diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/auth/credentials/credentials_files.c | 4 | ||||
-rw-r--r-- | source4/auth/sam.c | 4 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/local_password.c | 8 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/password_hash.c | 56 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samba3sam.c | 2 | ||||
-rw-r--r-- | source4/dsdb/samdb/samdb.c | 26 | ||||
-rw-r--r-- | source4/libnet/libnet_samsync_ldb.c | 8 | ||||
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 4 | ||||
-rw-r--r-- | source4/rpc_server/samr/samr_password.c | 6 |
9 files changed, 59 insertions, 59 deletions
diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c index 2978fe16f8..023dc90407 100644 --- a/source4/auth/credentials/credentials_files.c +++ b/source4/auth/credentials/credentials_files.c @@ -184,7 +184,7 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, "flatname", "realm", "secureChannelType", - "ntPwdHash", + "unicodePwd", "msDS-KeyVersionNumber", "saltPrincipal", "privateKeytab", @@ -264,7 +264,7 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, } if (!password) { - const struct ldb_val *nt_password_hash = ldb_msg_find_ldb_val(msgs[0], "ntPwdHash"); + const struct ldb_val *nt_password_hash = ldb_msg_find_ldb_val(msgs[0], "unicodePwd"); struct samr_Password hash; ZERO_STRUCT(hash); if (nt_password_hash) { diff --git a/source4/auth/sam.c b/source4/auth/sam.c index a44eb9017e..f9f801c800 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -39,8 +39,8 @@ const char *user_attrs[] = { "krb5Key", /* passwords */ - "lmPwdHash", - "ntPwdHash", + "dBCSPwd", + "unicodePwd", "userAccountControl", diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index 9e1cdd32b3..e72b7cb3a3 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -54,10 +54,10 @@ static const char * const password_attrs[] = { "sambaPassword", "krb5Key", - "ntPwdHash", - "lmPwdHash", - "sambaLMPwdHistory", - "sambaNTPwdHistory", + "unicodePwd", + "dBCSPwd", + "lmPwdHistory", + "ntPwdHistory", "msDS-KeyVersionNumber", "pwdLastSet" }; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 9a72643ec9..201a5d295a 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -106,22 +106,22 @@ static int add_password_hashes(struct ldb_module *module, struct ldb_message *ms } if (is_mod) { - if (ldb_msg_add_empty(msg, "ntPwdHash", LDB_FLAG_MOD_REPLACE, NULL) != 0) { + if (ldb_msg_add_empty(msg, "unicodePwd", LDB_FLAG_MOD_REPLACE, NULL) != 0) { return LDB_ERR_OPERATIONS_ERROR; } - if (ldb_msg_add_empty(msg, "lmPwdHash", LDB_FLAG_MOD_REPLACE, NULL) != 0) { + if (ldb_msg_add_empty(msg, "dBCSPwd", LDB_FLAG_MOD_REPLACE, NULL) != 0) { return LDB_ERR_OPERATIONS_ERROR; } } /* compute the new nt and lm hashes */ E_md4hash(sambaPassword, tmp_hash.hash); - if (samdb_msg_add_hash(module->ldb, msg, msg, "ntPwdHash", &tmp_hash) != 0) { + if (samdb_msg_add_hash(module->ldb, msg, msg, "unicodePwd", &tmp_hash) != 0) { return LDB_ERR_OPERATIONS_ERROR; } if (E_deshash(sambaPassword, tmp_hash.hash)) { - if (samdb_msg_add_hash(module->ldb, msg, msg, "lmPwdHash", &tmp_hash) != 0) { + if (samdb_msg_add_hash(module->ldb, msg, msg, "dBCSPwd", &tmp_hash) != 0) { return LDB_ERR_OPERATIONS_ERROR; } } @@ -276,7 +276,7 @@ static int add_krb5_keys_from_NThash(struct ldb_module *module, struct ldb_messa key.mkvno = 0; key.salt = NULL; /* No salt for this enc type */ - ntPwdHash = samdb_result_hash(msg, msg, "ntPwdHash"); + ntPwdHash = samdb_result_hash(msg, msg, "unicodePwd"); if (ntPwdHash == NULL) { /* what happened ?! */ return LDB_ERR_OPERATIONS_ERROR; } @@ -362,14 +362,14 @@ static int setPwdHistory(struct ldb_module *module, struct ldb_message *msg, str int lm_hist_len; int i; - nt_hash = samdb_result_hash(msg, old_msg, "ntPwdHash"); - lm_hash = samdb_result_hash(msg, old_msg, "lmPwdHash"); + nt_hash = samdb_result_hash(msg, old_msg, "unicodePwd"); + lm_hash = samdb_result_hash(msg, old_msg, "dBCSPwd"); /* if no previous passwords just return */ if (nt_hash == NULL && lm_hash == NULL) return LDB_SUCCESS; - nt_hist_len = samdb_result_hashes(msg, old_msg, "sambaNTPwdHistory", &nt_history); - lm_hist_len = samdb_result_hashes(msg, old_msg, "sambaLMPwdHistory", &lm_history); + nt_hist_len = samdb_result_hashes(msg, old_msg, "ntPwdHistory", &nt_history); + lm_hist_len = samdb_result_hashes(msg, old_msg, "lmPwdHistory", &lm_history); /* We might not have an old NT password */ new_nt_history = talloc_array(msg, struct samr_Password, hlen); @@ -385,10 +385,10 @@ static int setPwdHistory(struct ldb_module *module, struct ldb_message *msg, str } else { ZERO_STRUCT(new_nt_history[0]); } - if (ldb_msg_add_empty(msg, "sambaNTPwdHistory", LDB_FLAG_MOD_REPLACE, NULL) != LDB_SUCCESS) { + if (ldb_msg_add_empty(msg, "ntPwdHistory", LDB_FLAG_MOD_REPLACE, NULL) != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } - if (samdb_msg_add_hashes(msg, msg, "sambaNTPwdHistory", new_nt_history, nt_hist_len) != LDB_SUCCESS) { + if (samdb_msg_add_hashes(msg, msg, "ntPwdHistory", new_nt_history, nt_hist_len) != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } @@ -408,10 +408,10 @@ static int setPwdHistory(struct ldb_module *module, struct ldb_message *msg, str } else { ZERO_STRUCT(new_lm_history[0]); } - if (ldb_msg_add_empty(msg, "sambaLMPwdHistory", LDB_FLAG_MOD_REPLACE, NULL) != LDB_SUCCESS) { + if (ldb_msg_add_empty(msg, "lmPwdHistory", LDB_FLAG_MOD_REPLACE, NULL) != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } - if (samdb_msg_add_hashes(msg, msg, "sambaLMPwdHistory", new_lm_history, lm_hist_len) != LDB_SUCCESS) { + if (samdb_msg_add_hashes(msg, msg, "lmPwdHistory", new_lm_history, lm_hist_len) != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } @@ -594,8 +594,8 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) } /* nobody must touch password Histories */ - if (ldb_msg_find_element(req->op.add.message, "sambaNTPwdHistory") || - ldb_msg_find_element(req->op.add.message, "sambaLMPwdHistory")) { + if (ldb_msg_find_element(req->op.add.message, "ntPwdHistory") || + ldb_msg_find_element(req->op.add.message, "lmPwdHistory")) { return LDB_ERR_UNWILLING_TO_PERFORM; } @@ -603,8 +603,8 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) * or LM hashes, then we don't need to make any changes. */ sambaAttr = ldb_msg_find_element(req->op.mod.message, "sambaPassword"); - ntAttr = ldb_msg_find_element(req->op.mod.message, "ntPwdHash"); - lmAttr = ldb_msg_find_element(req->op.mod.message, "lmPwdHash"); + ntAttr = ldb_msg_find_element(req->op.mod.message, "unicodePwd"); + lmAttr = ldb_msg_find_element(req->op.mod.message, "dBCSPwd"); if ((!sambaAttr) && (!ntAttr) && (!lmAttr)) { return ldb_next_request(module, req); @@ -788,14 +788,14 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r } /* nobody must touch password Histories */ - if (ldb_msg_find_element(req->op.mod.message, "sambaNTPwdHistory") || - ldb_msg_find_element(req->op.mod.message, "sambaLMPwdHistory")) { + if (ldb_msg_find_element(req->op.mod.message, "ntPwdHistory") || + ldb_msg_find_element(req->op.mod.message, "lmPwdHistory")) { return LDB_ERR_UNWILLING_TO_PERFORM; } sambaAttr = ldb_msg_find_element(req->op.mod.message, "sambaPassword"); - ntAttr = ldb_msg_find_element(req->op.mod.message, "ntPwdHash"); - lmAttr = ldb_msg_find_element(req->op.mod.message, "lmPwdHash"); + ntAttr = ldb_msg_find_element(req->op.mod.message, "unicodePwd"); + lmAttr = ldb_msg_find_element(req->op.mod.message, "dBCSPwd"); /* check passwords are single valued here */ /* TODO: remove this when passwords will be single valued in schema */ @@ -844,8 +844,8 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r /* - remove any imodification