svn commit: samba r19307 - in branches/SAMBA_4_0_RELEASE/source: dsdb/samdb/ldb_modules libnet

[abartlet at samba.org]

Author: abartlet
Date: 2006-10-16 01:09:10 +0000 (Mon, 16 Oct 2006)
New Revision: 19307

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19307

Log:
Fix samsync.

The problem was that we were adding an empty sambaPassword attribute
in the vampire code.  We should never add empty attributes, they are
illigal.  (It however a valid way to delete an attribute on a modify
request).

Also add some code to the password_hash module that would have made
this easier to track down.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/password_hash.c
   branches/SAMBA_4_0_RELEASE/source/libnet/libnet_samsync_ldb.c


Changeset:
Modified: branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/password_hash.c
===================================================================
--- branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/password_hash.c	2006-10-16 01:03:43 UTC (rev 19306)
+++ branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/password_hash.c	2006-10-16 01:09:10 UTC (rev 19307)
@@ -102,7 +102,7 @@
 	
 	sambaPassword = ldb_msg_find_attr_as_string(msg, "sambaPassword", NULL);
 	if (sambaPassword == NULL) { /* impossible, what happened ?! */
-		return LDB_ERR_OPERATIONS_ERROR;
+		return LDB_ERR_CONSTRAINT_VIOLATION;
 	}
 
 	if (is_mod) {
@@ -634,6 +634,20 @@
 		return LDB_ERR_CONSTRAINT_VIOLATION;
 	}
 
+	if (sambaAttr && sambaAttr->num_values == 0) {
+		ldb_set_errstring(module->ldb, "sambaPassword must have a value!\n");
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
+	if (ntAttr && (ntAttr->num_values == 0)) {
+		ldb_set_errstring(module->ldb, "lmPwdHash must have a value!\n");
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+	if (lmAttr && (lmAttr->num_values == 0)) {
+		ldb_set_errstring(module->ldb, "lmPwdHash must have a value!\n");
+		return LDB_ERR_CONSTRAINT_VIOLATION;
+	}
+
 	h = ph_init_handle(req, module, PH_ADD);
 	if (!h) {
 		return LDB_ERR_OPERATIONS_ERROR;

Modified: branches/SAMBA_4_0_RELEASE/source/libnet/libnet_samsync_ldb.c
===================================================================
--- branches/SAMBA_4_0_RELEASE/source/libnet/libnet_samsync_ldb.c	2006-10-16 01:03:43 UTC (rev 19306)
+++ branches/SAMBA_4_0_RELEASE/source/libnet/libnet_samsync_ldb.c	2006-10-16 01:09:10 UTC (rev 19307)
@@ -357,21 +357,23 @@
 		return NT_STATUS_NO_MEMORY; 
 	} 
 	
-	/* Passwords.  Ensure there is no plaintext stored against
-	 * this entry, as we only have hashes */
-	samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg,  
-			     "sambaPassword"); 
+	if (!add) {
+		/* Passwords.  Ensure there is no plaintext stored against
+		 * this entry, as we only have hashes */
+		samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg,  
+				     "sambaPassword"); 
+	}
 	if (user->lm_password_present) {
 		samdb_msg_add_hash(state->sam_ldb, mem_ctx, msg,  
 				   "lmPwdHash", &user->lmpassword);
-	} else {
+	} else if (!add) {
 		samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg,  
 				     "lmPwdHash"); 
 	}
 	if (user->nt_password_present) {
 		samdb_msg_add_hash(state->sam_ldb, mem_ctx, msg,  
 				   "ntPwdHash", &user->ntpassword);
-	} else {
+	} else if (!add) {
 		samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg,  
 				     "ntPwdHash"); 
 	}