}
if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+
+ if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE) {
+ /*
+ * We need to handle NTLMSSP_NEGOTIATE_SIGN as
+ * NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
+ * is requested.
+ */
+ ntlmssp_state->force_wrap_seal = true;
+ }
}
if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
uint32_t neg_flags; /* the current state of negotiation with the NTLMSSP partner */
+ bool force_wrap_seal;
+
union ntlmssp_crypt_state *crypt;
};
}
if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+
+ if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE) {
+ /*
+ * We need to handle NTLMSSP_NEGOTIATE_SIGN as
+ * NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
+ * is requested.
+ */
+ ntlmssp_state->force_wrap_seal = true;
+ }
}
if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
return NT_STATUS_NO_MEMORY;
}
+ if (ntlmssp_state->force_wrap_seal &&
+ (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN))
+ {
+ /*
+ * We need to handle NTLMSSP_NEGOTIATE_SIGN as
+ * NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
+ * is requested.
+ *
+ * The negotiation of flags (and authentication)
+ * is completed when ntlmssp_sign_init() is called
+ * so we can safely pretent NTLMSSP_NEGOTIATE_SEAL
+ * was negotiated.
+ */
+ ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
+ }
+
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
DATA_BLOB weak_session_key = ntlmssp_state->session_key;
const char *send_sign_const;
projects / thirdparty / samba.git / commitdiff
