diff options
author | Simo Sorce <ssorce@redhat.com> | 2010-10-04 15:13:36 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2010-10-05 08:54:08 -0400 |
commit | c594ab88badcbd3f3be4e168615fdc0ab22f8afd (patch) | |
tree | a4c2dff5c16ec996f112eff4d6f796a6bbdb7b92 /daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c | |
parent | 3b38e74da5c9ad2c151a38af1b22492a1a69e55e (diff) | |
download | freeipa-c594ab88badcbd3f3be4e168615fdc0ab22f8afd.tar.gz freeipa-c594ab88badcbd3f3be4e168615fdc0ab22f8afd.tar.xz freeipa-c594ab88badcbd3f3be4e168615fdc0ab22f8afd.zip |
Add options to control NTLM hashes
By default LM hash is disabled.
Of course generation still depends on whether the SamAccount objectclass is
present in the user object.
Diffstat (limited to 'daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c')
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c index 0e08785fd..42a4abe9f 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c @@ -48,6 +48,7 @@ extern void *ipapwd_plugin_id; extern const char *ipa_realm_dn; +extern const char *ipa_etc_config_dn; extern const char *ipa_pwd_config_dn; /* These are the default enc:salt types if nothing is defined. @@ -152,6 +153,7 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void) const struct berval *bval; struct berval *mkey = NULL; char **encsalts; + char **tmparray; char *tmpstr; int i, ret; @@ -306,6 +308,32 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void) for (i = 0; config->passsync_mgrs[i]; i++) /* count */ ; config->num_passsync_mgrs = i; + slapi_entry_free(config_entry); + + /* get the ipa etc/ipaConfig entry */ + config->allow_lm_hash = false; + config->allow_nt_hash = false; + ret = ipapwd_getEntry(ipa_etc_config_dn, &config_entry, NULL); + if (ret != LDAP_SUCCESS) { + slapi_log_error(SLAPI_LOG_FATAL, __func__, "No config Entry?\n"); + } else { + tmparray = slapi_entry_attr_get_charray(config_entry, + "ipaConfigString"); + for (i = 0; tmparray && tmparray[i]; i++) { + if (strcasecmp(tmparray[i], "AllowLMhash") == 0) { + config->allow_lm_hash = true; + continue; + } + if (strcasecmp(tmparray[i], "AllowNThash") == 0) { + config->allow_nt_hash = true; + continue; + } + } + if (tmparray) slapi_ch_array_free(tmparray); + } + + slapi_entry_free(config_entry); + return config; free_and_error: |