diff options
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/password_hash.c | 38 | ||||
| -rw-r--r-- | source4/dsdb/samdb/samdb.h | 4 | ||||
| -rw-r--r-- | source4/setup/schema_samba4.ldif | 1 |
3 files changed, 42 insertions, 1 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 02e68cd919..9fcdcf7ac8 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -95,6 +95,7 @@ struct ph_context { bool change_status; bool hash_values; bool userPassword; + bool pwd_last_set_bypass; }; @@ -1663,6 +1664,33 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) static int setup_last_set_field(struct setup_password_fields_io *io) { + const struct ldb_message *msg = NULL; + + switch (io->ac->req->operation) { + case LDB_ADD: + msg = io->ac->req->op.add.message; + break; + case LDB_MODIFY: + msg = io->ac->req->op.mod.message; + break; + } + + if (io->ac->pwd_last_set_bypass) { + struct ldb_message_element *el; + + if (msg == NULL) { + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + el = ldb_msg_find_element(msg, "pwdLastSet"); + if (el == NULL) { + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + io->g.last_set = samdb_result_nttime(msg, "pwdLastSet", 0); + return LDB_SUCCESS; + } + /* set it as now */ unix_to_nt_time(&io->g.last_set, time(NULL)); @@ -2484,6 +2512,16 @@ static void ph_apply_controls(struct ph_context *ac) /* Mark the "change" control as uncritical (done) */ ctrl->critical = false; } + + ac->pwd_last_set_bypass = false; + ctrl = ldb_request_get_control(ac->req, + DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID); + if (ctrl != NULL) { + ac->pwd_last_set_bypass = true; + + /* Mark the "bypass pwdLastSet" control as uncritical (done) */ + ctrl->critical = false; + } } static int ph_op_callback(struct ldb_request *req, struct ldb_reply *ares) diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h index 2fb15b9a62..ae6042c6bd 100644 --- a/source4/dsdb/samdb/samdb.h +++ b/source4/dsdb/samdb/samdb.h @@ -113,7 +113,6 @@ struct dsdb_control_password_change { */ #define DSDB_CONTROL_CHANGEREPLMETADATA_OID "1.3.6.1.4.1.7165.4.3.14" - /* passed when we want to get the behaviour of the non-global catalog port */ #define DSDB_CONTROL_NO_GLOBAL_CATALOG "1.3.6.1.4.1.7165.4.3.17" @@ -123,6 +122,9 @@ struct dsdb_control_password_change { /* passed when we want special behaviour for dbcheck */ #define DSDB_CONTROL_DBCHECK "1.3.6.1.4.1.7165.4.3.19" +/* passed when importing plain text password on upgrades */ +#define DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID "1.3.6.1.4.1.7165.4.3.20" + #define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1" struct dsdb_extended_replicated_object { struct ldb_message *msg; diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index bfa6dd094a..5f4a20a2f0 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -194,6 +194,7 @@ #Allocated: DSDB_CONTROL_NO_GLOBAL_CATALOG 1.3.6.1.4.1.7165.4.3.17 #Allocated: DSDB_CONTROL_PARTIAL_REPLICA 1.3.6.1.4.1.7165.4.3.18 #Allocated: DSDB_CONTROL_DBCHECK 1.3.6.1.4.1.7165.4.3.19 +#Allocated: DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID 1.3.6.1.4.1.7165.4.3.20 # Extended 1.3.6.1.4.1.7165.4.4.x #Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1 |