to the password from the first commit * we will make the real modification later */ if (sambaAttr) ldb_msg_remove_attr(msg, "sambaPassword"); - if (ntAttr) ldb_msg_remove_attr(msg, "ntPwdHash"); - if (lmAttr) ldb_msg_remove_attr(msg, "lmPwdHash"); + if (ntAttr) ldb_msg_remove_attr(msg, "unicodePwd"); + if (lmAttr) ldb_msg_remove_attr(msg, "dBCSPwd"); /* if there was nothing else to be modify skip to next step */ if (msg->num_elements == 0) { @@ -902,12 +902,12 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_ static int password_hash_mod_search_self(struct ldb_handle *h) { struct ph_context *ac; - static const char * const attrs[] = { "userAccountControl", "sambaLMPwdHistory", - "sambaNTPwdHistory", + static const char * const attrs[] = { "userAccountControl", "lmPwdHistory", + "ntPwdHistory", "objectSid", "msDS-KeyVersionNumber", "objectClass", "userPrincipalName", "samAccountName", - "lmPwdHash", "ntPwdHash", + "dBCSPwd", "unicodePwd", NULL }; ac = talloc_get_type(h->private_data, struct ph_context); @@ -1053,12 +1053,12 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) { if (!added_hashes) { struct ldb_message_element *el; - el = ldb_msg_find_element(ac->orig_req->op.mod.message, "ntPwdHash"); + el = ldb_msg_find_element(ac->orig_req->op.mod.message, "unicodePwd"); if (ldb_msg_add(msg, el, el->flags) != 0) { return LDB_ERR_OPERATIONS_ERROR; } - el = ldb_msg_find_element(ac->orig_req->op.mod.message, "lmPwdHash"); + el = ldb_msg_find_element(ac->orig_req->op.mod.message, "dBCSPwd"); if (ldb_msg_add(msg, el, el->flags) != 0) { return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index c66dbee360..170b859584 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -327,7 +327,7 @@ const struct ldb_map_attribute samba3_attributes[] = /* sambaLMPassword -> lmPwdHash*/ { - .local_name = "lmPwdHash", + .local_name = "dBCSPwd", .type = MAP_CONVERT, .u = { .convert = { diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c index d71c872535..a3ac2c9544 100644 --- a/source4/dsdb/samdb/samdb.c +++ b/source4/dsdb/samdb/samdb.c @@ -571,7 +571,7 @@ NTSTATUS samdb_result_passwords(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct samr_Password *lmPwdHash, *ntPwdHash; if (nt_pwd) { int num_nt; - num_nt = samdb_result_hashes(mem_ctx, msg, "ntPwdHash", &ntPwdHash); + num_nt = samdb_result_hashes(mem_ctx, msg, "unicodePwd", &ntPwdHash); if (num_nt == 0) { *nt_pwd = NULL; } else if (num_nt > 1) { @@ -582,7 +582,7 @@ NTSTATUS samdb_result_passwords(TALLOC_CTX *mem_ctx, struct ldb_message *msg, } if (lm_pwd) { int num_lm; - num_lm = samdb_result_hashes(mem_ctx, msg, "lmPwdHash", &lmPwdHash); + num_lm = samdb_result_hashes(mem_ctx, msg, "dBCSPwd", &lmPwdHash); if (num_lm == 0) { *lm_pwd = NULL; } else if (num_lm > 1) { @@ -1496,9 +1496,9 @@ _PUBLIC_ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ct enum samr_RejectReason *reject_reason, struct samr_DomInfo1 **_dominfo) { - const char * const user_attrs[] = { "userAccountControl", "sambaLMPwdHistory", - "sambaNTPwdHistory", - "lmPwdHash", "ntPwdHash", + const char * const user_attrs[] = { "userAccountControl", "lmPwdHistory", + "ntPwdHistory", + "dBCSPwd", "unicodePwd", "objectSid", "pwdLastSet", NULL }; const char * const domain_attrs[] = { "pwdProperties", "pwdHistoryLength", @@ -1528,11 +1528,11 @@ _PUBLIC_ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ct } userAccountControl = samdb_result_uint(res[0], "userAccountControl", 0); sambaLMPwdHistory_len = samdb_result_hashes(mem_ctx, res[0], - "sambaLMPwdHistory", &sambaLMPwdHistory); + "lmPwdHistory", &sambaLMPwdHistory); sambaNTPwdHistory_len = samdb_result_hashes(mem_ctx, res[0], - "sambaNTPwdHistory", &sambaNTPwdHistory); - lmPwdHash = samdb_result_hash(mem_ctx, res[0], "lmPwdHash"); - ntPwdHash = samdb_result_hash(mem_ctx, res[0], "ntPwdHash"); + "ntPwdHistory", &sambaNTPwdHistory); + lmPwdHash = samdb_result_hash(mem_ctx, res[0], "dBCSPwd"); + ntPwdHash = samdb_result_hash(mem_ctx, res[0], "unicodePwd"); pwdLastSet = samdb_result_uint64(res[0], "pwdLastSet", 0); if (domain_dn) { @@ -1692,15 +1692,15 @@ _PUBLIC_ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ct CHECK_RET(samdb_msg_add_delete(ctx, mem_ctx, mod, "sambaPassword")); if (lmNewHash) { - CHECK_RET(samdb_msg_add_hash(ctx, mem_ctx, mod, "lmPwdHash", lmNewHash)); + CHECK_RET(samdb_msg_add_hash(ctx, mem_ctx, mod, "dBCSPwd", lmNewHash)); } else { - CHECK_RET(samdb_msg_add_delete(ctx, mem_ctx, mod, "lmPwdHash")); + CHECK_RET(samdb_msg_add_delete(ctx, mem_ctx, mod, "dBCSPwd")); } if (ntNewHash) { - CHECK_RET(samdb_msg_add_hash(ctx, mem_ctx, mod, "ntPwdHash", ntNewHash)); + CHECK_RET(samdb_msg_add_hash(ctx, mem_ctx, mod, "unicodePwd", ntNewHash)); } else { - CHECK_RET(samdb_msg_add_delete(ctx, mem_ctx, mod, "ntPwdHash")); + CHECK_RET(samdb_msg_add_delete(ctx, mem_ctx, mod, "unicodePwd")); } } diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c index 648eb8eed9..a7fab977e3 100644 --- a/source4/libnet/libnet_samsync_ldb.c +++ b/source4/libnet/libnet_samsync_ldb.c @@ -368,17 +368,17 @@ static NTSTATUS samsync_ldb_handle_user(TALLOC_CTX *mem_ctx, } if (user->lm_password_present) { samdb_msg_add_hash(state->sam_ldb, mem_ctx, msg, - "lmPwdHash", &user->lmpassword); + "dBCSPwd", &user->lmpassword); } else if (!add) { samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg, - "lmPwdHash"); + "dBCSPwd"); } if (user->nt_password_present) { samdb_msg_add_hash(state->sam_ldb, mem_ctx, msg, - "ntPwdHash", &user->ntpassword); + "unicodePwd", &user->ntpassword); } else if (!add) { samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg, - "ntPwdHash"); + "unicodePwd"); } ADD_OR_DEL(string, "comment", comment.string); diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index b1d129e782..03625bfd43 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -80,7 +80,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca int num_records; struct ldb_message **msgs; NTSTATUS nt_status; - const char *attrs[] = {"ntPwdHash", "userAccountControl", + const char *attrs[] = {"unicodePwd", "userAccountControl", "objectSid", NULL}; ZERO_STRUCTP(r->out.credentials); @@ -144,7 +144,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca *r->out.rid = samdb_result_rid_from_sid(mem_ctx, msgs[0], "objectSid", 0); - mach_pwd = samdb_result_hash(mem_ctx, msgs[0], "ntPwdHash"); + mach_pwd = samdb_result_hash(mem_ctx, msgs[0], "unicodePwd"); if (mach_pwd == NULL) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index 505be6946c..9ddd87a383 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -49,7 +49,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALL struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash; struct samr_Password *lm_pwd, *nt_pwd; NTSTATUS status = NT_STATUS_OK; - const char * const attrs[] = { "lmPwdHash", "ntPwdHash" , NULL }; + const char * const attrs[] = { "dBCSPwd", "unicodePwd" , NULL }; DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER); @@ -190,7 +190,7 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, struct ldb_dn *user_dn; int ret; struct ldb_message **res, *mod; - const char * const attrs[] = { "objectSid", "lmPwdHash", NULL }; + const char * const attrs[] = { "objectSid", "dBCSPwd", NULL }; struct samr_Password *lm_pwd; DATA_BLOB lm_pwd_blob; uint8_t new_lm_hash[16]; @@ -323,7 +323,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, struct ldb_dn *user_dn; int ret; struct ldb_message **res, *mod; - const char * const attrs[] = { "ntPwdHash", "lmPwdHash", NULL }; + const char * const attrs[] = { "unicodePwd", "dBCSPwd", NULL }; struct samr_Password *nt_pwd, *lm_pwd; DATA_BLOB nt_pwd_blob; struct samr_DomInfo1 *dominfo = NULL; |