From 946993238fbb0e4920bf3c6c1178236b4f039b3b Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Sun, 4 Oct 2009 19:30:53 +0200 Subject: s4:dsdb/util.c - Add a new function for retrieving password change attributes This is needed since we have not only reset operations on password fields (attributes marked with REPLACE flag) but also change operations which can be performed by users itself. They have one attribute with the old value marked with the REMOVE flag and one with the new one marked with the ADD flag. This function helps to retrieve them (argument "new" is used for the new password on both reset and change). --- source4/dsdb/common/util.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) (limited to 'source4') diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 40f0a7f6c6..2948be0e23 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -722,6 +722,47 @@ struct ldb_message_element *samdb_find_attribute(struct ldb_context *ldb, return NULL; } +/* + * This is intended for use by the "password hash" module since there + * password changes can be specified through one message element with the + * new password (to set) and another one with the old password (to unset). + * + * The first which sets a password (new value) can have flags + * (LDB_FLAG_MOD_ADD, LDB_FLAG_MOD_REPLACE) but also none (on "add" operations + * for entries). The latter (old value) has always specified + * LDB_FLAG_MOD_DELETE. + * + * Returns LDB_ERR_NO_SUCH_ATTRIBUTE if the attribute which should be deleted + * doesn't contain only one value (this is the Windows Server behaviour) + * otherwise LDB_SUCCESS. + */ +int samdb_msg_find_old_and_new_ldb_val(const struct ldb_message *msg, + const char *name, + const struct ldb_val **new_val, + const struct ldb_val **old_val) +{ + unsigned int i; + + *new_val = NULL; + *old_val = NULL; + + if (msg == NULL) { + return LDB_SUCCESS; + } + + for (i = 0; i < msg->num_elements; i++) { + if (ldb_attr_cmp(msg->elements[i].name, name) == 0) { + if (msg->elements[i].flags == LDB_FLAG_MOD_DELETE) { + *old_val = &msg->elements[i].values[0]; + } else { + *new_val = &msg->elements[i].values[0]; + } + } + } + + return LDB_SUCCESS; +} + int samdb_find_or_add_value(struct ldb_context *ldb, struct ldb_message *msg, const char *name, const char *set_value) { if (samdb_find_attribute(ldb, msg, name, set_value) == NULL) { -- cgit