From 13182e792a78c4b32eea95f14c3bc84ca340ef72 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 16 Jan 2012 15:32:21 +0100 Subject: s4:dsdb/password_hash: require a "Primary:Kerberos" blob in supplementalCredentials If this is missing a w2k8r2 server will reboot, when someone tries to change a password. metze Autobuild-User: Stefan Metzmacher Autobuild-Date: Mon Jan 16 17:10:07 CET 2012 on sn-devel-104 --- source4/dsdb/samdb/ldb_modules/password_hash.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index bf94ba3dc3..553cd686a4 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -301,6 +301,22 @@ static int password_hash_bypass(struct ldb_module *module, struct ldb_request *r data_blob_free(&subblob); } + if (scpp == NULL) { + return ldb_error(ldb, + LDB_ERR_CONSTRAINT_VIOLATION, + "Primary:Packages missing"); + } + + if (scpk == NULL) { + /* + * If Primary:Kerberos is missing w2k8r2 reboots + * when a password is changed. + */ + return ldb_error(ldb, + LDB_ERR_CONSTRAINT_VIOLATION, + "Primary:Kerberos missing"); + } + if (scpp) { struct package_PackagesBlob *p; uint32_t n; -- cgit