diff options
-rw-r--r-- | source3/passdb/pdb_ads.c | 41 |
1 files changed, 33 insertions, 8 deletions
diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c index a1b830634a..565b469b03 100644 --- a/source3/passdb/pdb_ads.c +++ b/source3/passdb/pdb_ads.c @@ -296,6 +296,7 @@ static bool pdb_ads_init_ads_from_sam(struct pdb_ads_state *state, { bool ret = true; DATA_BLOB blob; + const char *pw; /* TODO: All fields :-) */ @@ -303,16 +304,39 @@ static bool pdb_ads_init_ads_from_sam(struct pdb_ads_state *state, existing, mem_ctx, pnum_mods, pmods, "displayName", "%s", pdb_get_fullname(sam)); - blob = data_blob_const(pdb_get_nt_passwd(sam), NT_HASH_LEN); - if (blob.data != NULL) { - ret &= tldap_add_mod_blobs(mem_ctx, pmods, TLDAP_MOD_REPLACE, - "unicodePwd", 1, &blob); - } + pw = pdb_get_plaintext_passwd(sam); + + /* + * If we have the plain text pw, this is probably about to be + * set. Is this true always? + */ + if (pw != NULL) { + char *pw_quote; + uint8_t *pw_utf16; + size_t pw_utf16_len; + + pw_quote = talloc_asprintf(talloc_tos(), "\"%s\"", pw); + if (pw_quote == NULL) { + ret = false; + goto fail; + } + + ret &= convert_string_talloc(talloc_tos(), + CH_UNIX, CH_UTF16LE, + pw_quote, strlen(pw_quote), + &pw_utf16, &pw_utf16_len, false); + if (!ret) { + goto fail; + } + blob = data_blob_const(pw_utf16, pw_utf16_len); - blob = data_blob_const(pdb_get_lanman_passwd(sam), NT_HASH_LEN); - if (blob.data != NULL) { ret &= tldap_add_mod_blobs(mem_ctx, pmods, TLDAP_MOD_REPLACE, - "dBCSPwd", 1, &blob); + "unicodePwd", 1, &blob); + if (ret) { + *pnum_mods = talloc_array_length(*pmods); + } + TALLOC_FREE(pw_utf16); + TALLOC_FREE(pw_quote); } ret &= tldap_make_mod_fmt( @@ -335,6 +359,7 @@ static bool pdb_ads_init_ads_from_sam(struct pdb_ads_state *state, existing, mem_ctx, pnum_mods, pmods, "profilePath", "%s", pdb_get_profile_path(sam)); +fail: return ret; } |