svn commit: samba r18240 - in
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
abartlet at samba.org
abartlet at samba.org
Fri Sep 8 00:23:22 GMT 2006
Author: abartlet
Date: 2006-09-08 00:23:21 +0000 (Fri, 08 Sep 2006)
New Revision: 18240
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18240
Log:
Make it clearer when we store the plaintext password.
Store the plaintext password in userPassword in the LDAP backend so
that the OpenLDAP server can use DIGEST-MD5.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/entryUUID.c
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/entryUUID.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/entryUUID.c 2006-09-08 00:19:32 UTC (rev 18239)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/entryUUID.c 2006-09-08 00:23:21 UTC (rev 18240)
@@ -215,6 +215,15 @@
}
},
{
+ .local_name = "sambaPassword",
+ .type = MAP_RENAME,
+ .u = {
+ .rename = {
+ .remote_name = "userPassword"
+ }
+ }
+ },
+ {
.local_name = "allowedChildClassesEffective",
.type = MAP_CONVERT,
.u = {
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c 2006-09-08 00:19:32 UTC (rev 18239)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c 2006-09-08 00:23:21 UTC (rev 18240)
@@ -88,6 +88,7 @@
};
struct domain_data {
+ BOOL store_cleartext;
uint_t pwdProperties;
uint_t pwdHistoryLength;
char *dns_domain;
@@ -535,7 +536,8 @@
return NULL;
}
- data->pwdProperties = samdb_result_uint(res->message, "pwdProperties", 0);
+ data->pwdProperties= samdb_result_uint(res->message, "pwdProperties", 0);
+ data->store_cleartext = data->pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT;
data->pwdHistoryLength = samdb_result_uint(res->message, "pwdHistoryLength", 0);
/* For a domain DN, this puts things in dotted notation */
@@ -692,6 +694,7 @@
/* if we have sambaPassword in the original message add the operatio on it here */
sambaAttr = ldb_msg_find_element(msg, "sambaPassword");
if (sambaAttr) {
+ unsigned int user_account_control;
ret = add_password_hashes(ac->module, msg, 0);
/* we can compute new password hashes from the unicode password */
if (ret != LDB_SUCCESS) {
@@ -715,8 +718,10 @@
/* if both the domain properties and the user account controls do not permit
* clear text passwords then wipe out the sambaPassword */
- if ((!(domain->pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT)) ||
- (!(ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0) & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED))) {
+ user_account_control = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0);
+ if (domain->store_cleartext && (user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) {
+ /* Keep sambaPassword attribute */
+ } else {
ldb_msg_remove_attr(msg, "sambaPassword");
}
}
@@ -1022,8 +1027,10 @@
/* if the domain properties or the user account controls do not permit
* clear text passwords then wipe out the sambaPassword */
- if ((!(domain->pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT)) ||
- (!(ldb_msg_find_attr_as_uint(ac->search_res->message, "userAccountControl", 0) & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED))) {
+ if (domain->store_cleartext &&
+ (ldb_msg_find_attr_as_uint(ac->search_res->message, "userAccountControl", 0) & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) {
+ /* Keep sambaPassword attribute */
+ } else {
ldb_msg_remove_attr(msg, "sambaPassword");
}
More information about the samba-cvs
mailing list