summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-07-12 15:26:42 +1000
committerAndrew Bartlett <abartlet@samba.org>2008-07-12 15:26:42 +1000
commit44ea6a26fd088f0f8c86817510ebe5a6cddf9158 (patch)
treeb40611c9cec31abf163d6d5ce16a9f993486f66c /source4/dsdb
parentb4691ad5601a9d3e3f8ff8b42314d5e2cb462cd2 (diff)
downloadsamba-44ea6a26fd088f0f8c86817510ebe5a6cddf9158.tar.gz
samba-44ea6a26fd088f0f8c86817510ebe5a6cddf9158.tar.bz2
samba-44ea6a26fd088f0f8c86817510ebe5a6cddf9158.zip
rename sambaPassword -> userPassword.
This attribute is used in a very similar way (virtual attribute updating the password) in AD on Win2003, so eliminate the difference. This should not cause a problem for on-disk passwords, as by default we do not store the plaintext at all. Andrew Bartlett (This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/common/util.c4
-rw-r--r--source4/dsdb/samdb/ldb_modules/kludge_acl.c2
-rw-r--r--source4/dsdb/samdb/ldb_modules/local_password.c6
-rw-r--r--source4/dsdb/samdb/ldb_modules/password_hash.c32
-rw-r--r--source4/dsdb/samdb/ldb_modules/samba3sam.c4
-rw-r--r--source4/dsdb/samdb/ldb_modules/simple_ldap_map.c18
6 files changed, 24 insertions, 42 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index a571ae1f79..fa8276e7b4 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1741,11 +1741,11 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
* Modules in ldb will set all the appropriate
* hashes */
CHECK_RET(samdb_msg_add_string(ctx, mem_ctx, mod,
- "sambaPassword", new_pass));
+ "userPassword", new_pass));
} else {
/* We don't have the cleartext, so delete the old one
* and set what we have of the hashes */
- CHECK_RET(samdb_msg_add_delete(ctx, mem_ctx, mod, "sambaPassword"));
+ CHECK_RET(samdb_msg_add_delete(ctx, mem_ctx, mod, "userPassword"));
if (lmNewHash) {
CHECK_RET(samdb_msg_add_hash(ctx, mem_ctx, mod, "dBCSPwd", lmNewHash));
diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
index bc30fbc36d..2c01594722 100644
--- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c
+++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
@@ -321,7 +321,7 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req)
/* FIXME: I hink we should copy the tree and keep the original
* unmodified. SSS */
/* replace any attributes in the parse tree that are private,
- so we don't allow a search for 'sambaPassword=penguin',
+ so we don't allow a search for 'userPassword=penguin',
just as we would not allow that attribute to be returned */
switch (ac->user_type) {
case SECURITY_SYSTEM:
diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c
index dfa98ef0af..a411c01513 100644
--- a/source4/dsdb/samdb/ldb_modules/local_password.c
+++ b/source4/dsdb/samdb/ldb_modules/local_password.c
@@ -24,7 +24,7 @@
*
* Component: ldb local_password module
*
- * Description: correctly update hash values based on changes to sambaPassword and friends
+ * Description: correctly update hash values based on changes to userPassword and friends
*
* Author: Andrew Bartlett
*/
@@ -154,7 +154,7 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req
return ldb_next_request(module, req);
}
- /* TODO: remove this when sambaPassword will be in schema */
+ /* TODO: remove this when userPassword will be in schema */
if (!ldb_msg_check_string_attribute(req->op.add.message, "objectClass", "person")) {
ldb_asprintf_errstring(module->ldb,
"Cannot relocate a password on entry: %s, does not have objectClass 'person'",
@@ -417,7 +417,7 @@ static int local_password_mod_local(struct ldb_handle *h) {
ac = talloc_get_type(h->private_data, struct lpdb_context);
/* if it is not an entry of type person this is an error */
- /* TODO: remove this when sambaPassword will be in schema */
+ /* TODO: remove this when these things are checked in the schema */
if (!ac->search_res) {
ldb_asprintf_errstring(ac->module->ldb,
"entry just modified (%s) not found!",
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 1d2bdd988e..3e442b6341 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -25,7 +25,7 @@
*
* Component: ldb password_hash module
*
- * Description: correctly update hash values based on changes to sambaPassword and friends
+ * Description: correctly update hash values based on changes to userPassword and friends
*
* Author: Andrew Bartlett
* Author: Stefan Metzmacher
@@ -54,7 +54,7 @@
/* If we have decided there is reason to work on this request, then
* setup all the password hash types correctly.
*
- * If the administrator doesn't want the sambaPassword stored (set in the
+ * If the administrator doesn't want the userPassword stored (set in the
* domain and per-account policies) then we must strip that out before
* we do the first operation.
