From 1a06b31b592a9c1d0188f4470b38e881b0bf3633 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 11 Mar 2009 20:01:13 +1100
Subject: s4:password_hash Only store the LM hash if 'lanman auth = yes'

The clients that do only lanman auth are on their way out, the
passwords are case insensitive, it does not support unicode and we
should not store such a poor hash of the password if we can avoid it.

Andrew Bartlett
---
 source4/dsdb/samdb/ldb_modules/password_hash.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 56d4c4fe36..5a9926b6d1 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1379,7 +1379,8 @@ static int setup_password_fields(struct setup_password_fields_io *io)
 	if (io->n.cleartext_utf8) {
 		struct samr_Password *lm_hash;
 		char *cleartext_unix;
-		if (convert_string_talloc_convenience(io->ac, lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")), 
+		if (lp_lanman_auth(ldb_get_opaque(ldb, "loadparm")) &&
+		    convert_string_talloc_convenience(io->ac, lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")), 
 							 CH_UTF8, CH_UNIX, io->n.cleartext_utf8->data, io->n.cleartext_utf8->length, 
 							 (void **)&cleartext_unix, &converted_pw_len, false)) {
 			lm_hash = talloc(io->ac, struct samr_Password);
-- 
cgit