1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

s4:dsdb/password_hash: make the variable names in setup_io() more clear

We get the message from the client and (optional) the existing object.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2016-05-25 13:43:29 +02:00 committed by Andrew Bartlett
parent fec7d402e1
commit 0a7994881f

View File

@ -2280,8 +2280,8 @@ static int msg_find_old_and_new_pwd_val(const struct ldb_message *msg,
}
static int setup_io(struct ph_context *ac,
const struct ldb_message *orig_msg,
const struct ldb_message *searched_msg,
const struct ldb_message *client_msg,
const struct ldb_message *existing_msg,
struct setup_password_fields_io *io)
{
const struct ldb_val *quoted_utf16, *old_quoted_utf16, *lm_hash, *old_lm_hash;
@ -2289,11 +2289,24 @@ static int setup_io(struct ph_context *ac,
struct loadparm_context *lp_ctx = talloc_get_type(
ldb_get_opaque(ldb, "loadparm"), struct loadparm_context);
int ret;
const struct ldb_message *info_msg = NULL;
ZERO_STRUCTP(io);
/* Some operations below require kerberos contexts */
if (existing_msg != NULL) {
/*
* This is a modify operation
*/
info_msg = existing_msg;
} else {
/*
* This is an add operation
*/
info_msg = client_msg;
}
if (smb_krb5_init_context(ac,
(struct loadparm_context *)ldb_get_opaque(ldb, "loadparm"),
&io->smb_krb5_context) != 0) {
@ -2302,19 +2315,19 @@ static int setup_io(struct ph_context *ac,
io->ac = ac;
io->u.userAccountControl = ldb_msg_find_attr_as_uint(searched_msg,
io->u.userAccountControl = ldb_msg_find_attr_as_uint(info_msg,
"userAccountControl", 0);
io->u.pwdLastSet = samdb_result_nttime(searched_msg, "pwdLastSet", 0);
io->u.sAMAccountName = ldb_msg_find_attr_as_string(searched_msg,
io->u.pwdLastSet = samdb_result_nttime(info_msg, "pwdLastSet", 0);
io->u.sAMAccountName = ldb_msg_find_attr_as_string(info_msg,
"sAMAccountName", NULL);
io->u.user_principal_name = ldb_msg_find_attr_as_string(searched_msg,
io->u.user_principal_name = ldb_msg_find_attr_as_string(info_msg,
"userPrincipalName", NULL);
io->u.is_computer = ldb_msg_check_string_attribute(searched_msg, "objectClass", "computer");
io->u.is_computer = ldb_msg_check_string_attribute(info_msg, "objectClass", "computer");
if (io->u.sAMAccountName == NULL) {
ldb_asprintf_errstring(ldb,
"setup_io: sAMAccountName attribute is missing on %s for attempted password set/change",
ldb_dn_get_linearized(searched_msg->dn));
ldb_dn_get_linearized(info_msg->dn));
return LDB_ERR_CONSTRAINT_VIOLATION;
}
@ -2330,7 +2343,7 @@ static int setup_io(struct ph_context *ac,
"on %s not allowed via LDAP. Use LSA or NETLOGON",
W_ERROR_V(WERR_ACCESS_DENIED),
ldb_strerror(ret),
ldb_dn_get_linearized(searched_msg->dn));
ldb_dn_get_linearized(info_msg->dn));
return ret;
}
}
@ -2342,7 +2355,7 @@ static int setup_io(struct ph_context *ac,
| UF_SERVER_TRUST_ACCOUNT));
if (ac->userPassword) {
ret = msg_find_old_and_new_pwd_val(orig_msg, "userPassword",
ret = msg_find_old_and_new_pwd_val(client_msg, "userPassword",
ac->req->operation,
&io->n.cleartext_utf8,
&io->og.cleartext_utf8);
@ -2377,7 +2390,7 @@ static int setup_io(struct ph_context *ac,
io->n.cleartext_utf8 = cleartext_utf8_blob;
}
ret = msg_find_old_and_new_pwd_val(orig_msg, "clearTextPassword",
ret = msg_find_old_and_new_pwd_val(client_msg, "clearTextPassword",
ac->req->operation,
&io->n.cleartext_utf16,
&io->og.cleartext_utf16);
@ -2401,7 +2414,7 @@ static int setup_io(struct ph_context *ac,
that would then be treated as a UTF16 password rather than
a nthash */
ret = msg_find_old_and_new_pwd_val(orig_msg, "unicodePwd",
ret = msg_find_old_and_new_pwd_val(client_msg, "unicodePwd",
ac->req->operation,
&quoted_utf16,
&old_quoted_utf16);
@ -2520,7 +2533,7 @@ static int setup_io(struct ph_context *ac,
/* Handles the "dBCSPwd" attribute (LM hash) */
io->n.lm_hash = NULL; io->og.lm_hash = NULL;
ret = msg_find_old_and_new_pwd_val(orig_msg, "dBCSPwd",
ret = msg_find_old_and_new_pwd_val(client_msg, "dBCSPwd",
ac->req->operation,
&lm_hash, &old_lm_hash);
if (ret != LDB_SUCCESS) {
@ -2597,11 +2610,11 @@ static int setup_io(struct ph_context *ac,
&& (!io->n.nt_hash) && (!io->n.lm_hash)) {
ldb_asprintf_errstring(ldb,
"setup_io: "
"It' not possible to delete the password (changes using the LAN Manager hash alone could be deactivated)!");
"It's not possible to delete the password (changes using the LAN Manager hash alone could be deactivated)!");
/* on "userPassword" and "clearTextPassword" we've to return
* something different, since these are virtual attributes */
if ((ldb_msg_find_element(orig_msg, "userPassword") != NULL) ||
(ldb_msg_find_element(orig_msg, "clearTextPassword") != NULL)) {
if ((ldb_msg_find_element(client_msg, "userPassword") != NULL) ||
(ldb_msg_find_element(client_msg, "clearTextPassword") != NULL)) {
return LDB_ERR_CONSTRAINT_VIOLATION;
}
return LDB_ERR_UNWILLING_TO_PERFORM;
@ -3073,7 +3086,7 @@ static int password_hash_add_do_add(struct ph_context *ac)
int ret;
/* Prepare the internal data structure containing the passwords */
ret = setup_io(ac, ac->req->op.add.message, ac->req->op.add.message, &io);
ret = setup_io(ac, ac->req->op.add.message, NULL, &io);
if (ret != LDB_SUCCESS) {
return ret;
}
@ -3394,7 +3407,7 @@ static int password_hash_mod_do_mod(struct ph_context *ac)
struct loadparm_context);
struct ldb_request *mod_req;
struct ldb_message *msg;
const struct ldb_message *orig_msg, *searched_msg;
const struct ldb_message *searched_msg;
struct setup_password_fields_io io;
int ret;
NTSTATUS status;
@ -3408,11 +3421,11 @@ static int password_hash_mod_do_mod(struct ph_context *ac)
/* modify dn */
msg->dn = ac->req->op.mod.message->dn;
orig_msg = ac->req->op.mod.message;
searched_msg = ac->search_res->message;
/* Prepare the internal data structure containing the passwords */
ret = setup_io(ac, orig_msg, searched_msg, &io);
ret = setup_io(ac, ac->req->op.mod.message,
ac->search_res->message, &io);
if (ret != LDB_SUCCESS) {
return ret;
}