*
@@ -1341,10 +1341,10 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
return LDB_ERR_UNWILLING_TO_PERFORM;
}
- /* If no part of this ADD touches the sambaPassword, or the NT
+ /* If no part of this ADD touches the userPassword, or the NT
* or LM hashes, then we don't need to make any changes. */
- sambaAttr = ldb_msg_find_element(req->op.mod.message, "sambaPassword");
+ sambaAttr = ldb_msg_find_element(req->op.mod.message, "userPassword");
ntAttr = ldb_msg_find_element(req->op.mod.message, "unicodePwd");
lmAttr = ldb_msg_find_element(req->op.mod.message, "dBCSPwd");
@@ -1353,16 +1353,16 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
}
/* if it is not an entry of type person its an error */
- /* TODO: remove this when sambaPassword will be in schema */
+ /* TODO: remove this when userPassword will be in schema */
if (!ldb_msg_check_string_attribute(req->op.add.message, "objectClass", "person")) {
ldb_set_errstring(module->ldb, "Cannot set a password on entry that does not have objectClass 'person'");
return LDB_ERR_OBJECT_CLASS_VIOLATION;
}
- /* check sambaPassword is single valued here */
- /* TODO: remove this when sambaPassword will be single valued in schema */
+ /* check userPassword is single valued here */
+ /* TODO: remove this when userPassword will be single valued in schema */
if (sambaAttr && sambaAttr->num_values > 1) {
- ldb_set_errstring(module->ldb, "mupltiple values for sambaPassword not allowed!\n");
+ ldb_set_errstring(module->ldb, "mupltiple values for userPassword not allowed!\n");
return LDB_ERR_CONSTRAINT_VIOLATION;
}
@@ -1376,7 +1376,7 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
}
if (sambaAttr && sambaAttr->num_values == 0) {
- ldb_set_errstring(module->ldb, "sambaPassword must have a value!\n");
+ ldb_set_errstring(module->ldb, "userPassword must have a value!\n");
return LDB_ERR_CONSTRAINT_VIOLATION;
}
@@ -1459,12 +1459,12 @@ static int password_hash_add_do_add(struct ldb_handle *h) {
io.u.user_principal_name = samdb_result_string(msg, "userPrincipalName", NULL);
io.u.is_computer = ldb_msg_check_string_attribute(msg, "objectClass", "computer");
- io.n.cleartext = samdb_result_string(msg, "sambaPassword", NULL);
+ io.n.cleartext = samdb_result_string(msg, "userPassword", NULL);
io.n.nt_hash = samdb_result_hash(io.ac, msg, "unicodePwd");
io.n.lm_hash = samdb_result_hash(io.ac, msg, "dBCSPwd");
/* remove attributes */
- if (io.n.cleartext) ldb_msg_remove_attr(msg, "sambaPassword");
+ if (io.n.cleartext) ldb_msg_remove_attr(msg, "userPassword");
if (io.n.nt_hash) ldb_msg_remove_attr(msg, "unicodePwd");
if (io.n.lm_hash) ldb_msg_remove_attr(msg, "dBCSPwd");
ldb_msg_remove_attr(msg, "pwdLastSet");
@@ -1573,11 +1573,11 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
return LDB_ERR_UNWILLING_TO_PERFORM;
}
- sambaAttr = ldb_msg_find_element(req->op.mod.message, "sambaPassword");
+ sambaAttr = ldb_msg_find_element(req->op.mod.message, "userPassword");
ntAttr = ldb_msg_find_element(req->op.mod.message, "unicodePwd");
lmAttr = ldb_msg_find_element(req->op.mod.message, "dBCSPwd");
- /* If no part of this touches the sambaPassword OR unicodePwd and/or dBCSPwd, then we don't
+ /* If no part of this touches the userPassword OR unicodePwd and/or dBCSPwd, then we don't
* need to make any changes. For password changes/set there should
* be a 'delete' or a 'modify' on this attribute. */
if ((!sambaAttr) && (!ntAttr) && (!lmAttr)) {
@@ -1619,7 +1619,7 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
/* - remove any imodification to the password from the first commit
* we will make the real modification later */
- if (sambaAttr) ldb_msg_remove_attr(msg, "sambaPassword");
+ if (sambaAttr) ldb_msg_remove_attr(msg, "userPassword");
if (ntAttr) ldb_msg_remove_attr(msg, "unicodePwd");
if (lmAttr) ldb_msg_remove_attr(msg, "dBCSPwd");
@@ -1655,7 +1655,7 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_
}
/* if it is not an entry of type person this is an error */
- /* TODO: remove this when sambaPassword will be in schema */
+ /* TODO: remove this when userPassword will be in schema */
if (!ldb_msg_check_string_attribute(ares->message, "objectClass", "person")) {
ldb_set_errstring(ldb, "Object class violation");
talloc_free(ares);
@@ -1790,7 +1790,7 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) {
io.u.user_principal_name = samdb_result_string(searched_msg, "userPrincipalName", NULL);
io.u.is_computer = ldb_msg_check_string_attribute(searched_msg, "objectClass", "computer");
- io.n.cleartext = samdb_result_string(orig_msg, "sambaPassword", NULL);
+ io.n.cleartext = samdb_result_string(orig_msg, "userPassword", NULL);
io.n.nt_hash = samdb_result_hash(io.ac, orig_msg, "unicodePwd");
io.n.lm_hash = samdb_result_hash(io.ac, orig_msg, "dBCSPwd");
diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c
index 88b04b1bb6..7a123c818f 100644
--- a/source4/dsdb/samdb/ldb_modules/samba3sam.c
+++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c
@@ -848,9 +848,9 @@ const struct ldb_map_attribute samba3_attributes[] =
.type = MAP_IGNORE,
},
- /* sambaPassword */
+ /* userPassword */
{
- .local_name = "sambaPassword",
+ .local_name = "userPassword",
.type = MAP_IGNORE,
},
diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
index e5541ea255..05f11003c4 100644
--- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
+++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
@@ -355,15 +355,6 @@ static const struct ldb_map_attribute entryuuid_attributes[] =
}
},
{
- .local_name = "sambaPassword",
- .type = MAP_RENAME,
- .u = {
- .rename = {
- .remote_name = "userPassword"
- }
- }
- },
- {
.local_name = "objectCategory",
.type = MAP_CONVERT,
.u = {
@@ -505,15 +496,6 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] =
}
},
{
- .local_name = "sambaPassword",
- .type = MAP_RENAME,
- .u = {
- .rename = {
- .remote_name = "userPassword"
- }
- }
- },
- {
.local_name = "objectCategory",
.type = MAP_CONVERT,
.u = {