2025-08-04 08:22:08 +03:00 · 2008-07-12 15:26:42 +10:00
parent 0a797388ca
commit 1cf0d75149
14 changed files with 49 additions and 68 deletions
--- a/source/dsdb/common/util.c
+++ b/source/dsdb/common/util.c
@ -1741,11 +1741,11 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
 		 * Modules in ldb will set all the appropriate
 		 * hashes */
 		CHECK_RET(samdb_msg_add_string(ctx, mem_ctx, mod, 
-					       "sambaPassword", new_pass));
+					       "userPassword", new_pass));
 	} else {
 		/* We don't have the cleartext, so delete the old one
 		 * and set what we have of the hashes */
-		CHECK_RET(samdb_msg_add_delete(ctx, mem_ctx, mod, "sambaPassword"));
+		CHECK_RET(samdb_msg_add_delete(ctx, mem_ctx, mod, "userPassword"));
 		if (lmNewHash) {
 			CHECK_RET(samdb_msg_add_hash(ctx, mem_ctx, mod, "dBCSPwd", lmNewHash));
--- a/source/dsdb/samdb/ldb_modules/kludge_acl.c
+++ b/source/dsdb/samdb/ldb_modules/kludge_acl.c
@ -321,7 +321,7 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req)
 	/*  FIXME: I hink we should copy the tree and keep the original
 	 *  unmodified. SSS */
 	/* replace any attributes in the parse tree that are private,
-	   so we don't allow a search for 'sambaPassword=penguin',
+	   so we don't allow a search for 'userPassword=penguin',
 	   just as we would not allow that attribute to be returned */
 	switch (ac->user_type) {
 	case SECURITY_SYSTEM:
--- a/source/dsdb/samdb/ldb_modules/local_password.c
+++ b/source/dsdb/samdb/ldb_modules/local_password.c
@ -24,7 +24,7 @@
 *
 *  Component: ldb local_password module
 *
- *  Description: correctly update hash values based on changes to sambaPassword and friends
+ *  Description: correctly update hash values based on changes to userPassword and friends
 *
 *  Author: Andrew Bartlett
 */
@ -154,7 +154,7 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req
 		return ldb_next_request(module, req);
 	}
-	/* TODO: remove this when sambaPassword will be in schema */
+	/* TODO: remove this when userPassword will be in schema */
 	if (!ldb_msg_check_string_attribute(req->op.add.message, "objectClass", "person")) {
 		ldb_asprintf_errstring(module->ldb,
 					"Cannot relocate a password on entry: %s, does not have objectClass 'person'",
@ -417,7 +417,7 @@ static int local_password_mod_local(struct ldb_handle *h) {
 	ac = talloc_get_type(h->private_data, struct lpdb_context);
 	/* if it is not an entry of type person this is an error */
-	/* TODO: remove this when sambaPassword will be in schema */
+	/* TODO: remove this when these things are checked in the schema */
 	if (!ac->search_res) {
 		ldb_asprintf_errstring(ac->module->ldb, 
 					"entry just modified (%s) not found!",
--- a/source/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source/dsdb/samdb/ldb_modules/password_hash.c
@ -25,7 +25,7 @@
 *
 *  Component: ldb password_hash module
 *
- *  Description: correctly update hash values based on changes to sambaPassword and friends
+ *  Description: correctly update hash values based on changes to userPassword and friends
 *
 *  Author: Andrew Bartlett
 *  Author: Stefan Metzmacher
@ -54,7 +54,7 @@
 /* If we have decided there is reason to work on this request, then
 * setup all the password hash types correctly.
 *
- * If the administrator doesn't want the sambaPassword stored (set in the
+ * If the administrator doesn't want the userPassword stored (set in the
 * domain and per-account policies) then we must strip that out before
 * we do the first operation.
