From 8262ec92f7c3a8fd4e5e2bcb1c5af270f7574540 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 31 May 2016 10:39:23 +0200 Subject: [PATCH] s4:dsdb/password_hash: move ldb_msg_add_empty() calls to update_final_msg() We should only replace attributes when we're asked to do so. Currently that's always the case, but that will change soon. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- .../dsdb/samdb/ldb_modules/password_hash.c | 49 ++++++++++++++++--- 1 file changed, 41 insertions(+), 8 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 7e6ae4cb666..ebf0b804097 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -2156,6 +2156,47 @@ static int update_final_msg(struct setup_password_fields_io *io, { struct ldb_context *ldb = ldb_module_get_ctx(io->ac->module); int ret; + int el_flags = 0; + + if (io->ac->req->operation == LDB_MODIFY) { + el_flags |= LDB_FLAG_MOD_REPLACE; + } + + /* make sure we replace all the old attributes */ + if (io->ac->update_password && el_flags != 0) { + ret = ldb_msg_add_empty(msg, "unicodePwd", + el_flags, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + ret = ldb_msg_add_empty(msg, "dBCSPwd", + el_flags, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + ret = ldb_msg_add_empty(msg, "ntPwdHistory", + el_flags, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + ret = ldb_msg_add_empty(msg, "lmPwdHistory", + el_flags, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + ret = ldb_msg_add_empty(msg, "supplementalCredentials", + el_flags, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + } + if (io->ac->update_lastset && el_flags != 0) { + ret = ldb_msg_add_empty(msg, "pwdLastSet", + el_flags, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + } if (io->g.nt_hash != NULL) { ret = samdb_msg_add_hash(ldb, io->ac, msg, @@ -3499,14 +3540,6 @@ static int password_hash_mod_do_mod(struct ph_context *ac) return ret; } - /* make sure we replace all the old attributes */ - ret = ldb_msg_add_empty(msg, "unicodePwd", LDB_FLAG_MOD_REPLACE, NULL); - ret = ldb_msg_add_empty(msg, "dBCSPwd", LDB_FLAG_MOD_REPLACE, NULL); - ret = ldb_msg_add_empty(msg, "ntPwdHistory", LDB_FLAG_MOD_REPLACE, NULL); - ret = ldb_msg_add_empty(msg, "lmPwdHistory", LDB_FLAG_MOD_REPLACE, NULL); - ret = ldb_msg_add_empty(msg, "supplementalCredentials", LDB_FLAG_MOD_REPLACE, NULL); - ret = ldb_msg_add_empty(msg, "pwdLastSet", LDB_FLAG_MOD_REPLACE, NULL); - ret = update_final_msg(&io, msg); if (ret != LDB_SUCCESS) { return ret; -- 2.47.3