From a236bc4b334433eb743cb88a8a5f36c7d694681c Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 30 Jun 2010 08:26:08 +0200
Subject: s4:dsdb/password_hash: implement
 DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID

metze
---
 source4/dsdb/samdb/ldb_modules/password_hash.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index f85ae1e5b9..505f2c26f7 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -2187,6 +2187,7 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
 	struct ldb_message_element *userPasswordAttr, *clearTextPasswordAttr,
 		*ntAttr, *lmAttr;
 	int ret;
+	struct ldb_control *bypass = NULL;
 
 	ldb = ldb_module_get_ctx(module);
 
@@ -2202,6 +2203,15 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
 		return ldb_next_request(module, req);
 	}
 
+	bypass = ldb_request_get_control(req,
+					 DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID);
+	if (bypass != NULL) {
+		/* Mark the "bypass" control as uncritical (done) */
+		bypass->critical = false;
+		ldb_debug(ldb, LDB_DEBUG_TRACE, "password_hash_add (bypassing)\n");
+		return ldb_next_request(module, req);
+	}
+
 	/* nobody must touch password histories and 'supplementalCredentials' */
 	if (ldb_msg_find_element(req->op.add.message, "ntPwdHistory")) {
 		return LDB_ERR_UNWILLING_TO_PERFORM;
@@ -2363,6 +2373,7 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
 	struct ldb_message *msg;
 	struct ldb_request *down_req;
 	int ret;
+	struct ldb_control *bypass = NULL;
 
 	ldb = ldb_module_get_ctx(module);
 
@@ -2378,6 +2389,15 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
 		return ldb_next_request(module, req);
 	}
 
+	bypass = ldb_request_get_control(req,
+					 DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID);
+	if (bypass != NULL) {
+		/* Mark the "bypass" control as uncritical (done) */
+		bypass->critical = false;
+		ldb_debug(ldb, LDB_DEBUG_TRACE, "password_hash_modify (bypassing)\n");
+		return ldb_next_request(module, req);
+	}
+
 	/* nobody must touch password histories and 'supplementalCredentials' */
 	if (ldb_msg_find_element(req->op.mod.message, "ntPwdHistory")) {
 		return LDB_ERR_UNWILLING_TO_PERFORM;
-- 
cgit