 *
@ -1341,10 +1341,10 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
 		return LDB_ERR_UNWILLING_TO_PERFORM;
 	}
-	/* If no part of this ADD touches the sambaPassword, or the NT
+	/* If no part of this ADD touches the userPassword, or the NT
 	 * or LM hashes, then we don't need to make any changes.  */
-	sambaAttr = ldb_msg_find_element(req->op.mod.message, "sambaPassword");
+	sambaAttr = ldb_msg_find_element(req->op.mod.message, "userPassword");
 	ntAttr = ldb_msg_find_element(req->op.mod.message, "unicodePwd");
 	lmAttr = ldb_msg_find_element(req->op.mod.message, "dBCSPwd");
@ -1353,16 +1353,16 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
 	}
 	/* if it is not an entry of type person its an error */
-	/* TODO: remove this when sambaPassword will be in schema */
+	/* TODO: remove this when userPassword will be in schema */
 	if (!ldb_msg_check_string_attribute(req->op.add.message, "objectClass", "person")) {
 		ldb_set_errstring(module->ldb, "Cannot set a password on entry that does not have objectClass 'person'");
 		return LDB_ERR_OBJECT_CLASS_VIOLATION;
 	}
-	/* check sambaPassword is single valued here */
+	/* check userPassword is single valued here */
-	/* TODO: remove this when sambaPassword will be single valued in schema */
+	/* TODO: remove this when userPassword will be single valued in schema */
 	if (sambaAttr && sambaAttr->num_values > 1) {
-		ldb_set_errstring(module->ldb, "mupltiple values for sambaPassword not allowed!\n");
+		ldb_set_errstring(module->ldb, "mupltiple values for userPassword not allowed!\n");
 		return LDB_ERR_CONSTRAINT_VIOLATION;
 	}
@ -1376,7 +1376,7 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
 	}
 	if (sambaAttr && sambaAttr->num_values == 0) {
-		ldb_set_errstring(module->ldb, "sambaPassword must have a value!\n");
+		ldb_set_errstring(module->ldb, "userPassword must have a value!\n");
 		return LDB_ERR_CONSTRAINT_VIOLATION;
 	}
@ -1459,12 +1459,12 @@ static int password_hash_add_do_add(struct ldb_handle *h) {
 	io.u.user_principal_name	= samdb_result_string(msg, "userPrincipalName", NULL);
 	io.u.is_computer		= ldb_msg_check_string_attribute(msg, "objectClass", "computer");
-	io.n.cleartext			= samdb_result_string(msg, "sambaPassword", NULL);
+	io.n.cleartext			= samdb_result_string(msg, "userPassword", NULL);
 	io.n.nt_hash			= samdb_result_hash(io.ac, msg, "unicodePwd");
 	io.n.lm_hash			= samdb_result_hash(io.ac, msg, "dBCSPwd");
 	/* remove attributes */
-	if (io.n.cleartext) ldb_msg_remove_attr(msg, "sambaPassword");
+	if (io.n.cleartext) ldb_msg_remove_attr(msg, "userPassword");
 	if (io.n.nt_hash) ldb_msg_remove_attr(msg, "unicodePwd");
 	if (io.n.lm_hash) ldb_msg_remove_attr(msg, "dBCSPwd");
 	ldb_msg_remove_attr(msg, "pwdLastSet");
@ -1573,11 +1573,11 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
 		return LDB_ERR_UNWILLING_TO_PERFORM;
 	}
-	sambaAttr = ldb_msg_find_element(req->op.mod.message, "sambaPassword");
+	sambaAttr = ldb_msg_find_element(req->op.mod.message, "userPassword");
 	ntAttr = ldb_msg_find_element(req->op.mod.message, "unicodePwd");
 	lmAttr = ldb_msg_find_element(req->op.mod.message, "dBCSPwd");
-	/* If no part of this touches the sambaPassword OR unicodePwd and/or dBCSPwd, then we don't
+	/* If no part of this touches the userPassword OR unicodePwd and/or dBCSPwd, then we don't
 	 * need to make any changes.  For password changes/set there should
 	 * be a 'delete' or a 'modify' on this attribute. */
