]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 603bc01)
auth/ntlmssp: add ntlmssp_client:ldap_style_send_seal option
authorStefan Metzmacher <metze@samba.org>
Wed, 9 May 2018 11:30:13 +0000 (13:30 +0200)
committerKarolin Seeger <kseeger@samba.org>
Mon, 4 Jun 2018 07:54:22 +0000 (09:54 +0200)
This will be used to similate a Windows client only
using NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL
on an LDAP connection, which is indicated internally by
GENSEC_FEATURE_LDAP_STYLE.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7f2bebf09cd8056b3f901dd9ff1fc9e9525f3e9d)

auth/ntlmssp/ntlmssp_client.c patch | blob | blame | history

diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index 5edd5f4fce64cd6f40d1d2c1a295640c1304b020..6e919ccdb3539c39ba2cd9ac12919a3d0b3a864e 100644 (file)
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -862,13 +862,23 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
                         * is requested.
                         */
                        ntlmssp_state->force_wrap_seal = true;
-                       /*
-                        * We want also work against old Samba servers
-                        * which didn't had GENSEC_FEATURE_LDAP_STYLE
-                        * we negotiate SEAL too. We may remove this
-                        * in a few years. As all servers should have
-                        * GENSEC_FEATURE_LDAP_STYLE by then.
-                        */
+               }
+       }
+       if (ntlmssp_state->force_wrap_seal) {
+               bool ret;
+
+               /*
+                * We want also work against old Samba servers
+                * which didn't had GENSEC_FEATURE_LDAP_STYLE
+                * we negotiate SEAL too. We may remove this
+                * in a few years. As all servers should have
+                * GENSEC_FEATURE_LDAP_STYLE by then.
+                */
+               ret = gensec_setting_bool(gensec_security->settings,
+                                         "ntlmssp_client",
+                                         "ldap_style_send_seal",
+                                         true);
+               if (ret) {
                        ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL;
                }
        }
Mirror of https://github.com/samba-team/samba.git