From 62eb817c06458070d090c1698e9c0a99914c6d78 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 20 Jun 2009 11:46:42 +0200 Subject: Fix setting passwords in pdb_ads The samba4 password_hash module does not allow changing the password fields via the "delete oldval" -> "add newval" set of modify operations, it requires a single "replace with newval" operation. Andrew, Samba3 by default uses that delete/add pair to detect if between fetching the old value and storing the new one the old value has changed. This is lost by using the "replace" operation. Would it make sense to add this to the password_hash module? Volker --- source3/passdb/pdb_ads.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'source3/passdb/pdb_ads.c') diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c index 0811082e84..4bd0b89d6d 100644 --- a/source3/passdb/pdb_ads.c +++ b/source3/passdb/pdb_ads.c @@ -258,6 +258,7 @@ static bool pdb_ads_init_ads_from_sam(struct pdb_ads_state *state, struct samu *sam) { bool ret = true; + DATA_BLOB blob; /* TODO: All fields :-) */ @@ -265,13 +266,13 @@ static bool pdb_ads_init_ads_from_sam(struct pdb_ads_state *state, existing, mem_ctx, pnum_mods, pmods, "displayName", "%s", pdb_get_fullname(sam)); - ret &= tldap_make_mod_blob( - existing, mem_ctx, pnum_mods, pmods, "unicodePwd", - data_blob_const(pdb_get_nt_passwd(sam), NT_HASH_LEN)); + blob = data_blob_const(pdb_get_nt_passwd(sam), NT_HASH_LEN); + ret &= tldap_add_mod_blobs(mem_ctx, pmods, TLDAP_MOD_REPLACE, + "unicodePwd", 1, &blob); - ret &= tldap_make_mod_blob( - existing, mem_ctx, pnum_mods, pmods, "dBCSPwd", - data_blob_const(pdb_get_lanman_passwd(sam), NT_HASH_LEN)); + blob = data_blob_const(pdb_get_lanman_passwd(sam), NT_HASH_LEN); + ret &= tldap_add_mod_blobs(mem_ctx, pmods, TLDAP_MOD_REPLACE, + "dBCSPwd", 1, &blob); ret &= tldap_make_mod_fmt( existing, mem_ctx, pnum_mods, pmods, "userAccountControl", -- cgit