 	if ((!sambaAttr) && (!ntAttr) && (!lmAttr)) {
@ -1619,7 +1619,7 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
 	/* - remove any imodification to the password from the first commit
 	 *   we will make the real modification later */
-	if (sambaAttr) ldb_msg_remove_attr(msg, "sambaPassword");
+	if (sambaAttr) ldb_msg_remove_attr(msg, "userPassword");
 	if (ntAttr) ldb_msg_remove_attr(msg, "unicodePwd");
 	if (lmAttr) ldb_msg_remove_attr(msg, "dBCSPwd");
@ -1655,7 +1655,7 @@ static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_
 		}
 		/* if it is not an entry of type person this is an error */
-		/* TODO: remove this when sambaPassword will be in schema */
+		/* TODO: remove this when userPassword will be in schema */
 		if (!ldb_msg_check_string_attribute(ares->message, "objectClass", "person")) {
 			ldb_set_errstring(ldb, "Object class violation");
 			talloc_free(ares);
@ -1790,7 +1790,7 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) {
 	io.u.user_principal_name	= samdb_result_string(searched_msg, "userPrincipalName", NULL);
 	io.u.is_computer		= ldb_msg_check_string_attribute(searched_msg, "objectClass", "computer");
-	io.n.cleartext			= samdb_result_string(orig_msg, "sambaPassword", NULL);
+	io.n.cleartext			= samdb_result_string(orig_msg, "userPassword", NULL);
 	io.n.nt_hash			= samdb_result_hash(io.ac, orig_msg, "unicodePwd");
 	io.n.lm_hash			= samdb_result_hash(io.ac, orig_msg, "dBCSPwd");
--- a/source/dsdb/samdb/ldb_modules/samba3sam.c
+++ b/source/dsdb/samdb/ldb_modules/samba3sam.c
@ -848,9 +848,9 @@ const struct ldb_map_attribute samba3_attributes[] =
 		.type = MAP_IGNORE,
 	},
-	/* sambaPassword */
+	/* userPassword */
 	{
-		.local_name = "sambaPassword",
+		.local_name = "userPassword",
 		.type = MAP_IGNORE,
 	},
--- a/source/dsdb/samdb/ldb_modules/simple_ldap_map.c
+++ b/source/dsdb/samdb/ldb_modules/simple_ldap_map.c
@ -354,15 +354,6 @@ static const struct ldb_map_attribute entryuuid_attributes[] =
 			 }
 		}
 	},
 	{
 		.local_name = "sambaPassword",
 		.type = MAP_RENAME,
 		.u = {
 			.rename = {
 				 .remote_name = "userPassword"
 			 }
 		}
 	},
 	{
 		.local_name = "objectCategory",
 		.type = MAP_CONVERT,
@ -504,15 +495,6 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] =
 			 }
 		}
 	},
 	{
 		.local_name = "sambaPassword",
 		.type = MAP_RENAME,
 		.u = {
 			.rename = {
 				 .remote_name = "userPassword"
 			 }
 		}
 	},
 	{
 		.local_name = "objectCategory",
 		.type = MAP_CONVERT,
--- a/source/libnet/libnet_samsync_ldb.c
+++ b/source/libnet/libnet_samsync_ldb.c
@ -366,7 +366,7 @@ static NTSTATUS samsync_ldb_handle_user(TALLOC_CTX *mem_ctx,
 		/* Passwords.  Ensure there is no plaintext stored against
 		 * this entry, as we only have hashes */
 		samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg,  
-				     "sambaPassword"); 
+				     "userPassword"); 
 	}
 	if (user->lm_password_present) {
 		samdb_msg_add_hash(state->sam_ldb, mem_ctx, msg,  
--- a/source/scripting/python/samba/samdb.py
+++ b/source/scripting/python/samba/samdb.py
@ -112,7 +112,7 @@ userAccountControl: %u
        #  now the real work
        self.add({"dn": user_dn, 
            "sAMAccountName": username,
-            "sambaPassword": password,
+            "userPassword": password,
            "objectClass": "user"})
        res = self.search(user_dn, scope=ldb.SCOPE_BASE,
@ -163,8 +163,8 @@ userAccountControl: %u
        setpw = """
 dn: %s
 changetype: modify
-replace: sambaPassword
