sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Code

r19321: Merge from release branch:

Browse Source 
Always set the krb5key from the ntPwdHash, even if we don't have the
cleartext password in sambaPassword.  This fixes kerberos after a
vampire.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2006-10-16 07:32:22 +00:00 committed by Gerald (Jerry) Carter
parent 9b77d285d8
commit 1d4d2271c9
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
source/dsdb/samdb/ldb_modules/password_hash.c
View File

@ -724,12 +724,6 @@ static int password_hash_add_do_add(struct ldb_handle *h) {
return ret;
}
/* add also kr5 keys based on NT the hash */
ret = add_krb5_keys_from_NThash(ac->module, msg, smb_krb5_context);
if (ret != LDB_SUCCESS) {
return ret;
}
/* if both the domain properties and the user account controls do not permit
* clear text passwords then wipe out the sambaPassword */
user_account_control = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0);
@ -740,6 +734,12 @@ static int password_hash_add_do_add(struct ldb_handle *h) {
}
}
/* add also krb5 keys based on NT the hash (we might have ntPwdHash, but not the cleartext */
ret = add_krb5_keys_from_NThash(ac->module, msg, smb_krb5_context);
if (ret != LDB_SUCCESS) {
return ret;
}
/* don't touch it if a value is set. It could be an incoming samsync */
if (ldb_msg_find_attr_as_uint64(msg, "pwdLastSet", 0) == 0) {
if (set_pwdLastSet(ac->module, msg, 0) != LDB_SUCCESS) {