From: Jo Sutton Date: Thu, 11 Apr 2024 08:15:07 +0000 (+1200) Subject: s4:dsdb: Indicate to the LDAP server physical passwords that need to be refreshed X-Git-Tag: tdb-1.4.11~1062 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f2d3b7cf284cc9f263060a36c3e4c58ca4a12bc;p=thirdparty%2Fsamba.git s4:dsdb: Indicate to the LDAP server physical passwords that need to be refreshed Signed-off-by: Jo Sutton Reviewed-by: Andrew Bartlett --- diff --git a/source4/dsdb/samdb/ldb_modules/managed_pwd.c b/source4/dsdb/samdb/ldb_modules/managed_pwd.c index 735e58b65c6..b02e3a693cf 100644 --- a/source4/dsdb/samdb/ldb_modules/managed_pwd.c +++ b/source4/dsdb/samdb/ldb_modules/managed_pwd.c @@ -137,6 +137,28 @@ static int gmsa_managed_password(struct ldb_context *const ldb, SMB_ASSERT(return_pwd.new_pwd != NULL); + if (gmsa_update != NULL) { + /* + * Return a control to indicate to the LDAP server that it needs + * to refresh the physical passwords — that is, the keys in the + * database, and the ManagedPasswordId attribute. + */ + ret = ldb_reply_add_control(ares, + DSDB_CONTROL_GMSA_UPDATE_OID, + false, + gmsa_update); + if (ret) { + /* Ignore the error. */ + ret = LDB_SUCCESS; + } else { + /* + * Link the lifetime of the GMSA update control to that + * of the reply. + */ + talloc_steal(ares, gmsa_update); + } + } + { DATA_BLOB packed_blob = {};