+replace: userPassword
-sambaPassword: %s
+userPassword: %s
 """ % (user_dn, password)
        self.modify_ldif(setpw)
--- a/source/setup/provision_init.ldif
+++ b/source/setup/provision_init.ldif
@ -10,7 +10,7 @@ name: CASE_INSENSITIVE
 dn: CASE_INSENSITIVE
 sAMAccountName: CASE_INSENSITIVE
 objectClass: CASE_INSENSITIVE
-sambaPassword: HIDDEN
+userPassword: HIDDEN
 krb5Key: HIDDEN
 ntPwdHash: HIDDEN
 sambaNTPwdHistory: HIDDEN
@ -27,7 +27,7 @@ dn: @OPTIONS
 checkBaseOnSearch: TRUE
 dn: @KLUDGEACL
-passwordAttribute: sambaPassword
+passwordAttribute: userPassword
 passwordAttribute: ntPwdHash
 passwordAttribute: sambaNTPwdHistory
 passwordAttribute: lmPwdHash
--- a/source/setup/provision_self_join.ldif
+++ b/source/setup/provision_self_join.ldif
@ -12,7 +12,7 @@ operatingSystem: Samba
 operatingSystemVersion: 4.0
 dNSHostName: ${DNSNAME}
 isCriticalSystemObject: TRUE
-sambaPassword:: ${MACHINEPASS_B64}
+userPassword:: ${MACHINEPASS_B64}
 servicePrincipalName: HOST/${DNSNAME}
 servicePrincipalName: HOST/${NETBIOSNAME}
 servicePrincipalName: HOST/${DNSNAME}/${REALM}
@ -33,7 +33,7 @@ accountExpires: 9223372036854775807
 sAMAccountName: dns
 servicePrincipalName: DNS/${DNSDOMAIN}
 isCriticalSystemObject: TRUE
-sambaPassword:: ${DNSPASS_B64}
+userPassword:: ${DNSPASS_B64}
 showInAdvancedViewOnly: TRUE
 dn: ${SERVERDN}
--- a/source/setup/provision_users.ldif
+++ b/source/setup/provision_users.ldif
@ -8,7 +8,7 @@ adminCount: 1
 accountExpires: 9223372036854775807
 sAMAccountName: Administrator
 isCriticalSystemObject: TRUE
-sambaPassword:: ${ADMINPASS_B64}
+userPassword:: ${ADMINPASS_B64}
 dn: CN=Guest,CN=Users,${DOMAINDN}
 objectClass: user
@ -46,7 +46,7 @@ accountExpires: 9223372036854775807
 sAMAccountName: krbtgt
 servicePrincipalName: kadmin/changepw
 isCriticalSystemObject: TRUE
-sambaPassword:: ${KRBTGTPASS_B64}
+userPassword:: ${KRBTGTPASS_B64}
 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
 objectClass: top
--- a/source/setup/schema-map-fedora-ds-1.0
+++ b/source/setup/schema-map-fedora-ds-1.0
@ -12,8 +12,6 @@ description
 cn
 dITContentRules
 top
 #This shouldn't make it to the ldap server
 sambaPassword
 #This should be provided by the LDAP server, only in our schema to permit provision
 aci
 #Skip ObjectClasses
--- a/source/setup/schema-map-openldap-2.3
+++ b/source/setup/schema-map-openldap-2.3
@ -13,8 +13,6 @@ cn
 top
 #The memberOf plugin provides this attribute
 memberOf
 #This shouldn't make it to the ldap server
 sambaPassword
 #These conflict with OpenLDAP builtins
 attributeTypes:samba4AttributeTypes
 2.5.21.5:1.3.6.1.4.1.7165.4.255.7
--- a/source/setup/schema_samba4.ldif
+++ b/source/setup/schema_samba4.ldif
@ -83,18 +83,21 @@
 #attributeSyntax: 2.5.5.10
 #oMSyntax: 4
-dn: CN=sambaPassword,${SCHEMADN}
+#
-objectClass: top
+# Not used anymore
-objectClass: attributeSchema
+#
-lDAPDisplayName: sambaPassword
+#dn: CN=sambaPassword,${SCHEMADN}
-isSingleValued: FALSE
+#objectClass: top
-systemFlags: 17
+#objectClass: attributeSchema
-systemOnly: TRUE
+#lDAPDisplayName: sambaPassword
-schemaIDGUID: 87F10301-229A-4E69-B63A-998339ADA37A
+#isSingleValued: FALSE
-adminDisplayName: SAMBA-Password
+#systemFlags: 17
-attributeID: 1.3.6.1.4.1.7165.4.1.5
+#systemOnly: TRUE
-attributeSyntax: 2.5.5.5
+#schemaIDGUID: 87F10301-229A-4E69-B63A-998339ADA37A
-oMSyntax: 22
+#adminDisplayName: SAMBA-Password
 #attributeID: 1.3.6.1.4.1.7165.4.1.5
 #attributeSyntax: 2.5.5.5
 #oMSyntax: 22
 #
 # Not used anymore