diff options
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/password_hash.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index f85ae1e5b9..505f2c26f7 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -2187,6 +2187,7 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) struct ldb_message_element *userPasswordAttr, *clearTextPasswordAttr, *ntAttr, *lmAttr; int ret; + struct ldb_control *bypass = NULL; ldb = ldb_module_get_ctx(module); @@ -2202,6 +2203,15 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } + bypass = ldb_request_get_control(req, + DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID); + if (bypass != NULL) { + /* Mark the "bypass" control as uncritical (done) */ + bypass->critical = false; + ldb_debug(ldb, LDB_DEBUG_TRACE, "password_hash_add (bypassing)\n"); + return ldb_next_request(module, req); + } + /* nobody must touch password histories and 'supplementalCredentials' */ if (ldb_msg_find_element(req->op.add.message, "ntPwdHistory")) { return LDB_ERR_UNWILLING_TO_PERFORM; @@ -2363,6 +2373,7 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r struct ldb_message *msg; struct ldb_request *down_req; int ret; + struct ldb_control *bypass = NULL; ldb = ldb_module_get_ctx(module); @@ -2378,6 +2389,15 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r return ldb_next_request(module, req); } + bypass = ldb_request_get_control(req, + DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID); + if (bypass != NULL) { + /* Mark the "bypass" control as uncritical (done) */ + bypass->critical = false; + ldb_debug(ldb, LDB_DEBUG_TRACE, "password_hash_modify (bypassing)\n"); + return ldb_next_request(module, req); + } + /* nobody must touch password histories and 'supplementalCredentials' */ if (ldb_msg_find_element(req->op.mod.message, "ntPwdHistory")) { return LDB_ERR_UNWILLING_TO_PERFORM; |