sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code

s4:dsdb: Store found managed password ID as part of gMSA update structure

Browse Source 
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Jo Sutton 2024-04-16 14:03:36 +12:00 committed by Jo Sutton
parent 8bcefaaa5c
commit 99071bbcf4
2 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
source4/dsdb/gmsa/util.c
View File

@ -807,6 +807,7 @@ static int gmsa_create_update(TALLOC_CTX *mem_ctx,
struct gmsa_update **update_out)
{
TALLOC_CTX *tmp_ctx = NULL;
const DATA_BLOB *found_pwd_id = NULL;
struct ldb_request *old_pw_req = NULL;
struct ldb_request *new_pw_req = NULL;
struct ldb_request *pwd_id_req = NULL;
@ -909,6 +910,37 @@ static int gmsa_create_update(TALLOC_CTX *mem_ctx,
goto out;
}
{
/*
* Remember the original managed password ID so that we can
* confirm it hasnt changed when we perform the update.
*/
const struct ldb_val *pwd_id_blob = ldb_msg_find_ldb_val(
msg, "msDS-ManagedPasswordId");
if (pwd_id_blob != NULL) {
DATA_BLOB found_pwd_id_data = {};
DATA_BLOB *found_pwd_id_blob = NULL;
found_pwd_id_blob = talloc(tmp_ctx, DATA_BLOB);
if (found_pwd_id_blob == NULL) {
ret = ldb_oom(ldb);
goto out;
}
found_pwd_id_data = data_blob_dup_talloc(
found_pwd_id_blob, *pwd_id_blob);
if (found_pwd_id_data.length != pwd_id_blob->length) {
ret = ldb_oom(ldb);
goto out;
}
*found_pwd_id_blob = found_pwd_id_data;
found_pwd_id = found_pwd_id_blob;
}
}
account_dn = ldb_dn_copy(tmp_ctx, msg->dn);
if (account_dn == NULL) {
ret = ldb_oom(ldb);
@ -923,6 +955,7 @@ static int gmsa_create_update(TALLOC_CTX *mem_ctx,
*update = (struct gmsa_update){
.dn = talloc_steal(update, account_dn),
.found_pwd_id = talloc_steal(update, found_pwd_id),
.old_pw_req = talloc_steal(update, old_pw_req),
.new_pw_req = talloc_steal(update, new_pw_req),
.pwd_id_req = talloc_steal(update, pwd_id_req)};

5
source4/dsdb/gmsa/util.h
View File

@ -33,6 +33,11 @@
struct gmsa_update {
/* The DN of the gMSA to be updated. */
struct ldb_dn *dn;
/*
* The managed password ID (if any) found in the database at the time of
* preparing this update.
*/
const DATA_BLOB *found_pwd_id;
/* An optional request to set the previous password. */
struct ldb_request *old_pw_req;
/* A request to set the current password. */