From 4a687bc44fa92a2a3c1848e7431ecc8c26bb9f31 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 15 Jun 2006 00:29:11 +0000 Subject: r16240: Add better error reporting in the password_hash module Remove duplicate attribute in search request Search for the domain by NDR-encoded SID, not string (consistant with the rest of the C code, and helps partially-constructed LDAP backends). Use the default basedn for the domain search. Andrew Bartlett (This used to be commit 2f104612cd6f170dd28fd4ce09156168d47a681a) --- source4/dsdb/samdb/ldb_modules/password_hash.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 8a400fbc63..2466aac423 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -489,10 +489,11 @@ static int build_domain_data_request(struct ph_async_context *ac, return LDB_ERR_OPERATIONS_ERROR; } ac->dom_req->operation = LDB_SEARCH; - ac->dom_req->op.search.base = NULL; + ac->dom_req->op.search.base = samdb_base_dn(ac); ac->dom_req->op.search.scope = LDB_SCOPE_SUBTREE; - filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(objectClass=domain))", dom_sid_string(ac->dom_req, sid)); + filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(objectClass=domain))", + ldap_encode_ndr_dom_sid(ac->dom_req, sid)); if (filter == NULL) { ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); talloc_free(ac->dom_req); @@ -525,6 +526,12 @@ static struct domain_data *get_domain_data(struct ldb_module *module, void *mem_ return NULL; } + if (res == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Could not find this user's domain!\n"); + talloc_free(data); + return NULL; + } + data->pwdProperties = samdb_result_uint(res->message, "pwdProperties", 0); data->pwdHistoryLength = samdb_result_uint(res->message, "pwdHistoryLength", 0); tmp = ldb_msg_find_string(res->message, "dnsDomain", NULL); @@ -575,14 +582,16 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) /* if it is not an entry of type person its an error */ /* TODO: remove this when sambaPassword will be in schema */ if (!ldb_msg_check_string_attribute(req->op.add.message, "objectClass", "person")) { + ldb_set_errstring(module->ldb, talloc_asprintf(module, "Cannot set a password on entry that does not have objectClass 'person'")); return LDB_ERR_OBJECT_CLASS_VIOLATION; } /* check sambaPassword is single valued here */ /* TODO: remove this when sambaPassword will be single valued in schema */ if (attribute->num_values > 1) { - ldb_set_errstring(module->ldb, talloc_asprintf(req, - "mupltiple values for sambaPassword not allowed!\n")); + ldb_set_errstring(module->ldb, + talloc_asprintf(req, + "mupltiple values for sambaPassword not allowed!\n")); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -825,7 +834,6 @@ static int password_hash_mod_search_self(struct ldb_async_handle *h) { struct ph_async_context *ac; static const char * const attrs[] = { "userAccountControl", "sambaLMPwdHistory", "sambaNTPwdHistory", - "ntPwdHash", "objectSid", "msDS-KeyVersionNumber", "objectClass", "userPrincipalName", "samAccountName", -- cgit