mirror of
https://github.com/samba-team/samba.git
synced 2025-01-08 21:18:16 +03:00
dsdb: Return dsdb_password_change control name to DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID
This makes it clearer that the purpose of this control is to indicate that the password
was already checked (by an out-of-band mechanism, eg kpasswd) and so can safely be changed
subject to ACLs etc.
This essentially reverts bbb9dc806e
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
parent
1144addec5
commit
0a907c2f45
@ -2332,7 +2332,7 @@ static NTSTATUS samdb_set_password_internal(struct ldb_context *ldb, TALLOC_CTX
|
||||
change->old_password_checked = old_password_checked;
|
||||
|
||||
ret = ldb_request_add_control(req,
|
||||
DSDB_CONTROL_PASSWORD_CHANGE_OID,
|
||||
DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID,
|
||||
true, change);
|
||||
if (ret != LDB_SUCCESS) {
|
||||
talloc_free(req);
|
||||
|
@ -1042,12 +1042,12 @@ static int acl_check_password_rights(
|
||||
*/
|
||||
*control_for_response = pav;
|
||||
|
||||
c = ldb_request_get_control(req, DSDB_CONTROL_PASSWORD_CHANGE_OID);
|
||||
c = ldb_request_get_control(req, DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID);
|
||||
if (c != NULL) {
|
||||
pav->pwd_reset = false;
|
||||
|
||||
/*
|
||||
* The "DSDB_CONTROL_PASSWORD_CHANGE_OID" control means that we
|
||||
* The "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID" control means that we
|
||||
* have a user password change and not a set as the message
|
||||
* looks like. In it's value blob it contains the NT and/or LM
|
||||
* hash of the old password specified by the user. This control
|
||||
@ -1075,7 +1075,7 @@ static int acl_check_password_rights(
|
||||
|
||||
/*
|
||||
* The "DSDB_CONTROL_PASSWORD_HASH_VALUES_OID" control, without
|
||||
* "DSDB_CONTROL_PASSWORD_CHANGE_OID" control means that we
|
||||
* "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID" control means that we
|
||||
* have a force password set.
|
||||
* This control is used by the SAMR/NETLOGON/LSA password
|
||||
* reset mechanisms.
|
||||
|
@ -3864,7 +3864,7 @@ static void ph_apply_controls(struct ph_context *ac)
|
||||
}
|
||||
|
||||
ctrl = ldb_request_get_control(ac->req,
|
||||
DSDB_CONTROL_PASSWORD_CHANGE_OID);
|
||||
DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID);
|
||||
if (ctrl != NULL) {
|
||||
ac->change = (struct dsdb_control_password_change *) ctrl->data;
|
||||
|
||||
|
@ -101,7 +101,7 @@ struct dsdb_control_password_change_status {
|
||||
|
||||
#define DSDB_CONTROL_PASSWORD_HASH_VALUES_OID "1.3.6.1.4.1.7165.4.3.9"
|
||||
|
||||
#define DSDB_CONTROL_PASSWORD_CHANGE_OID "1.3.6.1.4.1.7165.4.3.10"
|
||||
#define DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID "1.3.6.1.4.1.7165.4.3.10"
|
||||
struct dsdb_control_password_change {
|
||||
enum dsdb_password_checked old_password_checked;
|
||||
};
|
||||
|
@ -1261,7 +1261,7 @@ static const struct ldap_control_handler ldap_known_controls[] = {
|
||||
{ LDB_CONTROL_AS_SYSTEM_OID, NULL, NULL },
|
||||
{ DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID, NULL, NULL },
|
||||
{ DSDB_CONTROL_PASSWORD_HASH_VALUES_OID, NULL, NULL },
|
||||
{ DSDB_CONTROL_PASSWORD_CHANGE_OID, NULL, NULL },
|
||||
{ DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID, NULL, NULL },
|
||||
{ DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID, NULL, NULL },
|
||||
{ DSDB_CONTROL_APPLY_LINKS, NULL, NULL },
|
||||
{ LDB_CONTROL_BYPASS_OPERATIONAL_OID, NULL, NULL },
|
||||
|
Loading…
Reference in New Issue
Block a user