summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/password_hash.c38
-rw-r--r--source4/dsdb/samdb/samdb.h4
2 files changed, 41 insertions, 1 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 02e68cd919..9fcdcf7ac8 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -95,6 +95,7 @@ struct ph_context {
bool change_status;
bool hash_values;
bool userPassword;
+ bool pwd_last_set_bypass;
};
@@ -1663,6 +1664,33 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
static int setup_last_set_field(struct setup_password_fields_io *io)
{
+ const struct ldb_message *msg = NULL;
+
+ switch (io->ac->req->operation) {
+ case LDB_ADD:
+ msg = io->ac->req->op.add.message;
+ break;
+ case LDB_MODIFY:
+ msg = io->ac->req->op.mod.message;
+ break;
+ }
+
+ if (io->ac->pwd_last_set_bypass) {
+ struct ldb_message_element *el;
+
+ if (msg == NULL) {
+ return LDB_ERR_CONSTRAINT_VIOLATION;
+ }
+
+ el = ldb_msg_find_element(msg, "pwdLastSet");
+ if (el == NULL) {
+ return LDB_ERR_CONSTRAINT_VIOLATION;
+ }
+
+ io->g.last_set = samdb_result_nttime(msg, "pwdLastSet", 0);
+ return LDB_SUCCESS;
+ }
+
/* set it as now */
unix_to_nt_time(&io->g.last_set, time(NULL));
@@ -2484,6 +2512,16 @@ static void ph_apply_controls(struct ph_context *ac)
/* Mark the "change" control as uncritical (done) */
ctrl->critical = false;
}
+
+ ac->pwd_last_set_bypass = false;
+ ctrl = ldb_request_get_control(ac->req,
+ DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID);
+ if (ctrl != NULL) {
+ ac->pwd_last_set_bypass = true;
+
+ /* Mark the "bypass pwdLastSet" control as uncritical (done) */
+ ctrl->critical = false;
+ }
}
static int ph_op_callback(struct ldb_request *req, struct ldb_reply *ares)
diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h
index 2fb15b9a62..ae6042c6bd 100644
--- a/source4/dsdb/samdb/samdb.h
+++ b/source4/dsdb/samdb/samdb.h
@@ -113,7 +113,6 @@ struct dsdb_control_password_change {
*/
#define DSDB_CONTROL_CHANGEREPLMETADATA_OID "1.3.6.1.4.1.7165.4.3.14"
-
/* passed when we want to get the behaviour of the non-global catalog port */
#define DSDB_CONTROL_NO_GLOBAL_CATALOG "1.3.6.1.4.1.7165.4.3.17"
@@ -123,6 +122,9 @@ struct dsdb_control_password_change {
/* passed when we want special behaviour for dbcheck */
#define DSDB_CONTROL_DBCHECK "1.3.6.1.4.1.7165.4.3.19"
+/* passed when importing plain text password on upgrades */
+#define DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID "1.3.6.1.4.1.7165.4.3.20"
+
#define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1"
struct dsdb_extended_replicated_object {
struct ldb_message *msg;