diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-01-31 15:38:02 +1100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2012-02-17 10:48:09 +0100 |
| commit | 98992b5b4eabb6c0727952e6cdb4fcfdced4583d (patch) | |
| tree | 299d235c1d80a4687dc0af0614b50859161a2b30 /source3/auth | |
| parent | 82e3098e8490168733f492b6a5745a279494d4fe (diff) | |
| download | samba-98992b5b4eabb6c0727952e6cdb4fcfdced4583d.tar.gz | |
s3-auth: Only allow LM_KEY cryptography when extra options are set
This crypto is incredibly poor, and can technically be enabled on an otherwise more
secure connection that uses NTLM for the actual authentication leg. Therefore
disable it by default.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_ntlmssp.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 36e74924abf..66d31d5f239 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -262,7 +262,12 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE; - ntlmssp_state->allow_lm_key = lp_lanman_auth(); + if (lpcfg_lanman_auth(gensec_security->settings->lp_ctx) && + gensec_setting_bool(gensec_security->settings, + "ntlmssp_server", "allow_lm_key", false)) + { + ntlmssp_state->allow_lm_key = true; + } ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_128 | |