auth/ntlmssp: add more compat for GENSEC_FEATURE_LDAP_STYLE

We want also work against old Samba servers which didn't had
GENSEC_FEATURE_LDAP_STYLE we negotiate SEAL too. We may remove this in a few
years. As all servers should support GENSEC_FEATURE_LDAP_STYLE by then.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index 652c8f1fb5b7907474f1bbd613ad43b774b4e189..fe9e5d466233942022bfe3bfe28467b124910e50 100644 (file)
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -647,6 +647,14 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
                         * is requested.
                         */
                        ntlmssp_state->force_wrap_seal = true;
+                       /*
+                        * We want also work against old Samba servers
+                        * which didn't had GENSEC_FEATURE_LDAP_STYLE
+                        * we negotiate SEAL too. We may remove this
+                        * in a few years. As all servers should have
+                        * GENSEC_FEATURE_LDAP_STYLE by then.
+                        */
+                       ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
                }
        }
        if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {