svn commit: samba r16240 - in
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
abartlet at samba.org
abartlet at samba.org
Thu Jun 15 00:29:12 GMT 2006
Author: abartlet
Date: 2006-06-15 00:29:11 +0000 (Thu, 15 Jun 2006)
New Revision: 16240
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16240
Log:
Add better error reporting in the password_hash module
Remove duplicate attribute in search request
Search for the domain by NDR-encoded SID, not string (consistant with
the rest of the C code, and helps partially-constructed LDAP
backends).
Use the default basedn for the domain search.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c 2006-06-14 23:52:18 UTC (rev 16239)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c 2006-06-15 00:29:11 UTC (rev 16240)
@@ -489,10 +489,11 @@
return LDB_ERR_OPERATIONS_ERROR;
}
ac->dom_req->operation = LDB_SEARCH;
- ac->dom_req->op.search.base = NULL;
+ ac->dom_req->op.search.base = samdb_base_dn(ac);
ac->dom_req->op.search.scope = LDB_SCOPE_SUBTREE;
- filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(objectClass=domain))", dom_sid_string(ac->dom_req, sid));
+ filter = talloc_asprintf(ac->dom_req, "(&(objectSid=%s)(objectClass=domain))",
+ ldap_encode_ndr_dom_sid(ac->dom_req, sid));
if (filter == NULL) {
ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n");
talloc_free(ac->dom_req);
@@ -525,6 +526,12 @@
return NULL;
}
+ if (res == NULL) {
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Could not find this user's domain!\n");
+ talloc_free(data);
+ return NULL;
+ }
+
data->pwdProperties = samdb_result_uint(res->message, "pwdProperties", 0);
data->pwdHistoryLength = samdb_result_uint(res->message, "pwdHistoryLength", 0);
tmp = ldb_msg_find_string(res->message, "dnsDomain", NULL);
@@ -575,14 +582,16 @@
/* if it is not an entry of type person its an error */
/* TODO: remove this when sambaPassword will be in schema */
if (!ldb_msg_check_string_attribute(req->op.add.message, "objectClass", "person")) {
+ ldb_set_errstring(module->ldb, talloc_asprintf(module, "Cannot set a password on entry that does not have objectClass 'person'"));
return LDB_ERR_OBJECT_CLASS_VIOLATION;
}
/* check sambaPassword is single valued here */
/* TODO: remove this when sambaPassword will be single valued in schema */
if (attribute->num_values > 1) {
- ldb_set_errstring(module->ldb, talloc_asprintf(req,
- "mupltiple values for sambaPassword not allowed!\n"));
+ ldb_set_errstring(module->ldb,
+ talloc_asprintf(req,
+ "mupltiple values for sambaPassword not allowed!\n"));
return LDB_ERR_CONSTRAINT_VIOLATION;
}
@@ -825,7 +834,6 @@
struct ph_async_context *ac;
static const char * const attrs[] = { "userAccountControl", "sambaLMPwdHistory",
"sambaNTPwdHistory",
- "ntPwdHash",
"objectSid", "msDS-KeyVersionNumber",
"objectClass", "userPrincipalName",
"samAccountName",
More information about the samba-cvs
mailing list