summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-06-12 13:22:54 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-06-12 16:45:49 +0200
commit890d590e5193cc187d4c8dc423afef57048400fa (patch)
tree3942a8c2b83e31d35f0e155c55857ddbbc740db9
parent3e98262c7115322bb069d19e275c43b1fbd30ec3 (diff)
downloadsamba-890d590e5193cc187d4c8dc423afef57048400fa.tar.gz
samba-890d590e5193cc187d4c8dc423afef57048400fa.tar.bz2
samba-890d590e5193cc187d4c8dc423afef57048400fa.zip
s4:password_hash LDB module - this does really deactivate the MS LAN manager hash
Previously, only the conversion from cleartext to the LM hash was deactivated, and not when the user specified it directly through "dBCSPwd".
-rw-r--r--source4/dsdb/samdb/ldb_modules/password_hash.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 9db97541f1..94eb9cf9fa 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1382,8 +1382,7 @@ static int setup_given_passwords(struct setup_password_fields_io *io,
g->cleartext_utf16->length);
}
- if (g->cleartext_utf8 &&
- lp_lanman_auth(ldb_get_opaque(ldb, "loadparm"))) {
+ if (g->cleartext_utf8) {
struct samr_Password *lm_hash;
lm_hash = talloc(io->ac, struct samr_Password);
@@ -1435,9 +1434,14 @@ static int setup_password_fields(struct setup_password_fields_io *io)
return ret;
}
- ret = setup_lm_fields(io);
- if (ret != LDB_SUCCESS) {
- return ret;
+ if (lp_lanman_auth(ldb_get_opaque(ldb, "loadparm"))) {
+ ret = setup_lm_fields(io);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ } else {
+ io->g.lm_hash = NULL;
+ io->g.lm_history_len = 0;
}
ret = setup_supplemental_field(io);