diff options
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/password_hash.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index e5785f7fb7..731b8e9922 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1916,6 +1916,12 @@ static int setup_io(struct ph_context *ac, ldb_asprintf_errstring(ldb, "setup_io: " "It' not possible to delete the password (changes using the LAN Manager hash alone could be deactivated)!"); + /* on "userPassword" and "clearTextPassword" we've to return + * something different, since these are virtual attributes */ + if ((ldb_msg_find_element(orig_msg, "userPassword") != NULL) || + (ldb_msg_find_element(orig_msg, "clearTextPassword") != NULL)) { + return LDB_ERR_CONSTRAINT_VIOLATION; + } return LDB_ERR_UNWILLING_TO_PERFORM; } @@ -2514,12 +2520,6 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r ldb_msg_remove_element(msg, passwordAttr); } } - if ((del_attr_cnt > 0) && (add_attr_cnt == 0)) { - talloc_free(ac); - ldb_set_errstring(ldb, - "Only the delete action for a password change specified!"); - return LDB_ERR_CONSTRAINT_VIOLATION; - } if ((del_attr_cnt == 0) && (add_attr_cnt > 0)) { talloc_free(ac); ldb_set_errstring(ldb, |