mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
s3-winbind Don't send the LM password to the server, ever
This is for the case where we have the plaintext password locally, and can construct the challenge-response values here. We should never ever use the LM password in domain authentication. The last domain controller to only have LM passwords stored was NT 3.5. Andrew Bartlett
This commit is contained in:
parent
f13404e27b
commit
5cfe949108
@ -1145,7 +1145,6 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
|
||||
DATA_BLOB lm_resp;
|
||||
DATA_BLOB nt_resp;
|
||||
int attempts = 0;
|
||||
unsigned char local_lm_response[24];
|
||||
unsigned char local_nt_response[24];
|
||||
fstring name_domain, name_user;
|
||||
bool retry;
|
||||
@ -1198,16 +1197,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
|
||||
data_blob_free(&nt_response);
|
||||
|
||||
} else {
|
||||
if (lp_client_lanman_auth()
|
||||
&& SMBencrypt(state->request->data.auth.pass,
|
||||
chal,
|
||||
local_lm_response)) {
|
||||
lm_resp = data_blob_talloc(state->mem_ctx,
|
||||
local_lm_response,
|
||||
sizeof(local_lm_response));
|
||||
} else {
|
||||
lm_resp = data_blob_null;
|
||||
}
|
||||
lm_resp = data_blob_null;
|
||||
SMBNTencrypt(state->request->data.auth.pass,
|
||||
chal,
|
||||
local_nt_response);
|
||||
|
Loading…
Reference in New Issue
Block a user