1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

s3-winbind Don't send the LM password to the server, ever

This is for the case where we have the plaintext password locally, and
can construct the challenge-response values here.

We should never ever use the LM password in domain authentication.
The last domain controller to only have LM passwords stored was NT
3.5.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2010-12-10 12:10:07 +11:00
parent f13404e27b
commit 5cfe949108

View File

@ -1145,7 +1145,6 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
DATA_BLOB lm_resp;
DATA_BLOB nt_resp;
int attempts = 0;
unsigned char local_lm_response[24];
unsigned char local_nt_response[24];
fstring name_domain, name_user;
bool retry;
@ -1198,16 +1197,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
data_blob_free(&nt_response);
} else {
if (lp_client_lanman_auth()
&& SMBencrypt(state->request->data.auth.pass,
chal,
local_lm_response)) {
lm_resp = data_blob_talloc(state->mem_ctx,
local_lm_response,
sizeof(local_lm_response));
} else {
lm_resp = data_blob_null;
}
lm_resp = data_blob_null;
SMBNTencrypt(state->request->data.auth.pass,
chal,
local_nt_response);