diff options
author | Stefan Metzmacher <metze@samba.org> | 2012-12-10 23:56:47 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2012-12-11 13:59:59 +0100 |
commit | 7c6b10fbb05eaa6075f01a4b4f8fb60f42d2dfa7 (patch) | |
tree | 39549d70f8b49d87d02853fead9466dded84b094 /source4 | |
parent | 18a306e2f2d90f6d0c7b5d82272a69d72510ed7c (diff) | |
download | samba-7c6b10fbb05eaa6075f01a4b4f8fb60f42d2dfa7.tar.gz samba-7c6b10fbb05eaa6075f01a4b4f8fb60f42d2dfa7.tar.bz2 samba-7c6b10fbb05eaa6075f01a4b4f8fb60f42d2dfa7.zip |
s4:dsdb/common: only pass the DSDB_CONTROL_PASSWORD_HASH_VALUES_OID if required
This should give the password_hash module a chance to detect if the called
was the cleartext password or not.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/dsdb/common/util.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 632d5bfa20..4543003a3e 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1978,6 +1978,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_request *req; struct dsdb_control_password_change_status *pwd_stat = NULL; int ret; + bool hash_values = false; NTSTATUS status = NT_STATUS_OK; #define CHECK_RET(x) \ @@ -2013,6 +2014,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, el = ldb_msg_find_element(msg, "unicodePwd"); el->flags = LDB_FLAG_MOD_REPLACE; } + hash_values = true; } else { /* the password wasn't specified correctly */ talloc_free(msg); @@ -2050,13 +2052,15 @@ NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } } - ret = ldb_request_add_control(req, - DSDB_CONTROL_PASSWORD_HASH_VALUES_OID, - true, NULL); - if (ret != LDB_SUCCESS) { - talloc_free(req); - talloc_free(msg); - return NT_STATUS_NO_MEMORY; + if (hash_values) { + ret = ldb_request_add_control(req, + DSDB_CONTROL_PASSWORD_HASH_VALUES_OID, + true, NULL); + if (ret != LDB_SUCCESS) { + talloc_free(req); + talloc_free(msg); + return NT_STATUS_NO_MEMORY; + } } ret = ldb_request_add_control(req, DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID, |