diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-05-19 16:45:55 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2023-05-16 23:29:32 +0000 |
commit | 2a8db072934f2b75b992b57c9133afba446b74f5 (patch) | |
tree | 6fb1168a440d6f05690b0ffa64211936da70ee4a /libcli | |
parent | 23a67d59c82b71cada5578e1c393ff42ca9d1b17 (diff) | |
download | samba-2a8db072934f2b75b992b57c9133afba446b74f5.tar.gz |
auth: Return status code if configuration prohibits NTLM
Currently, we rely on ‘stored_nt’ being NULL to give an
NT_STATUS_WRONG_PASSWORD error.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'libcli')
-rw-r--r-- | libcli/auth/ntlm_check.c | 8 | ||||
-rw-r--r-- | libcli/auth/ntlm_check.h | 1 |
2 files changed, 9 insertions, 0 deletions
diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c index cb4be7f6507..3927dfa7836 100644 --- a/libcli/auth/ntlm_check.c +++ b/libcli/auth/ntlm_check.c @@ -259,12 +259,19 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx, NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx, bool lanman_auth, + enum ntlm_auth_level ntlm_auth, const struct samr_Password *client_lanman, const struct samr_Password *client_nt, const char *username, const struct samr_Password *stored_lanman, const struct samr_Password *stored_nt) { + if (ntlm_auth == NTLM_AUTH_DISABLED) { + DBG_WARNING("hash_password_check: NTLM authentication not " + "permitted by configuration.\n"); + return NT_STATUS_NTLM_BLOCKED; + } + if (stored_nt == NULL) { DEBUG(3,("hash_password_check: NO NT password stored for user %s.\n", username)); @@ -387,6 +394,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, } return hash_password_check(mem_ctx, lanman_auth, + ntlm_auth, lm_ok ? &client_lm : NULL, nt_response->length ? &client_nt : NULL, username, diff --git a/libcli/auth/ntlm_check.h b/libcli/auth/ntlm_check.h index 86cab9b2d13..3fcd1f4ccbb 100644 --- a/libcli/auth/ntlm_check.h +++ b/libcli/auth/ntlm_check.h @@ -45,6 +45,7 @@ struct samr_Password; NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx, bool lanman_auth, + enum ntlm_auth_level ntlm_auth, const struct samr_Password *client_lanman, const struct samr_Password *client_nt, const char *username, |