diff options
Diffstat (limited to 'source4/dsdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/password_hash.c | 21 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 36 |
2 files changed, 43 insertions, 14 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 0d4f0c6a0f..c1eb244e19 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -975,16 +975,25 @@ static int add_krb5_keys_from_NThash(struct ldb_module *module, struct ldb_messa return LDB_SUCCESS; } -static int set_pwdLastSet(struct ldb_module *module, struct ldb_message *msg) +static int set_pwdLastSet(struct ldb_module *module, struct ldb_message *msg, int is_mod) { NTTIME now_nt; /* set it as now */ unix_to_nt_time(&now_nt, time(NULL)); - /* replace or add */ - if (ldb_msg_add_empty(msg, "pwdLastSet", LDB_FLAG_MOD_REPLACE) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + if (!is_mod) { + /* be sure there isn't a 0 value set (eg. coming from the template) */ + ldb_msg_remove_attr(msg, "pwdLastSet"); + /* add */ + if (ldb_msg_add_empty(msg, "pwdLastSet", LDB_FLAG_MOD_ADD) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + } else { + /* replace */ + if (ldb_msg_add_empty(msg, "pwdLastSet", LDB_FLAG_MOD_REPLACE) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } } if (samdb_msg_add_uint64(module->ldb, msg, msg, "pwdLastSet", now_nt) != 0) { @@ -1326,7 +1335,7 @@ static int password_hash_add_async_do_add(struct ldb_async_handle *h) { /* don't touch it if a value is set. It could be an incoming samsync */ if (ldb_msg_find_uint64(msg, "pwdLastSet", 0) == 0) { - if (set_pwdLastSet(ac->module, msg) != LDB_SUCCESS) { + if (set_pwdLastSet(ac->module, msg, 0) != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } } @@ -1630,7 +1639,7 @@ static int password_hash_mod_async_do_mod(struct ldb_async_handle *h) { } /* set change time */ - if (set_pwdLastSet(ac->module, msg) != LDB_SUCCESS) { + if (set_pwdLastSet(ac->module, msg, 1) != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index e662b2a663..9bf322f384 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -94,14 +94,35 @@ static BOOL samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *ms return (ldb_msg_add_value(msg, name, &v) == 0); } -static BOOL samldb_find_or_add_attribute(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value, const char *set_value) +static BOOL samldb_find_or_add_value(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value, const char *set_value) { + if (msg == NULL || name == NULL || value == NULL || set_value == NULL) { + return False; + } + if (samldb_find_attribute(msg, name, value) == NULL) { return samldb_msg_add_string(module, msg, name, set_value); } return True; } +static BOOL samldb_find_or_add_attribute(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *set_value) +{ + int j; + struct ldb_message_element *el; + + if (msg == NULL || name == NULL || set_value == NULL) { + return False; + } + + el = ldb_msg_find_element(msg, name); + if (el) { + return True; + } + + return samldb_msg_add_string(module, msg, name, set_value); +} + /* allocate a new id, attempting to do it atomically return 0 on failure, the id on success @@ -492,16 +513,15 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m strcasecmp((char *)el->values[j].data, "secretTemplate") == 0) { continue; } - if ( ! samldb_find_or_add_attribute(module, msg, el->name, - (char *)el->values[j].data, - (char *)el->values[j].data)) { + if ( ! samldb_find_or_add_value(module, msg, el->name, + (char *)el->values[j].data, + (char *)el->values[j].data)) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Attribute adding failed...\n"); talloc_free(res); return -1; } } else { if ( ! samldb_find_or_add_attribute(module, msg, el->name, - NULL, (char *)el->values[j].data)) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Attribute adding failed...\n"); talloc_free(res); @@ -558,7 +578,7 @@ static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_ talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } - if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", NULL, name)) { + if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", name)) { talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } @@ -620,7 +640,7 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const } /* if the only attribute was: "objectclass: computer", then make sure we also add "user" objectclass */ - if ( ! samldb_find_or_add_attribute(module, msg2, "objectclass", "user", "user")) { + if ( ! samldb_find_or_add_value(module, msg2, "objectclass", "user", "user")) { talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } @@ -633,7 +653,7 @@ static int samldb_fill_user_or_computer_object(struct ldb_module *module, const talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } - if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", NULL, name)) { + if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", name)) { talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } |