summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-08-15 09:36:25 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-08-15 19:42:39 +0200
commit28cfae774edf7bd4e2c4d9285b0d0508bee64284 (patch)
tree6b75dd6549f9cf1d6583d659845a3a3f0ee57418 /source4/dsdb
parent9476c43967af66e854cfda13bf09e21da7e63a44 (diff)
downloadsamba-28cfae774edf7bd4e2c4d9285b0d0508bee64284.tar.gz
samba-28cfae774edf7bd4e2c4d9285b0d0508bee64284.tar.bz2
samba-28cfae774edf7bd4e2c4d9285b0d0508bee64284.zip
s4:password_hash LDB module - allow to compare against both NT and LM hashes on password change operations
This is to match the SAMR password change behaviour.
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/password_hash.c11
1 files changed, 1 insertions, 10 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index cf239fb903..e90653f7ec 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1439,7 +1439,7 @@ static int check_password_restrictions(struct setup_password_fields_io *io)
if (!io->ac->pwd_reset && !io->ac->change_old_pw_checked) {
bool nt_hash_checked = false;
- /* we need to old nt or lm hash given by the client */
+ /* we need the old nt or lm hash given by the client */
if (!io->og.nt_hash && !io->og.lm_hash) {
ldb_asprintf_errstring(ldb,
"check_password_restrictions: "
@@ -1878,15 +1878,6 @@ static int setup_io(struct ph_context *ac,
return LDB_ERR_UNWILLING_TO_PERFORM;
}
- /* refuse the change if someone wants to compare against both
- * hashes at the same time for a "password modify" operation... */
- if (io->og.nt_hash && io->og.lm_hash) {
- ldb_asprintf_errstring(ldb,
- "setup_io: "
- "it's only allowed to provide the old password in hash format as 'unicodePwd' or as 'dBCSPwd'");
- return LDB_ERR_UNWILLING_TO_PERFORM;
- }
-
/* Decides if we have a password modify or password reset operation */
if (ac->req->operation == LDB_ADD) {
/* On "add" we have only "password reset" */