dsdb/password_hash: remove usage of msDs-KeyVersionNumber

metze

1 files changed, 1 insertions, 37 deletions

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 53b2a47168..426e9a1dc3 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -59,11 +59,6 @@
  * Once this is done (which could update anything at all), we
  * calculate the password hashes.
  *
- * This function must not only update the unicodePwd, dBCSPwd and
- * supplementalCredentials fields, it must also atomicly increment the
- * msDS-KeyVersionNumber.  We should be in a transaction, so all this
- * should be quite safe...
- *
  * Finally, if the administrator has requested that a password history
  * be maintained, then this should also be written out.
  *
@@ -121,7 +116,6 @@ struct setup_password_fields_io {
 		struct samr_Password *lm_history;
 		const struct ldb_val *supplemental;
 		struct supplementalCredentialsBlob scb;
-		uint32_t kvno;
 	} o;
 
 	/* generated credentials */
@@ -139,7 +133,6 @@ struct setup_password_fields_io {
 		DATA_BLOB des_crc;
 		struct ldb_val supplemental;
 		NTTIME last_set;
-		uint32_t kvno;
 	} g;
 };
 
@@ -1291,14 +1284,6 @@ static int setup_last_set_field(struct setup_password_fields_io *io)
 	return LDB_SUCCESS;
 }
 
-static int setup_kvno_field(struct setup_password_fields_io *io)
-{
-	/* increment by one */
-	io->g.kvno = io->o.kvno + 1;
-
-	return LDB_SUCCESS;
-}
-
 static int setup_password_fields(struct setup_password_fields_io *io)
 {
 	struct ldb_context *ldb;
@@ -1421,11 +1406,6 @@ static int setup_password_fields(struct setup_password_fields_io *io)
 		return ret;
 	}
 
-	ret = setup_kvno_field(io);
-	if (ret != LDB_SUCCESS) {
-		return ret;
-	}
-
 	return LDB_SUCCESS;
 }
 
@@ -1788,8 +1768,6 @@ static int password_hash_add_do_add(struct ph_context *ac)
 	ldb_msg_remove_attr(msg, "unicodePwd");
 	ldb_msg_remove_attr(msg, "dBCSPwd");
 	ldb_msg_remove_attr(msg, "pwdLastSet");
-	io.o.kvno = samdb_result_uint(msg, "msDs-KeyVersionNumber", 1) - 1;
-	ldb_msg_remove_attr(msg, "msDs-KeyVersionNumber");
 
 	ldb = ldb_module_get_ctx(ac->module);
 
@@ -1843,12 +1821,6 @@ static int password_hash_add_do_add(struct ph_context *ac)
 	if (ret != LDB_SUCCESS) {
 		return ret;
 	}
-	ret = samdb_msg_add_uint(ldb, ac, msg,
-				 "msDs-KeyVersionNumber",
-				 io.g.kvno);
-	if (ret != LDB_SUCCESS) {
-		return ret;
-	}
 
 	ret = ldb_build_add_req(&down_req, ldb, ac,
 				msg,
@@ -2070,7 +2042,7 @@ static int password_hash_mod_search_self(struct ph_context *ac)
 	struct ldb_context *ldb;
 	static const char * const attrs[] = { "userAccountControl", "lmPwdHistory", 
 					      "ntPwdHistory", 
-					      "objectSid", "msDS-KeyVersionNumber", 
+					      "objectSid",
 					      "objectClass", "userPrincipalName",
 					      "sAMAccountName", 
 					      "dBCSPwd", "unicodePwd",
@@ -2129,7 +2101,6 @@ static int password_hash_mod_do_mod(struct ph_context *ac)
 	searched_msg = ac->search_res->message;
 
 	/* Fill in some final details (only relevent once the password has been set) */
-	io.o.kvno			= samdb_result_uint(searched_msg, "msDs-KeyVersionNumber", 0);
 	io.o.nt_history_len		= samdb_result_hashes(io.ac, searched_msg, "ntPwdHistory", &io.o.nt_history);
 	io.o.lm_history_len		= samdb_result_hashes(io.ac, searched_msg, "lmPwdHistory", &io.o.lm_history);
 	io.o.supplemental		= ldb_msg_find_ldb_val(searched_msg, "supplementalCredentials");
@@ -2146,7 +2117,6 @@ static int password_hash_mod_do_mod(struct ph_context *ac)
 	ret = ldb_msg_add_empty(msg, "lmPwdHistory", LDB_FLAG_MOD_REPLACE, NULL);
 	ret = ldb_msg_add_empty(msg, "supplementalCredentials", LDB_FLAG_MOD_REPLACE, NULL);
 	ret = ldb_msg_add_empty(msg, "pwdLastSet", LDB_FLAG_MOD_REPLACE, NULL);
-	ret = ldb_msg_add_empty(msg, "msDs-KeyVersionNumber", LDB_FLAG_MOD_REPLACE, NULL);
 
 	if (io.g.nt_hash) {
 		ret = samdb_msg_add_hash(ldb, ac, msg,
@@ -2193,12 +2163,6 @@ static int password_hash_mod_do_mod(struct ph_context *ac)
 	if (ret != LDB_SUCCESS) {
 		return ret;
 	}
-	ret = samdb_msg_add_uint(ldb, ac, msg,
-				 "msDs-KeyVersionNumber",
-				 io.g.kvno);
-	if (ret != LDB_SUCCESS) {
-		return ret;
-	}
 
 	ret = ldb_build_mod_req(&mod_req, ldb, ac,
 				msg,