sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-04 17:47:26 +03:00
Code

s4:dsdb/password_hash: force replication meta data for empty password attributes

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2016-06-01 23:25:22 +02:00 committed by Andrew Bartlett
parent b0501a1cb0
commit 26d117c2a2
1 changed files with 37 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
source4/dsdb/samdb/ldb_modules/password_hash.c
View File

@ -2289,13 +2289,44 @@ static int update_final_msg(struct setup_password_fields_io *io)
struct ldb_context *ldb = ldb_module_get_ctx(io->ac->module);
int ret;
int el_flags = 0;
bool update_password = io->ac->update_password;
bool update_scb = io->ac->update_password;
if (io->ac->req->operation == LDB_MODIFY) {
/*
* If we add a user without initial password,
* we need to add replication meta data for
* following attributes:
* - unicodePwd
* - dBCSPwd
* - ntPwdHistory
* - lmPwdHistory
*
* If we add a user with initial password or a
* password is changed of an existing user,
* we need to replace the following attributes
* with a forced meta data update, e.g. also
* when updating an empty attribute with an empty value:
* - unicodePwd
* - dBCSPwd
* - ntPwdHistory
* - lmPwdHistory
* - supplementalCredentials
*/
switch (io->ac->req->operation) {
case LDB_ADD:
update_password = true;
el_flags |= DSDB_FLAG_INTERNAL_FORCE_META_DATA;
break;
case LDB_MODIFY:
el_flags |= LDB_FLAG_MOD_REPLACE;
el_flags |= DSDB_FLAG_INTERNAL_FORCE_META_DATA;
break;
default:
return ldb_module_operr(io->ac->module);
}
/* make sure we replace all the old attributes */
if (io->ac->update_password && el_flags != 0) {
if (update_password) {
ret = ldb_msg_add_empty(io->ac->update_msg,
"unicodePwd",
el_flags, NULL);
@ -2320,6 +2351,8 @@ static int update_final_msg(struct setup_password_fields_io *io)
if (ret != LDB_SUCCESS) {
return ret;
}
}
if (update_scb) {
ret = ldb_msg_add_empty(io->ac->update_msg,
"supplementalCredentials",
el_flags, NULL);
@ -2327,7 +2360,7 @@ static int update_final_msg(struct setup_password_fields_io *io)
return ret;
}
}
if (io->ac->update_lastset && el_flags != 0) {
if (io->ac->update_lastset) {
ret = ldb_msg_add_empty(io->ac->update_msg,
"pwdLastSet",
el_flags, NULL);