[SCM] Samba Shared Repository - branch master updated

Mon Jul 5 10:03:53 MDT 2010

The branch, master has been updated
       via  a236bc4... s4:dsdb/password_hash: implement DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID
       via  6d7b964... s4:dsdb: allocate DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID
       via  24d6950... s4:dsdb/password_hash: fix some c++ compiler warnings
      from  4a0edb5... DNS objects should not be ignored

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit a236bc4b334433eb743cb88a8a5f36c7d694681c
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jun 30 08:26:08 2010 +0200

    s4:dsdb/password_hash: implement DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID
    
    metze

commit 6d7b9648e5bff20136dd4462313ce4c3cd502662
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jun 30 08:24:35 2010 +0200

    s4:dsdb: allocate DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID
    
    When importing users from Samba3 we need to control all values.
    
    metze

commit 24d6950f631f7b1f36ee72c1d06b6b4bc9a1033a
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jun 30 12:08:30 2010 +0200

    s4:dsdb/password_hash: fix some c++ compiler warnings
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/password_hash.c |   41 ++++++++++++++++++-----
 source4/dsdb/samdb/samdb.h                     |    5 +++
 source4/setup/schema_samba4.ldif               |    1 +
 3 files changed, 38 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 0a34645..505f2c2 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1405,11 +1405,12 @@ static int setup_given_passwords(struct setup_password_fields_io *io,
 
 static int setup_password_fields(struct setup_password_fields_io *io)
 {
-	struct ldb_context *ldb;
+	struct ldb_context *ldb = ldb_module_get_ctx(io->ac->module);
+	struct loadparm_context *lp_ctx =
+		lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+					 struct loadparm_context);
 	int ret;
 
-	ldb = ldb_module_get_ctx(io->ac->module);
-
 	/* transform the old password (for password changes) */
 	ret = setup_given_passwords(io, &io->og);
 	if (ret != LDB_SUCCESS) {
@@ -1434,7 +1435,7 @@ static int setup_password_fields(struct setup_password_fields_io *io)
 		return ret;
 	}
 
-	if (lp_lanman_auth(ldb_get_opaque(ldb, "loadparm"))) {
+	if (lp_lanman_auth(lp_ctx)) {
 		ret = setup_lm_fields(io);
 		if (ret != LDB_SUCCESS) {
 			return ret;
@@ -1631,7 +1632,8 @@ static int setup_io(struct ph_context *ac,
 	const struct ldb_val *quoted_utf16, *old_quoted_utf16, *lm_hash, *old_lm_hash;
 	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
 	struct loadparm_context *lp_ctx =
-		(struct loadparm_context *)ldb_get_opaque(ldb, "loadparm");
+		lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+					 struct loadparm_context);
 	int ret;
 
 	ZERO_STRUCTP(io);
@@ -2185,6 +2187,7 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
 	struct ldb_message_element *userPasswordAttr, *clearTextPasswordAttr,
 		*ntAttr, *lmAttr;
 	int ret;
+	struct ldb_control *bypass = NULL;
 
 	ldb = ldb_module_get_ctx(module);
 
@@ -2200,6 +2203,15 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req)
 		return ldb_next_request(module, req);
 	}
 
+	bypass = ldb_request_get_control(req,
+					 DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID);
+	if (bypass != NULL) {
+		/* Mark the "bypass" control as uncritical (done) */
+		bypass->critical = false;
+		ldb_debug(ldb, LDB_DEBUG_TRACE, "password_hash_add (bypassing)\n");
+		return ldb_next_request(module, req);
+	}
+
 	/* nobody must touch password histories and 'supplementalCredentials' */
 	if (ldb_msg_find_element(req->op.add.message, "ntPwdHistory")) {
 		return LDB_ERR_UNWILLING_TO_PERFORM;
@@ -2361,6 +2373,7 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
 	struct ldb_message *msg;
 	struct ldb_request *down_req;
 	int ret;
+	struct ldb_control *bypass = NULL;
 
 	ldb = ldb_module_get_ctx(module);
 
@@ -2376,6 +2389,15 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
 		return ldb_next_request(module, req);
 	}
 
+	bypass = ldb_request_get_control(req,
+					 DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID);
+	if (bypass != NULL) {
+		/* Mark the "bypass" control as uncritical (done) */
+		bypass->critical = false;
+		ldb_debug(ldb, LDB_DEBUG_TRACE, "password_hash_modify (bypassing)\n");
+		return ldb_next_request(module, req);
+	}
+
 	/* nobody must touch password histories and 'supplementalCredentials' */
 	if (ldb_msg_find_element(req->op.mod.message, "ntPwdHistory")) {
 		return LDB_ERR_UNWILLING_TO_PERFORM;
@@ -2641,7 +2663,10 @@ static int password_hash_mod_search_self(struct ph_context *ac)
 
 static int password_hash_mod_do_mod(struct ph_context *ac)
 {
-	struct ldb_context *ldb;
+	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
+	struct loadparm_context *lp_ctx =
+		lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+					 struct loadparm_context);
 	struct ldb_request *mod_req;
 	struct ldb_message *msg;
 	const struct ldb_message *orig_msg, *searched_msg;
@@ -2649,8 +2674,6 @@ static int password_hash_mod_do_mod(struct ph_context *ac)
 	int ret;
 	NTSTATUS status;
 
-	ldb = ldb_module_get_ctx(ac->module);
-
 	/* use a new message structure so that we can modify it */
 	msg = ldb_msg_new(ac);
 	if (msg == NULL) {
@@ -2671,7 +2694,7 @@ static int password_hash_mod_do_mod(struct ph_context *ac)
 	
 	/* Get the old password from the database */
 	status = samdb_result_passwords(io.ac,
-					ldb_get_opaque(ldb, "loadparm"),
+					lp_ctx,
 					discard_const_p(struct ldb_message, searched_msg),
 					&io.o.lm_hash, &io.o.nt_hash);
 	if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h
index 88c6113..8b45cd0 100644
--- a/source4/dsdb/samdb/samdb.h
+++ b/source4/dsdb/samdb/samdb.h
@@ -87,6 +87,11 @@ struct dsdb_control_password_change_status {
 */
 #define DSDB_CONTROL_APPLY_LINKS "1.3.6.1.4.1.7165.4.3.11"
 
+/*
+ * this should only be used for importing users from Samba3
+ */
+#define DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID "1.3.6.1.4.1.7165.4.3.12"
+
 #define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1"
 struct dsdb_extended_replicated_object {
 	struct ldb_message *msg;
diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
index b8ef5d6..681aa96 100644
--- a/source4/setup/schema_samba4.ldif
+++ b/source4/setup/schema_samba4.ldif
@@ -184,6 +184,7 @@
 #Allocated: DSDB_CONTROL_PASSWORD_HASH_VALUES_OID 1.3.6.1.4.1.7165.4.3.9
 #Allocated: DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID 1.3.6.1.4.1.7165.4.3.10
 #Allocated: DSDB_CONTROL_APPLY_LINKS 1.3.6.1.4.1.7165.4.3.11
+#Allocated: DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID 1.3.6.1.4.1.7165.4.3.12
 #Allocated: LDB_CONTROL_BYPASSOPERATIONAL_OID 1.3.6.1.4.1.7165.4.3.13
 
 # Extended 1.3.6.1.4.1.7165.4.4.x


-- 
Samba Shared Repository
