlet@samba.org> 2017-07-04 06:57:20 +0200
commit: d0d266bbf79fac956ca5de0b48dfac08b6f18628 (patch)
tree: fa89526c2830abc2e2fc3aede769466bfc1dafde /lib
parent: 8b398a4d72a53b57e622afb4aeefa026b96c3d2a (diff)
download: samba-d0d266bbf79fac956ca5de0b48dfac08b6f18628.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 9c93277c35e..a221e879d07 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -3511,3 +3511,19 @@ int lpcfg_tdb_flags(struct loadparm_context *lp_ctx, int tdb_flags)
 	}
 	return tdb_flags;
 }
+
+/*
+ * Do not allow LanMan auth if unless NTLMv1 is also allowed
+ *
+ * This also ensures it is disabled if NTLM is totally disabled
+ */
+bool lpcfg_lanman_auth(struct loadparm_context *lp_ctx)
+{
+	enum ntlm_auth_level ntlm_auth_level = lpcfg_ntlm_auth(lp_ctx);
+
+	if (ntlm_auth_level == NTLM_AUTH_ON) {
+		return lpcfg__lanman_auth(lp_ctx);
+	} else {
+		return false;
+	}
+}
author	Andrew Bartlett <abartlet@samba.org>	2017-07-03 14:11:47 +1200
committer	Andrew Bartlett <abartlet@samba.org>	2017-07-04 06:57:20 +0200
commit	d0d266bbf79fac956ca5de0b48dfac08b6f18628 (patch)
tree	fa89526c2830abc2e2fc3aede769466bfc1dafde /lib
parent	8b398a4d72a53b57e622afb4aeefa026b96c3d2a (diff)
download	samba-d0d266bbf79fac956ca5de0b48dfac08b6f18628.tar.gz