summaryrefslogtreecommitdiffstats
path: root/source3/nsswitch/winbindd_creds.c
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-08-20 03:53:42 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:38:43 -0500
commit4031af7606fc1c57aec4e48f9f24466e6164bc66 (patch)
tree6a755c780ff3aa327e37b20b07025e119bd98473 /source3/nsswitch/winbindd_creds.c
parentb2d5dd7281805a25a86124d76dbc091fe12efff5 (diff)
downloadsamba-4031af7606fc1c57aec4e48f9f24466e6164bc66.tar.gz
samba-4031af7606fc1c57aec4e48f9f24466e6164bc66.tar.xz
samba-4031af7606fc1c57aec4e48f9f24466e6164bc66.zip
r17617: Take Andrew Bartletts excellent advice and don't store
the nt hash directly in the winbindd cache, store a salted version (MD5 of salt + nt_hash). This is what we do in the LDAP password history code. We store this salted cache entry under the same name as an old entry (CRED/<sid>) but detect it on read by checking if there are 17 bytes of data after the first stored hash (1 byte len, 16 bytes hash). GD PLEASE CHECK. Jeremy. (This used to be commit 89d0163a97edaa46049406ea3e2152bee4e0d1b2)
Diffstat (limited to 'source3/nsswitch/winbindd_creds.c')
-rw-r--r--source3/nsswitch/winbindd_creds.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/source3/nsswitch/winbindd_creds.c b/source3/nsswitch/winbindd_creds.c
index 414dd24af9e..75d21353fd1 100644
--- a/source3/nsswitch/winbindd_creds.c
+++ b/source3/nsswitch/winbindd_creds.c
@@ -31,12 +31,13 @@ NTSTATUS winbindd_get_creds(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
const DOM_SID *sid,
NET_USER_INFO_3 **info3,
- const uint8 *cached_nt_pass[NT_HASH_LEN])
+ const uint8 *cached_nt_pass[NT_HASH_LEN],
+ const uint8 *cred_salt[NT_HASH_LEN])
{
NET_USER_INFO_3 *info;
NTSTATUS status;
- status = wcache_get_creds(domain, mem_ctx, sid, cached_nt_pass);
+ status = wcache_get_creds(domain, mem_ctx, sid, cached_nt_pass, cred_salt);
if (!NT_STATUS_IS_OK(status)) {
return status;
}