From 379e6598e128e5e63a10bd6a81ede01d3965a8be Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 16 Oct 2006 01:19:01 +0000
Subject: r19308: Merge samsync fixes from SAMBA_4_0_RELEASE

Andrew Bartlett
(This used to be commit 331003239972d80864211377e864f7e469bd3d77)
---
 source4/dsdb/samdb/ldb_modules/password_hash.c | 16 +++++++++++++++-
 source4/libnet/libnet_samsync_ldb.c            | 19 ++++++++++++-------
 2 files changed, 27 insertions(+), 8 deletions(-)

(limited to 'source4')

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index d8ef9176fd..6f24c7fa4c 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -102,7 +102,7 @@ static int add_password_hashes(struct ldb_module *module, struct ldb_message *ms
 	
 	sambaPassword = ldb_msg_find_attr_as_string(msg, "sambaPassword", NULL);
 	if (sambaPassword == NULL) { /* impossible, what happened ?! */
-		return LDB_ERR_OPERATIONS_ERROR;
+		return LDB_ERR_CONSTRAINT_VIOLATION;
 	}
 
 	if (is_mod) {
@@ -634,6 +634,20 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
 		return LDB_ERR_CONSTRAINT_VIOLATION;
 	}
 
+	if (sambaAttr && sambaAttr->num_values == 0) {
+		ldb_set_errstring(module->ldb, "sambaPassword must have a value!\n");
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	if (ntAttr && (ntAttr->num_values == 0)) {
+		ldb_set_errstring(module->ldb, "lmPwdHash must have a value!\n");
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+	if (lmAttr && (lmAttr->num_values == 0)) {
+		ldb_set_errstring(module->ldb, "lmPwdHash must have a value!\n");
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
 	h = ph_init_handle(req, module, PH_ADD);
 	if (!h) {
 		return LDB_ERR_OPERATIONS_ERROR;
diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c
index 8912393231..31591e6246 100644
--- a/source4/libnet/libnet_samsync_ldb.c
+++ b/source4/libnet/libnet_samsync_ldb.c
@@ -128,11 +128,14 @@ static NTSTATUS samsync_ldb_handle_domain(TALLOC_CTX *mem_ctx,
 	}
 
 	if (database == SAM_DATABASE_DOMAIN) {
+		const struct ldb_dn *partitions_basedn;
 		const char *domain_attrs[] =  {"nETBIOSName", "nCName", NULL};
 		struct ldb_message **msgs_domain;
 		int ret_domain;
 
-		ret_domain = gendb_search(state->sam_ldb, mem_ctx, NULL, &msgs_domain, domain_attrs,
+		partitions_basedn = samdb_partitions_dn(state->sam_ldb, mem_ctx);
+
+		ret_domain = gendb_search(state->sam_ldb, mem_ctx, partitions_basedn, &msgs_domain, domain_attrs,
 					  "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))", 
 					  domain_name);
 		if (ret_domain == -1) {
@@ -354,21 +357,23 @@ static NTSTATUS samsync_ldb_handle_user(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_NO_MEMORY; 
 	} 
 	
-	/* Passwords.  Ensure there is no plaintext stored against
-	 * this entry, as we only have hashes */
-	samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg,  
-			     "sambaPassword"); 
+	if (!add) {
+		/* Passwords.  Ensure there is no plaintext stored against
+		 * this entry, as we only have hashes */
+		samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg,  
+				     "sambaPassword"); 
+	}
 	if (user->lm_password_present) {
 		samdb_msg_add_hash(state->sam_ldb, mem_ctx, msg,  
 				   "lmPwdHash", &user->lmpassword);
-	} else {
+	} else if (!add) {
 		samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg,  
 				     "lmPwdHash"); 
 	}
 	if (user->nt_password_present) {
 		samdb_msg_add_hash(state->sam_ldb, mem_ctx, msg,  
 				   "ntPwdHash", &user->ntpassword);
-	} else {
+	} else if (!add) {
 		samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg,  
 				     "ntPwdHash"); 
 	}
-- 
cgit