CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control

Will be used to pass "user password change" vs "password reset" from the ACL to the password_hash module, ensuring both modules treat the request identical. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
author: Ralph Boehme <slow@samba.org> 2018-02-16 15:30:13 +0100
committer: Stefan Metzmacher <metze@samba.org> 2018-03-13 10:23:10 +0100
commit: 6335660ea218fe59f461658db0be364b8b58b4ca (patch)
tree: b1b60640f68a3dcca325cf3605b92a5524a3b973 /source4/dsdb
parent: f8ff72d75bef5552eb00852a3012db44261d423f (diff)
download: samba-6335660ea218fe59f461658db0be364b8b58b4ca.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h
index 6a4820c3378..eb527402806 100644
--- a/source4/dsdb/samdb/samdb.h
+++ b/source4/dsdb/samdb/samdb.h
@@ -195,6 +195,15 @@ struct dsdb_control_password_user_account_control {
 
 #define DSDB_CONTROL_INVALID_NOT_IMPLEMENTED "1.3.6.1.4.1.7165.4.3.32"
 
+/*
+ * Used to pass "user password change" vs "password reset" from the ACL to the
+ * password_hash module, ensuring both modules treat the request identical.
+ */
+#define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID "1.3.6.1.4.1.7165.4.3.33"
+struct dsdb_control_password_acl_validation {
+	bool pwd_reset;
+};
+
 #define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1"
 struct dsdb_extended_replicated_object {
 	struct ldb_message *msg;
author	Ralph Boehme <slow@samba.org>	2018-02-16 15:30:13 +0100
committer	Stefan Metzmacher <metze@samba.org>	2018-03-13 10:23:10 +0100
commit	6335660ea218fe59f461658db0be364b8b58b4ca (patch)
tree	b1b60640f68a3dcca325cf3605b92a5524a3b973 /source4/dsdb
parent	f8ff72d75bef5552eb00852a3012db44261d423f (diff)
download	samba-6335660ea218fe59f461658db0be364b8b58b4ca.tar.gz