From cf54bfbabff96f77f2233f8135fadf6f666c8de6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 3 Aug 2005 05:26:17 +0000 Subject: r8983: The KVNO (Kerberos key version number) should be incremented with every password set. Andrew Bartlett (This used to be commit 71958cb19f8a2289e97f29018bb252a7d4540258) --- source4/rpc_server/samr/samr_password.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4/rpc_server') diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index d251c02eca..48abc7cfde 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -510,6 +510,7 @@ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx, struct samr_Password *new_lmPwdHistory, *new_ntPwdHistory; struct samr_Password local_lmNewHash, local_ntNewHash; int lmPwdHistory_len, ntPwdHistory_len; + uint_t kvno; struct ldb_message **res; int count; time_t now = time(NULL); @@ -534,6 +535,7 @@ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx, lmPwdHash = samdb_result_hash(res[0], "lmPwdHash"); ntPwdHash = samdb_result_hash(res[0], "ntPwdHash"); pwdLastSet = samdb_result_uint64(res[0], "pwdLastSet", 0); + kvno = samdb_result_uint(res[0], "msDS-KeyVersionNumber", 0); /* pull the domain parameters */ count = gendb_search_dn(ctx, mem_ctx, domain_dn, &res, domain_attrs); @@ -679,6 +681,8 @@ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx, } CHECK_RET(samdb_msg_add_uint64(ctx, mem_ctx, mod, "pwdLastSet", now_nt)); + + CHECK_RET(samdb_msg_add_uint(ctx, mem_ctx, mod, "msDS-KeyVersionNumber", kvno + 1)); if (pwdHistoryLength == 0) { CHECK_RET(samdb_msg_add_delete(ctx, mem_ctx, mod, "lmPwdHistory")); -- cgit