s3-auth: Allow NTLMSSP features to be disabled with smb.conf options for testing
authorAndrew Bartlett <abartlet@samba.org>
Tue, 31 Jan 2012 05:01:45 +0000 (16:01 +1100)
committerStefan Metzmacher <metze@samba.org>
Fri, 17 Feb 2012 09:48:09 +0000 (10:48 +0100)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
source3/auth/auth_ntlmssp.c

index 8feb45a..2f6e8ad 100644 (file)
@@ -251,15 +251,6 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu
                ntlmssp_state->allow_lm_key = true;
        }
 
-       ntlmssp_state->neg_flags =
-               NTLMSSP_NEGOTIATE_128 |
-               NTLMSSP_NEGOTIATE_56 |
-               NTLMSSP_NEGOTIATE_VERSION |
-               NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
-               NTLMSSP_NEGOTIATE_NTLM |
-               NTLMSSP_NEGOTIATE_NTLM2 |
-               NTLMSSP_NEGOTIATE_KEY_EXCH;
-
        ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name);
        if (!ntlmssp_state->server.dns_name) {
                return NT_STATUS_NO_MEMORY;
@@ -269,6 +260,29 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu
                return NT_STATUS_NO_MEMORY;
        }
 
+       ntlmssp_state->neg_flags =
+               NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_VERSION;
+
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "128bit", true)) {
+               ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;
+       }
+
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "56bit", true)) {
+               ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;
+       }
+
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "keyexchange", true)) {
+               ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
+       }
+
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "alwayssign", true)) {
+               ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
+       }
+
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "ntlm2", true)) {
+               ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
+       }
+
        if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
                ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
        }