s4-auth: For LDAP simple bind, fall back to checking the ENCTYPE_AES256_CTS_HMAC_SHA1_96 if stored

Since we don't store a salt per-key, but only a single salt, when we do not have the NT hash in the unicodePwd (eg ntlm auth = disabled), the check will fail for a previous password if the account was renamed prior to a newer password being set. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
author: Andrew Bartlett <abartlet@samba.org> 2022-06-10 12:47:01 +1200
committer: Andrew Bartlett <abartlet@samba.org> 2022-06-26 22:10:29 +0000
commit: 6029e2250c4dc837ed4f6b4613f988ae6dff49e3 (patch)
tree: 5b742c574675399c9a9b37be4a70310598bd2a3c /auth
parent: 18f2a6b231ffc4318f7f7e00f81d2815f7ebe9eb (diff)
download: samba-6029e2250c4dc837ed4f6b4613f988ae6dff49e3.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/auth/common_auth.h b/auth/common_auth.h
index d922b66ab4d..fb41d48be49 100644
--- a/auth/common_auth.h
+++ b/auth/common_auth.h
@@ -129,6 +129,9 @@ struct auth4_context {
 	/* Private data for the callbacks on this auth context */
 	void *private_data;
 
+	/* Kerberos context, set up on demand */
+	struct smb_krb5_context *smb_krb5_context;
+
 	struct tevent_req *(*check_ntlm_password_send)(TALLOC_CTX *mem_ctx,
 					struct tevent_context *ev,
 					struct auth4_context *auth_ctx,
author	Andrew Bartlett <abartlet@samba.org>	2022-06-10 12:47:01 +1200
committer	Andrew Bartlett <abartlet@samba.org>	2022-06-26 22:10:29 +0000
commit	6029e2250c4dc837ed4f6b4613f988ae6dff49e3 (patch)
tree	5b742c574675399c9a9b37be4a70310598bd2a3c /auth
parent	18f2a6b231ffc4318f7f7e00f81d2815f7ebe9eb (diff)
download	samba-6029e2250c4dc837ed4f6b4613f988ae6dff49e3.tar.gz