From bcb02129c3eaa3e22b74f65a44c7059a298831a3 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 5 Oct 2011 14:59:59 +0200 Subject: s4:dsdb/password_hash: add DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID Which allows the caller to pass a given 'pwdLastSet' value (every useful for migrations). metze Autobuild-User: Stefan Metzmacher Autobuild-Date: Fri Oct 7 15:28:13 CEST 2011 on sn-devel-104 --- source4/dsdb/samdb/ldb_modules/password_hash.c | 38 ++++++++++++++++++++++++++ source4/dsdb/samdb/samdb.h | 4 ++- 2 files changed, 41 insertions(+), 1 deletion(-) (limited to 'source4/dsdb/samdb') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 02e68cd919..9fcdcf7ac8 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -95,6 +95,7 @@ struct ph_context { bool change_status; bool hash_values; bool userPassword; + bool pwd_last_set_bypass; }; @@ -1663,6 +1664,33 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) static int setup_last_set_field(struct setup_password_fields_io *io) { + const struct ldb_message *msg = NULL; + + switch (io->ac->req->operation) { + case LDB_ADD: + msg = io->ac->req->op.add.message; + break; + case LDB_MODIFY: + msg = io->ac->req->op.mod.message; + break; + } + + if (io->ac->pwd_last_set_bypass) { + struct ldb_message_element *el; + + if (msg == NULL) { + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + el = ldb_msg_find_element(msg, "pwdLastSet"); + if (el == NULL) { + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + io->g.last_set = samdb_result_nttime(msg, "pwdLastSet", 0); + return LDB_SUCCESS; + } + /* set it as now */ unix_to_nt_time(&io->g.last_set, time(NULL)); @@ -2484,6 +2512,16 @@ static void ph_apply_controls(struct ph_context *ac) /* Mark the "change" control as uncritical (done) */ ctrl->critical = false; } + + ac->pwd_last_set_bypass = false; + ctrl = ldb_request_get_control(ac->req, + DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID); + if (ctrl != NULL) { + ac->pwd_last_set_bypass = true; + + /* Mark the "bypass pwdLastSet" control as uncritical (done) */ + ctrl->critical = false; + } } static int ph_op_callback(struct ldb_request *req, struct ldb_reply *ares) diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h index 2fb15b9a62..ae6042c6bd 100644 --- a/source4/dsdb/samdb/samdb.h +++ b/source4/dsdb/samdb/samdb.h @@ -113,7 +113,6 @@ struct dsdb_control_password_change { */ #define DSDB_CONTROL_CHANGEREPLMETADATA_OID "1.3.6.1.4.1.7165.4.3.14" - /* passed when we want to get the behaviour of the non-global catalog port */ #define DSDB_CONTROL_NO_GLOBAL_CATALOG "1.3.6.1.4.1.7165.4.3.17" @@ -123,6 +122,9 @@ struct dsdb_control_password_change { /* passed when we want special behaviour for dbcheck */ #define DSDB_CONTROL_DBCHECK "1.3.6.1.4.1.7165.4.3.19" +/* passed when importing plain text password on upgrades */ +#define DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID "1.3.6.1.4.1.7165.4.3.20" + #define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1" struct dsdb_extended_replicated_object { struct ldb_message *msg; -- cgit