summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-12-10 23:56:47 +0100
committerStefan Metzmacher <metze@samba.org>2012-12-11 13:59:59 +0100
commit7c6b10fbb05eaa6075f01a4b4f8fb60f42d2dfa7 (patch)
tree39549d70f8b49d87d02853fead9466dded84b094 /source4/dsdb
parent18a306e2f2d90f6d0c7b5d82272a69d72510ed7c (diff)
downloadsamba-7c6b10fbb05eaa6075f01a4b4f8fb60f42d2dfa7.tar.gz
samba-7c6b10fbb05eaa6075f01a4b4f8fb60f42d2dfa7.tar.bz2
samba-7c6b10fbb05eaa6075f01a4b4f8fb60f42d2dfa7.zip
s4:dsdb/common: only pass the DSDB_CONTROL_PASSWORD_HASH_VALUES_OID if required
This should give the password_hash module a chance to detect if the called was the cleartext password or not. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/common/util.c18
1 files changed, 11 insertions, 7 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 632d5bfa20..4543003a3e 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1978,6 +1978,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
struct ldb_request *req;
struct dsdb_control_password_change_status *pwd_stat = NULL;
int ret;
+ bool hash_values = false;
NTSTATUS status = NT_STATUS_OK;
#define CHECK_RET(x) \
@@ -2013,6 +2014,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
el = ldb_msg_find_element(msg, "unicodePwd");
el->flags = LDB_FLAG_MOD_REPLACE;
}
+ hash_values = true;
} else {
/* the password wasn't specified correctly */
talloc_free(msg);
@@ -2050,13 +2052,15 @@ NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
}
- ret = ldb_request_add_control(req,
- DSDB_CONTROL_PASSWORD_HASH_VALUES_OID,
- true, NULL);
- if (ret != LDB_SUCCESS) {
- talloc_free(req);
- talloc_free(msg);
- return NT_STATUS_NO_MEMORY;
+ if (hash_values) {
+ ret = ldb_request_add_control(req,
+ DSDB_CONTROL_PASSWORD_HASH_VALUES_OID,
+ true, NULL);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(req);
+ talloc_free(msg);
+ return NT_STATUS_NO_MEMORY;
+ }
}
ret = ldb_request_add_control(req,
DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID,