git.samba.org / metze / samba / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5ebe318)
auth/ntlmssp: add ntlmssp_client:ldap_style_send_seal option
authorStefan Metzmacher <metze@samba.org>
Wed, 9 May 2018 11:30:13 +0000 (13:30 +0200)
committerAndrew Bartlett <abartlet@samba.org>
Tue, 15 May 2018 22:13:19 +0000 (00:13 +0200)
This will be used to similate a Windows client only
using NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL
on an LDAP connection, which is indicated internally by
GENSEC_FEATURE_LDAP_STYLE.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
auth/ntlmssp/ntlmssp_client.c patch | blob | history

diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index 7dcf23569416347b32e4977ad4ba9153396a2e7a..ab406a2c5be90f6494c85ee05786e7873217b873 100644 (file)
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -869,13 +869,23 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
                         * is requested.
                         */
                        ntlmssp_state->force_wrap_seal = true;
-                       /*
-                        * We want also work against old Samba servers
-                        * which didn't had GENSEC_FEATURE_LDAP_STYLE
-                        * we negotiate SEAL too. We may remove this
-                        * in a few years. As all servers should have
-                        * GENSEC_FEATURE_LDAP_STYLE by then.
-                        */
+               }
+       }
+       if (ntlmssp_state->force_wrap_seal) {
+               bool ret;
+
+               /*
+                * We want also work against old Samba servers
+                * which didn't had GENSEC_FEATURE_LDAP_STYLE
+                * we negotiate SEAL too. We may remove this
+                * in a few years. As all servers should have
+                * GENSEC_FEATURE_LDAP_STYLE by then.
+                */
+               ret = gensec_setting_bool(gensec_security->settings,
+                                         "ntlmssp_client",
+                                         "ldap_style_send_seal",
+                                         true);
+               if (ret) {
                        ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL;
                }
        }
Work in progress branches