• Stefan Metzmacher's avatar
    auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as a server · c7a3ce95
    Stefan Metzmacher authored
    This fixes "NTLMSSP NTLM2 packet check failed due to invalid signature!"
    error messages, which were generated if the client only sends
    NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL on an LDAP
    connection.
    
    This fixes a regession in the combination of commits
    77adac8c and
    3a0b8354.
    
    We need to evaluate GENSEC_FEATURE_LDAP_STYLE at the end
    of the authentication (as a server, while we already
    do so at the beginning as a client).
    
    As a reminder I introduced GENSEC_FEATURE_LDAP_STYLE
    (as an internal flag) in order to let us work as a
    Windows using NTLMSSP for LDAP. Even if only signing is
    negotiated during the authentication the following PDUs
    will still be encrypted if NTLMSSP is used. This is exactly the
    same as if the client would have negotiated NTLMSSP_NEGOTIATE_SEAL.
    I guess it's a bug in Windows, but we have to reimplement that
    bug. Note this only applies to NTLMSSP and only to LDAP!
    Signing only works fine for LDAP with Kerberos
    or DCERPC and NTLMSSP.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427Signed-off-by: default avatarStefan Metzmacher <metze@samba.org>
    Reviewed-by: default avatarAndrew Bartlett <abartlet@samba.org>
    
    Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
    Autobuild-Date(master): Wed May 16 03:26:03 CEST 2018 on sn-devel-144
    c7a3ce95
Name
Last commit
Last update
..
gensec_ntlmssp.c Loading commit data...
gensec_ntlmssp_server.c Loading commit data...
ntlmssp.c Loading commit data...
ntlmssp.h Loading commit data...
ntlmssp_client.c Loading commit data...
ntlmssp_ndr.c Loading commit data...
ntlmssp_ndr.h Loading commit data...
ntlmssp_private.h Loading commit data...
ntlmssp_server.c Loading commit data...
ntlmssp_sign.c Loading commit data...
ntlmssp_util.c Loading commit data...
wscript_build Loading commit data...