summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/dsdb/samdb/ldb_modules/password_hash.c38
1 files changed, 1 insertions, 37 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 53b2a47168..426e9a1dc3 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -59,11 +59,6 @@
* Once this is done (which could update anything at all), we
* calculate the password hashes.
*
- * This function must not only update the unicodePwd, dBCSPwd and
- * supplementalCredentials fields, it must also atomicly increment the
- * msDS-KeyVersionNumber. We should be in a transaction, so all this
- * should be quite safe...
- *
* Finally, if the administrator has requested that a password history
* be maintained, then this should also be written out.
*
@@ -121,7 +116,6 @@ struct setup_password_fields_io {
struct samr_Password *lm_history;
const struct ldb_val *supplemental;
struct supplementalCredentialsBlob scb;
- uint32_t kvno;
} o;
/* generated credentials */
@@ -139,7 +133,6 @@ struct setup_password_fields_io {
DATA_BLOB des_crc;
struct ldb_val supplemental;
NTTIME last_set;
- uint32_t kvno;
} g;
};
@@ -1291,14 +1284,6 @@ static int setup_last_set_field(struct setup_password_fields_io *io)
return LDB_SUCCESS;
}
-static int setup_kvno_field(struct setup_password_fields_io *io)
-{
- /* increment by one */
- io->g.kvno = io->o.kvno + 1;
-
- return LDB_SUCCESS;
-}
-
static int setup_password_fields(struct setup_password_fields_io *io)
{
struct ldb_context *ldb;
@@ -1421,11 +1406,6 @@ static int setup_password_fields(struct setup_password_fields_io *io)
return ret;
}
- ret = setup_kvno_field(io);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
-
return LDB_SUCCESS;
}
@@ -1788,8 +1768,6 @@ static int password_hash_add_do_add(struct ph_context *ac)
ldb_msg_remove_attr(msg, "unicodePwd");
ldb_msg_remove_attr(msg, "dBCSPwd");
ldb_msg_remove_attr(msg, "pwdLastSet");
- io.o.kvno = samdb_result_uint(msg, "msDs-KeyVersionNumber", 1) - 1;
- ldb_msg_remove_attr(msg, "msDs-KeyVersionNumber");
ldb = ldb_module_get_ctx(ac->module);
@@ -1843,12 +1821,6 @@ static int password_hash_add_do_add(struct ph_context *ac)
if (ret != LDB_SUCCESS) {
return ret;
}
- ret = samdb_msg_add_uint(ldb, ac, msg,
- "msDs-KeyVersionNumber",
- io.g.kvno);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
ret = ldb_build_add_req(&down_req, ldb, ac,
msg,
@@ -2070,7 +2042,7 @@ static int password_hash_mod_search_self(struct ph_context *ac)
struct ldb_context *ldb;
static const char * const attrs[] = { "userAccountControl", "lmPwdHistory",
"ntPwdHistory",
- "objectSid", "msDS-KeyVersionNumber",
+ "objectSid",
"objectClass", "userPrincipalName",
"sAMAccountName",
"dBCSPwd", "unicodePwd",
@@ -2129,7 +2101,6 @@ static int password_hash_mod_do_mod(struct ph_context *ac)
searched_msg = ac->search_res->message;
/* Fill in some final details (only relevent once the password has been set) */
- io.o.kvno = samdb_result_uint(searched_msg, "msDs-KeyVersionNumber", 0);
io.o.nt_history_len = samdb_result_hashes(io.ac, searched_msg, "ntPwdHistory", &io.o.nt_history);
io.o.lm_history_len = samdb_result_hashes(io.ac, searched_msg, "lmPwdHistory", &io.o.lm_history);
io.o.supplemental = ldb_msg_find_ldb_val(searched_msg, "supplementalCredentials");
@@ -2146,7 +2117,6 @@ static int password_hash_mod_do_mod(struct ph_context *ac)
ret = ldb_msg_add_empty(msg, "lmPwdHistory", LDB_FLAG_MOD_REPLACE, NULL);
ret = ldb_msg_add_empty(msg, "supplementalCredentials", LDB_FLAG_MOD_REPLACE, NULL);
ret = ldb_msg_add_empty(msg, "pwdLastSet", LDB_FLAG_MOD_REPLACE, NULL);
- ret = ldb_msg_add_empty(msg, "msDs-KeyVersionNumber", LDB_FLAG_MOD_REPLACE, NULL);
if (io.g.nt_hash) {
ret = samdb_msg_add_hash(ldb, ac, msg,
@@ -2193,12 +2163,6 @@ static int password_hash_mod_do_mod(struct ph_context *ac)
if (ret != LDB_SUCCESS) {
return ret;
}
- ret = samdb_msg_add_uint(ldb, ac, msg,
- "msDs-KeyVersionNumber",
- io.g.kvno);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
ret = ldb_build_mod_req(&mod_req, ldb, ac,
msg,