diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-10-31 00:23:38 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:45:31 -0500 |
commit | cfa2adf04017c9491d4cc6a69a0bbd4869061b6d (patch) | |
tree | 48606e66d038e118bb613ad86cc5c3fe1f58438e /source4/auth/credentials/credentials_files.c | |
parent | fb2bceea6e2d44f86f014a2d969591f462ee27bc (diff) | |
download | samba-cfa2adf04017c9491d4cc6a69a0bbd4869061b6d.tar.gz samba-cfa2adf04017c9491d4cc6a69a0bbd4869061b6d.tar.bz2 samba-cfa2adf04017c9491d4cc6a69a0bbd4869061b6d.zip |
r11401: A simple hack to have our central credentials system deny sending LM
authentication for user@realm logins and machine account logins.
This should avoid various protocol downgrade attacks.
Andrew Bartlett
(This used to be commit 76c2d204d0a1ec66d1ef3c935688c7571b051f46)
Diffstat (limited to 'source4/auth/credentials/credentials_files.c')
-rw-r--r-- | source4/auth/credentials/credentials_files.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c index cdf38dcfa8..35bbc43b34 100644 --- a/source4/auth/credentials/credentials_files.c +++ b/source4/auth/credentials/credentials_files.c @@ -197,6 +197,9 @@ static NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, /* ok, we are going to get it now, don't recurse back here */ cred->machine_account_pending = False; + /* some other parts of the system will key off this */ + cred->machine_account = True; + mem_ctx = talloc_named(cred, 0, "cli_credentials fetch machine password"); /* Local secrets are stored in secrets.ldb */ ldb = secrets_db_connect(mem_ctx); |