diff options
author | Stefan Metzmacher <metze@samba.org> | 2012-12-10 23:56:47 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2012-12-11 18:05:48 +0100 |
commit | 8fc0b5774966590d1175bbe2bc2bcd8384105661 (patch) | |
tree | 4dd65424c34e4b458d25b20c8a77928ba1ef3975 | |
parent | ee4f3ff81309b53411e6d6282e130d69d7cb9c38 (diff) | |
download | samba-8fc0b5774966590d1175bbe2bc2bcd8384105661.tar.gz |
s4:dsdb/common: only pass the DSDB_CONTROL_PASSWORD_HASH_VALUES_OID if required
This should give the password_hash module a chance to detect if the called
was the cleartext password or not.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r-- | source4/dsdb/common/util.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 632d5bfa202..4543003a3e8 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1978,6 +1978,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_request *req; struct dsdb_control_password_change_status *pwd_stat = NULL; int ret; + bool hash_values = false; NTSTATUS status = NT_STATUS_OK; #define CHECK_RET(x) \ @@ -2013,6 +2014,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, el = ldb_msg_find_element(msg, "unicodePwd"); el->flags = LDB_FLAG_MOD_REPLACE; } + hash_values = true; } else { /* the password wasn't specified correctly */ talloc_free(msg); @@ -2050,13 +2052,15 @@ NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } } - ret = ldb_request_add_control(req, - DSDB_CONTROL_PASSWORD_HASH_VALUES_OID, - true, NULL); - if (ret != LDB_SUCCESS) { - talloc_free(req); - talloc_free(msg); - return NT_STATUS_NO_MEMORY; + if (hash_values) { + ret = ldb_request_add_control(req, + DSDB_CONTROL_PASSWORD_HASH_VALUES_OID, + true, NULL); + if (ret != LDB_SUCCESS) { + talloc_free(req); + talloc_free(msg); + return NT_STATUS_NO_MEMORY; + } } ret = ldb_request_add_control(req, DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID, |