From 28cfae774edf7bd4e2c4d9285b0d0508bee64284 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Sun, 15 Aug 2010 09:36:25 +0200 Subject: s4:password_hash LDB module - allow to compare against both NT and LM hashes on password change operations This is to match the SAMR password change behaviour. --- source4/dsdb/samdb/ldb_modules/password_hash.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules/password_hash.c') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index cf239fb903..e90653f7ec 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1439,7 +1439,7 @@ static int check_password_restrictions(struct setup_password_fields_io *io) if (!io->ac->pwd_reset && !io->ac->change_old_pw_checked) { bool nt_hash_checked = false; - /* we need to old nt or lm hash given by the client */ + /* we need the old nt or lm hash given by the client */ if (!io->og.nt_hash && !io->og.lm_hash) { ldb_asprintf_errstring(ldb, "check_password_restrictions: " @@ -1878,15 +1878,6 @@ static int setup_io(struct ph_context *ac, return LDB_ERR_UNWILLING_TO_PERFORM; } - /* refuse the change if someone wants to compare against both - * hashes at the same time for a "password modify" operation... */ - if (io->og.nt_hash && io->og.lm_hash) { - ldb_asprintf_errstring(ldb, - "setup_io: " - "it's only allowed to provide the old password in hash format as 'unicodePwd' or as 'dBCSPwd'"); - return LDB_ERR_UNWILLING_TO_PERFORM; - } - /* Decides if we have a password modify or password reset operation */ if (ac->req->operation == LDB_ADD) { /* On "add" we have only "password reset" */ -- cgit