s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID"

Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards
contain a record with the specified old password as NT and/or LM hash.

4 files changed, 10 insertions, 11 deletions

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 7fcc3bf0a4..86b74d5630 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2074,7 +2074,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
 		/* a user password change and we've checked already the old
 		 * password somewhere else (callers responsability) */
 		ret = ldb_request_add_control(req,
-					      DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID,
+					      DSDB_CONTROL_PASSWORD_CHANGE_OID,
 					      true, NULL);
 		if (ret != LDB_SUCCESS) {
 			talloc_free(req);
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index a3c06b6f05..457af56b85 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -100,7 +100,7 @@ struct ph_context {
 
 	bool change_status;
 	bool hash_values;
-	bool change_old_pw_checked;
+	bool change;
 };
 
 
@@ -1436,7 +1436,7 @@ static int check_password_restrictions(struct setup_password_fields_io *io)
 	ldb = ldb_module_get_ctx(io->ac->module);
 
 	/* First check the old password is correct, for password changes */
-	if (!io->ac->pwd_reset && !io->ac->change_old_pw_checked) {
+	if (!io->ac->pwd_reset && !io->ac->change) {
 		bool nt_hash_checked = false;
 
 		/* we need the old nt or lm hash given by the client */
@@ -1914,7 +1914,7 @@ static int setup_io(struct ph_context *ac,
 	} else if (ac->req->operation == LDB_MODIFY) {
 		if (io->og.cleartext_utf8 || io->og.cleartext_utf16
 		    || io->og.nt_hash || io->og.lm_hash
-		    || ac->change_old_pw_checked) {
+		    || ac->change) {
 			/* If we have an old password or the "change old
 			 * password checked" control specified then for sure it
 			 * is a user "password change" */
@@ -1975,14 +1975,13 @@ static void ph_apply_controls(struct ph_context *ac)
 		ctrl->critical = false;
 	}
 
-	ac->change_old_pw_checked = false;
+	ac->change = false;
 	ctrl = ldb_request_get_control(ac->req,
-				       DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID);
+				       DSDB_CONTROL_PASSWORD_CHANGE_OID);
 	if (ctrl != NULL) {
-		ac->change_old_pw_checked = true;
+		ac->change = true;
 
-		/* Mark the "change old password checked" control as uncritical
-		 * (done) */
+		/* Mark the "change" control as uncritical (done) */
 		ctrl->critical = false;
 	}
 }
diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h
index 75aae7f108..93bab7bd2c 100644
--- a/source4/dsdb/samdb/samdb.h
+++ b/source4/dsdb/samdb/samdb.h
@@ -80,7 +80,7 @@ struct dsdb_control_password_change_status {
 
 #define DSDB_CONTROL_PASSWORD_HASH_VALUES_OID "1.3.6.1.4.1.7165.4.3.9"
 
-#define DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID "1.3.6.1.4.1.7165.4.3.10"
+#define DSDB_CONTROL_PASSWORD_CHANGE_OID "1.3.6.1.4.1.7165.4.3.10"
 
 /**
    DSDB_CONTROL_APPLY_LINKS is internal to Samba4 - a token passed between repl_meta_data and linked_attributes modules
diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
index aecd273a18..98801e6ae1 100644
--- a/source4/setup/schema_samba4.ldif
+++ b/source4/setup/schema_samba4.ldif
@@ -182,7 +182,7 @@
 #Allocated: LDB_CONTROL_AS_SYSTEM_OID 1.3.6.1.4.1.7165.4.3.7
 #Allocated: DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID 1.3.6.1.4.1.7165.4.3.8
 #Allocated: DSDB_CONTROL_PASSWORD_HASH_VALUES_OID 1.3.6.1.4.1.7165.4.3.9
-#Allocated: DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID 1.3.6.1.4.1.7165.4.3.10
+#Allocated: DSDB_CONTROL_PASSWORD_CHANGE_OID 1.3.6.1.4.1.7165.4.3.10
 #Allocated: DSDB_CONTROL_APPLY_LINKS 1.3.6.1.4.1.7165.4.3.11
 #Allocated: DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID 1.3.6.1.4.1.7165.4.3.12
 #Allocated: LDB_CONTROL_BYPASSOPERATIONAL_OID 1.3.6.1.4.1.7165.4.3.13