1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

6 Commits

Author SHA1 Message Date
Andrew Bartlett
ef1dbcdc6c torture: Allow Samba as an AD DC to use zeros for LM key
This is simple, explainable and secure.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 17 02:47:13 UTC 2022 on sn-devel-184
2022-03-17 02:47:13 +00:00
Andrew Bartlett
faea2f8a6b selftest: Remove auth_log test for RAP password change
RAP is SMB1, the password change routine requires LM hashes and so everything
here is going away or has now gone, so remove the test.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-17 01:57:38 +00:00
Andrew Bartlett
d0b922bd51 ntlm_auth: Adapt --diagnostics mode to expect that the DC does not support LANMAN by default
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-17 01:57:38 +00:00
Andrew Bartlett
75c54d54ad dsdb: Remove LM hash parameter from samdb_set_password() and callers
This fixes the rpc.samr test because we no longer specify an LM hash
to the DSDB layer only to have it rejected by password_hash.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-17 01:57:38 +00:00
Andrew Bartlett
45af51fd6e selftest: Cope with LM hash not being stored in the tombstone_reanimation test
The removal of LM hash storage changes the expected metadata.

We do not need to track these values exactly to prove the
behaviour here.

This is not due to the changes in password_hash directly, which in
update_final_msg() sets DSDB_FLAG_INTERNAL_FORCE_META_DATA to force
a push out of the removed attribute to the replication state.

However at the stage of a subsequent LDAP Delete there is no longer
a lmPwdHistory nor dBCSPwd attribute, in the directory, so there is
no subsequent version bump to remove them when building a tombstone.

Samba's behaviour is different to that seen by Metze on windows 2022,
where he sees dBCSPwd removed (for the no LM store case) but
lmPwdHistory kept.  We in Samba choose to differ, not storing an
ambiguous LM hsitory (of "" values likely), so allowing any version
for these two attributes is the sensible choice.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-17 01:57:38 +00:00
Andrew Bartlett
09eaf7403e s4/dsdb: Remove LM password generation and storage from password_hash
We no longer generate nor store the LM hash in the Samba AD DC.

This adds much to the knownfail, some future commits will trim this
back down by making the tests understand that the server will not
support or store the LM hash.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-17 01:57:38 +00:00