From: Jo Sutton Date: Wed, 17 Apr 2024 01:27:19 +0000 (+1200) Subject: s4:dsdb: Move the responsibility for determining whether an account is a gMSA out... X-Git-Tag: tdb-1.4.11~1061 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=245dc1f0f2b10912dcba5502489acb0db13b830a;p=thirdparty%2Fsamba.git s4:dsdb: Move the responsibility for determining whether an account is a gMSA out of gmsa_recalculate_managed_pwd() and into its callers. Signed-off-by: Jo Sutton Reviewed-by: Andrew Bartlett --- diff --git a/source4/dsdb/gmsa/util.c b/source4/dsdb/gmsa/util.c index ef67f6c162f..4397219eb78 100644 --- a/source4/dsdb/gmsa/util.c +++ b/source4/dsdb/gmsa/util.c @@ -1108,6 +1108,15 @@ static bool samdb_result_gkdi_rollover_interval(const struct ldb_message *msg, rollover_interval_out); } +/* + * Recalculate the managed password of an account. The account referred to by + * ‘msg’ should be a Group Managed Service Account. + * + * Updated passwords are returned in ‘update_out’. + * + * Pass in a non‐NULL pointer for ‘return_out’ if you want the passwords as + * reflected by the msDS-ManagedPassword operational attribute. + */ int gmsa_recalculate_managed_pwd(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const struct ldb_message *msg, @@ -1143,20 +1152,6 @@ int gmsa_recalculate_managed_pwd(TALLOC_CTX *mem_ctx, } *update_out = NULL; - { - /* Is the account a Group Managed Service Account? */ - const bool is_gmsa = dsdb_account_is_gmsa(ldb, msg); - if (!is_gmsa) { - /* It’s not a GMSA — we’re done here. */ - *update_out = NULL; - if (return_out != NULL) { - *return_out = (struct gmsa_return_pwd){}; - } - ret = LDB_SUCCESS; - goto out; - } - } - /* Calculate the rollover interval. */ ok = samdb_result_gkdi_rollover_interval(msg, &rollover_interval); if (!ok || rollover_interval == 0) { diff --git a/source4/dsdb/gmsa/util.h b/source4/dsdb/gmsa/util.h index ef14b423f3b..371bdf2c594 100644 --- a/source4/dsdb/gmsa/util.h +++ b/source4/dsdb/gmsa/util.h @@ -99,6 +99,15 @@ struct gmsa_return_pwd { NTTIME unchanged_interval; }; +/* + * Recalculate the managed password of an account. The account referred to by + * ‘msg’ should be a Group Managed Service Account. + * + * Updated passwords are returned in ‘update_out’. + * + * Pass in a non‐NULL pointer for ‘return_out’ if you want the passwords as + * reflected by the msDS-ManagedPassword operational attribute. + */ int gmsa_recalculate_managed_pwd(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const struct ldb_message *msg,