1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00

dsdb: Return dsdb_password_change control name to DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID

This makes it clearer that the purpose of this control is to indicate that the password
was already checked (by an out-of-band mechanism, eg kpasswd) and so can safely be changed
subject to ACLs etc.

This essentially reverts bbb9dc806e

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andrew Bartlett 2022-02-09 16:53:08 +13:00
parent 1144addec5
commit 0a907c2f45
5 changed files with 7 additions and 7 deletions

View File

@ -2332,7 +2332,7 @@ static NTSTATUS samdb_set_password_internal(struct ldb_context *ldb, TALLOC_CTX
change->old_password_checked = old_password_checked;
ret = ldb_request_add_control(req,
DSDB_CONTROL_PASSWORD_CHANGE_OID,
DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID,
true, change);
if (ret != LDB_SUCCESS) {
talloc_free(req);

View File

@ -1042,12 +1042,12 @@ static int acl_check_password_rights(
*/
*control_for_response = pav;
c = ldb_request_get_control(req, DSDB_CONTROL_PASSWORD_CHANGE_OID);
c = ldb_request_get_control(req, DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID);
if (c != NULL) {
pav->pwd_reset = false;
/*
* The "DSDB_CONTROL_PASSWORD_CHANGE_OID" control means that we
* The "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID" control means that we
* have a user password change and not a set as the message
* looks like. In it's value blob it contains the NT and/or LM
* hash of the old password specified by the user. This control
@ -1075,7 +1075,7 @@ static int acl_check_password_rights(
/*
* The "DSDB_CONTROL_PASSWORD_HASH_VALUES_OID" control, without
* "DSDB_CONTROL_PASSWORD_CHANGE_OID" control means that we
* "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID" control means that we
* have a force password set.
* This control is used by the SAMR/NETLOGON/LSA password
* reset mechanisms.

View File

@ -3864,7 +3864,7 @@ static void ph_apply_controls(struct ph_context *ac)
}
ctrl = ldb_request_get_control(ac->req,
DSDB_CONTROL_PASSWORD_CHANGE_OID);
DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID);
if (ctrl != NULL) {
ac->change = (struct dsdb_control_password_change *) ctrl->data;

View File

@ -101,7 +101,7 @@ struct dsdb_control_password_change_status {
#define DSDB_CONTROL_PASSWORD_HASH_VALUES_OID "1.3.6.1.4.1.7165.4.3.9"
#define DSDB_CONTROL_PASSWORD_CHANGE_OID "1.3.6.1.4.1.7165.4.3.10"
#define DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID "1.3.6.1.4.1.7165.4.3.10"
struct dsdb_control_password_change {
enum dsdb_password_checked old_password_checked;
};

View File

@ -1261,7 +1261,7 @@ static const struct ldap_control_handler ldap_known_controls[] = {
{ LDB_CONTROL_AS_SYSTEM_OID, NULL, NULL },
{ DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID, NULL, NULL },
{ DSDB_CONTROL_PASSWORD_HASH_VALUES_OID, NULL, NULL },
{ DSDB_CONTROL_PASSWORD_CHANGE_OID, NULL, NULL },
{ DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID, NULL, NULL },
{ DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID, NULL, NULL },
{ DSDB_CONTROL_APPLY_LINKS, NULL, NULL },
{ LDB_CONTROL_BYPASS_OPERATIONAL_OID, NULL, NULL },