git.samba.org / kai / samba.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
s3-auth: Allow NTLMSSP features to be disabled with smb.conf options for testing
[kai/samba.git] / source3 / auth / auth_ntlmssp.c
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 8feb45a8c962b54f073ec7997d5a1abd910e3557..2f6e8ade7179df02371c28913e02f3b89a3d0ba9 100644 (file)
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -251,15 +251,6 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu
                ntlmssp_state->allow_lm_key = true;
        }
 
-       ntlmssp_state->neg_flags =
-               NTLMSSP_NEGOTIATE_128 |
-               NTLMSSP_NEGOTIATE_56 |
-               NTLMSSP_NEGOTIATE_VERSION |
-               NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
-               NTLMSSP_NEGOTIATE_NTLM |
-               NTLMSSP_NEGOTIATE_NTLM2 |
-               NTLMSSP_NEGOTIATE_KEY_EXCH;
-
        ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name);
        if (!ntlmssp_state->server.dns_name) {
                return NT_STATUS_NO_MEMORY;
@@ -269,6 +260,29 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu
                return NT_STATUS_NO_MEMORY;
        }
 
+       ntlmssp_state->neg_flags =
+               NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_VERSION;
+
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "128bit", true)) {
+               ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;
+       }
+
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "56bit", true)) {
+               ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;
+       }
+
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "keyexchange", true)) {
+               ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
+       }
+
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "alwayssign", true)) {
+               ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
+       }
+
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "ntlm2", true)) {
+               ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
+       }
+
        if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
                ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
        }
Kai's WIP code