summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/passdb/pdb_ads.c41
1 files changed, 33 insertions, 8 deletions
diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index a1b830634a..565b469b03 100644
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -296,6 +296,7 @@ static bool pdb_ads_init_ads_from_sam(struct pdb_ads_state *state,
{
bool ret = true;
DATA_BLOB blob;
+ const char *pw;
/* TODO: All fields :-) */
@@ -303,16 +304,39 @@ static bool pdb_ads_init_ads_from_sam(struct pdb_ads_state *state,
existing, mem_ctx, pnum_mods, pmods, "displayName",
"%s", pdb_get_fullname(sam));
- blob = data_blob_const(pdb_get_nt_passwd(sam), NT_HASH_LEN);
- if (blob.data != NULL) {
- ret &= tldap_add_mod_blobs(mem_ctx, pmods, TLDAP_MOD_REPLACE,
- "unicodePwd", 1, &blob);
- }
+ pw = pdb_get_plaintext_passwd(sam);
+
+ /*
+ * If we have the plain text pw, this is probably about to be
+ * set. Is this true always?
+ */
+ if (pw != NULL) {
+ char *pw_quote;
+ uint8_t *pw_utf16;
+ size_t pw_utf16_len;
+
+ pw_quote = talloc_asprintf(talloc_tos(), "\"%s\"", pw);
+ if (pw_quote == NULL) {
+ ret = false;
+ goto fail;
+ }
+
+ ret &= convert_string_talloc(talloc_tos(),
+ CH_UNIX, CH_UTF16LE,
+ pw_quote, strlen(pw_quote),
+ &pw_utf16, &pw_utf16_len, false);
+ if (!ret) {
+ goto fail;
+ }
+ blob = data_blob_const(pw_utf16, pw_utf16_len);
- blob = data_blob_const(pdb_get_lanman_passwd(sam), NT_HASH_LEN);
- if (blob.data != NULL) {
ret &= tldap_add_mod_blobs(mem_ctx, pmods, TLDAP_MOD_REPLACE,
- "dBCSPwd", 1, &blob);
+ "unicodePwd", 1, &blob);
+ if (ret) {
+ *pnum_mods = talloc_array_length(*pmods);
+ }
+ TALLOC_FREE(pw_utf16);
+ TALLOC_FREE(pw_quote);
}
ret &= tldap_make_mod_fmt(
@@ -335,6 +359,7 @@ static bool pdb_ads_init_ads_from_sam(struct pdb_ads_state *state,
existing, mem_ctx, pnum_mods, pmods, "profilePath",
"%s", pdb_get_profile_path(sam));
+fail:
return ret;
}