diff options
author | Andrew Bartlett <abartlet@samba.org> | 2022-06-10 12:47:01 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2022-06-26 22:10:29 +0000 |
commit | 6029e2250c4dc837ed4f6b4613f988ae6dff49e3 (patch) | |
tree | 5b742c574675399c9a9b37be4a70310598bd2a3c /auth | |
parent | 18f2a6b231ffc4318f7f7e00f81d2815f7ebe9eb (diff) | |
download | samba-6029e2250c4dc837ed4f6b4613f988ae6dff49e3.tar.gz |
s4-auth: For LDAP simple bind, fall back to checking the ENCTYPE_AES256_CTS_HMAC_SHA1_96 if stored
Since we don't store a salt per-key, but only a single salt, when we do
not have the NT hash in the unicodePwd (eg ntlm auth = disabled), the check
will fail for a previous password if the account was renamed prior to a
newer password being set.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'auth')
-rw-r--r-- | auth/common_auth.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/auth/common_auth.h b/auth/common_auth.h index d922b66ab4d..fb41d48be49 100644 --- a/auth/common_auth.h +++ b/auth/common_auth.h @@ -129,6 +129,9 @@ struct auth4_context { /* Private data for the callbacks on this auth context */ void *private_data; + /* Kerberos context, set up on demand */ + struct smb_krb5_context *smb_krb5_context; + struct tevent_req *(*check_ntlm_password_send)(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct auth4_context *auth_ctx, |