summaryrefslogtreecommitdiff
path: root/libcli
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2017-07-03 14:16:50 +1200
committerAndrew Bartlett <abartlet@samba.org>2017-07-04 06:57:20 +0200
commit00db3aba6cf9ebaafdf39ee2f9c7ba5ec2281ea0 (patch)
tree4ea7182cd156999dd7c205822adac7d00ee1ac2d /libcli
parentc278fa65ebe18063a09bb1f2af5e39459f9f2a7d (diff)
downloadsamba-00db3aba6cf9ebaafdf39ee2f9c7ba5ec2281ea0.tar.gz
param: Add new "disabled" value to "ntlm auth" to disable NTLM totally
Signed-off-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923 Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Diffstat (limited to 'libcli')
-rw-r--r--libcli/auth/ntlm_check.c6
-rw-r--r--libcli/auth/ntlm_check.h2
2 files changed, 7 insertions, 1 deletions
diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c
index 8e8d100075a..3b02adc1d48 100644
--- a/libcli/auth/ntlm_check.c
+++ b/libcli/auth/ntlm_check.c
@@ -296,6 +296,12 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
DATA_BLOB tmp_sess_key;
const char *upper_client_domain = NULL;
+ if (ntlm_auth == NTLM_AUTH_DISABLED) {
+ DBG_WARNING("ntlm_password_check: NTLM authentication not "
+ "permitted by configuration.\n");
+ return NT_STATUS_NTLM_BLOCKED;
+ }
+
if (client_domain != NULL) {
upper_client_domain = talloc_strdup_upper(mem_ctx, client_domain);
if (upper_client_domain == NULL) {
diff --git a/libcli/auth/ntlm_check.h b/libcli/auth/ntlm_check.h
index f1dc54a4847..86cab9b2d13 100644
--- a/libcli/auth/ntlm_check.h
+++ b/libcli/auth/ntlm_check.h
@@ -22,7 +22,7 @@
#define __LIBCLI_AUTH_NTLM_CHECK_H__
/* mangled names options */
-enum ntlm_auth_level {NTLM_AUTH_ON,
+enum ntlm_auth_level {NTLM_AUTH_DISABLED, NTLM_AUTH_ON,
NTLM_AUTH_NTLMV2_ONLY,
NTLM_AUTH_MSCHAPv2_NTLMV2_ONLY};
View Lorry Controller Status