mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s4:dsdb/password_hash: implement DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID
metze
This commit is contained in:
parent
6d7b9648e5
commit
a236bc4b33
@ -2187,6 +2187,7 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
|
||||
struct ldb_message_element *userPasswordAttr, *clearTextPasswordAttr,
|
||||
*ntAttr, *lmAttr;
|
||||
int ret;
|
||||
struct ldb_control *bypass = NULL;
|
||||
|
||||
ldb = ldb_module_get_ctx(module);
|
||||
|
||||
@ -2202,6 +2203,15 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
|
||||
return ldb_next_request(module, req);
|
||||
}
|
||||
|
||||
bypass = ldb_request_get_control(req,
|
||||
DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID);
|
||||
if (bypass != NULL) {
|
||||
/* Mark the "bypass" control as uncritical (done) */
|
||||
bypass->critical = false;
|
||||
ldb_debug(ldb, LDB_DEBUG_TRACE, "password_hash_add (bypassing)\n");
|
||||
return ldb_next_request(module, req);
|
||||
}
|
||||
|
||||
/* nobody must touch password histories and 'supplementalCredentials' */
|
||||
if (ldb_msg_find_element(req->op.add.message, "ntPwdHistory")) {
|
||||
return LDB_ERR_UNWILLING_TO_PERFORM;
|
||||
@ -2363,6 +2373,7 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
|
||||
struct ldb_message *msg;
|
||||
struct ldb_request *down_req;
|
||||
int ret;
|
||||
struct ldb_control *bypass = NULL;
|
||||
|
||||
ldb = ldb_module_get_ctx(module);
|
||||
|
||||
@ -2378,6 +2389,15 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
|
||||
return ldb_next_request(module, req);
|
||||
}
|
||||
|
||||
bypass = ldb_request_get_control(req,
|
||||
DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID);
|
||||
if (bypass != NULL) {
|
||||
/* Mark the "bypass" control as uncritical (done) */
|
||||
bypass->critical = false;
|
||||
ldb_debug(ldb, LDB_DEBUG_TRACE, "password_hash_modify (bypassing)\n");
|
||||
return ldb_next_request(module, req);
|
||||
}
|
||||
|
||||
/* nobody must touch password histories and 'supplementalCredentials' */
|
||||
if (ldb_msg_find_element(req->op.mod.message, "ntPwdHistory")) {
|
||||
return LDB_ERR_UNWILLING_TO_PERFORM;
|
||||
|
Loading…
Reference in New Issue
Block a user