diff options
author | Andrew Bartlett <abartlet@samba.org> | 2017-07-03 14:11:47 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-07-04 06:57:20 +0200 |
commit | d0d266bbf79fac956ca5de0b48dfac08b6f18628 (patch) | |
tree | fa89526c2830abc2e2fc3aede769466bfc1dafde /source3/param/loadparm.c | |
parent | 8b398a4d72a53b57e622afb4aeefa026b96c3d2a (diff) | |
download | samba-d0d266bbf79fac956ca5de0b48dfac08b6f18628.tar.gz |
param: Disable LanMan authentication unless NTLMv1 is also enabled
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923
Diffstat (limited to 'source3/param/loadparm.c')
-rw-r--r-- | source3/param/loadparm.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index ba3763e97d1..d5b1c56e21e 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -693,7 +693,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals) Globals.restrict_anonymous = 0; Globals.client_lanman_auth = false; /* Do NOT use the LanMan hash if it is available */ Globals.client_plaintext_auth = false; /* Do NOT use a plaintext password even if is requested by the server */ - Globals.lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */ + Globals._lanman_auth = false; /* Do NOT use the LanMan hash, even if it is supplied */ Globals.ntlm_auth = NTLM_AUTH_NTLMV2_ONLY; /* Do NOT use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */ Globals.raw_ntlmv2_auth = false; /* Reject NTLMv2 without NTLMSSP */ Globals.client_ntlmv2_auth = true; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */ @@ -4592,6 +4592,22 @@ int lp_rpc_high_port(void) return Globals.rpc_high_port; } +/* + * Do not allow LanMan auth if unless NTLMv1 is also allowed + * + * This also ensures it is disabled if NTLM is totally disabled + */ +bool lp_lanman_auth(void) +{ + enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth(); + + if (ntlm_auth_level == NTLM_AUTH_ON) { + return lp__lanman_auth(); + } else { + return false; + } +} + struct loadparm_global * get_globals(void) { return &Globals; |