diff options
author | Andrew Bartlett <abartlet@samba.org> | 2017-07-03 14:39:09 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-07-04 06:57:21 +0200 |
commit | fca8536a827bff142290bf736d3294116fefebb1 (patch) | |
tree | a51046fdd270e8c1dbe085bd57a52ef4e7b21233 /source3/rpc_server | |
parent | 831861ecf910504eecab30a7e132f0fa210ed212 (diff) | |
download | samba-fca8536a827bff142290bf736d3294116fefebb1.tar.gz |
samr: Disable NTLM-based password changes on the server if NTLM is disabled
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/samr/srv_samr_chgpasswd.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/source3/rpc_server/samr/srv_samr_chgpasswd.c b/source3/rpc_server/samr/srv_samr_chgpasswd.c index ab9e92ace78..87a3f32ff13 100644 --- a/source3/rpc_server/samr/srv_samr_chgpasswd.c +++ b/source3/rpc_server/samr/srv_samr_chgpasswd.c @@ -683,6 +683,14 @@ static NTSTATUS check_oem_password(const char *user, bool nt_pass_set = (password_encrypted_with_nt_hash && old_nt_hash_encrypted); bool lm_pass_set = (password_encrypted_with_lm_hash && old_lm_hash_encrypted); + enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth(); + + /* this call should be disabled without NTLM auth */ + if (ntlm_auth_level == NTLM_AUTH_DISABLED) { + DBG_WARNING("NTLM password changes not" + "permitted by configuration.\n"); + return NT_STATUS_NTLM_BLOCKED; + } acct_ctrl = pdb_get_acct_ctrl(sampass); #if 0 |