r16961: Merge 'seperate policy from logic' changes from Samba3. The 56-bit

flag is handled just like all the others.

Also negotiate the unknown 0x02000000 flag, to match windows.

Andrew Bartlett
(This used to be commit 1d0befdb681ed9974d1bdff46ce56353552ee0e0)

diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c
index fff0c9c7e9c4634ad107534979ef25fb58689a2e..bb9ff9cc63ddf31df43f177ab1a1937f19c5d3ab 100644 (file)
--- a/source4/auth/ntlmssp/ntlmssp.c
+++ b/source4/auth/ntlmssp/ntlmssp.c
@@ -260,9 +260,6 @@ void ntlmssp_handle_neg_flags(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
 
        if (!(neg_flags & NTLMSSP_NEGOTIATE_128)) {
                gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_128;
-               if (neg_flags & NTLMSSP_NEGOTIATE_56) {
-                       gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;
-               }
        }
 
        if (!(neg_flags & NTLMSSP_NEGOTIATE_56)) {
@@ -273,6 +270,12 @@ void ntlmssp_handle_neg_flags(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
                gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_KEY_EXCH;
        }
 
+       /* Woop Woop - unknown flag for Windows compatibility...
+          What does this really do ? JRA. */
+       if (!(neg_flags & NTLMSSP_UNKNOWN_02000000)) {
+               gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_UNKNOWN_02000000;
+       }
+
        if ((neg_flags & NTLMSSP_REQUEST_TARGET)) {
                gensec_ntlmssp_state->neg_flags |= NTLMSSP_REQUEST_TARGET;
        }

diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h
index 1efb1afd544d554bbaff431ed6ce3db0726ef4d5..a9ad988a5ff73f51371c406a0f7b536818495162 100644 (file)
--- a/source4/auth/ntlmssp/ntlmssp.h
+++ b/source4/auth/ntlmssp/ntlmssp.h
@@ -62,6 +62,7 @@ enum ntlmssp_message_type
 #define NTLMSSP_CHAL_NON_NT_SESSION_KEY    0x00040000
 #define NTLMSSP_NEGOTIATE_NTLM2            0x00080000
 #define NTLMSSP_CHAL_TARGET_INFO           0x00800000
+#define NTLMSSP_UNKNOWN_02000000           0x02000000
 #define NTLMSSP_NEGOTIATE_128              0x20000000 /* 128-bit encryption */
 #define NTLMSSP_NEGOTIATE_KEY_EXCH         0x40000000
 #define NTLMSSP_NEGOTIATE_56               0x80000000

diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index 44f7fa8b8c84b95e879b018410c7a78549763437..b574622bbeaa39022d070c161286fa9f4291e50f 100644 (file)
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -800,7 +800,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
        gensec_ntlmssp_state->server_multiple_authentications = False;
        
        gensec_ntlmssp_state->neg_flags = 
-               NTLMSSP_NEGOTIATE_NTLM;
+               NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_UNKNOWN_02000000;
 
        gensec_ntlmssp_state->lm_resp = data_blob(NULL, 0);
        gensec_ntlmssp_state->nt_resp = data_blob(NULL, 0);
@@ -810,6 +810,10 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
                gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;               
        }
 
+       if (lp_parm_bool(-1, "ntlmssp_server", "56bit", True)) {
+               gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;                
+       }
+
        if (lp_parm_bool(-1, "ntlmssp_server", "keyexchange", True)) {
                gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;          
        }