[SCM] Samba Shared Repository - branch master updated

Tue Jul 6 10:49:56 MDT 2010

The branch, master has been updated
       via  a679319... s3:pdb_ldap: change LDAP password before samba password hashes
      from  44d8c8d... s3-winbind: Handle aliases in rpc_lookup_groupmem().

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit a679319192a50f8115c830ceabe33010d584e3c9
Author: BjÃ¶rn Jacke <bj at sernet.de>
Date:   Tue Jul 6 18:39:26 2010 +0200

    s3:pdb_ldap: change LDAP password before samba password hashes
    
    this way we can catch up with password change refuses from ldap password policy
    overlays and abort the password change early.
    
    Thanks to Andy Hanton <andyhanton at gmail.com> for the initial patch.

-----------------------------------------------------------------------

Summary of changes:
 source3/passdb/pdb_ldap.c |   67 +++++++++++++++++++++++----------------------
 1 files changed, 34 insertions(+), 33 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index f4c8dbe..2e48023 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1737,39 +1737,6 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	if (!mods) {
-		DEBUG(5,("ldapsam_modify_entry: mods is empty: nothing to modify\n"));
-		/* may be password change below however */
-	} else {
-		switch(ldap_op) {
-			case LDAP_MOD_ADD:
-				if (ldap_state->is_nds_ldap) {
-					smbldap_set_mod(&mods, LDAP_MOD_ADD, 
-							"objectclass", 
-							"inetOrgPerson");
-				} else {
-					smbldap_set_mod(&mods, LDAP_MOD_ADD, 
-							"objectclass", 
-							LDAP_OBJ_ACCOUNT);
-				}
-				rc = smbldap_add(ldap_state->smbldap_state, 
-						 dn, mods);
-				break;
-			case LDAP_MOD_REPLACE: 
-				rc = smbldap_modify(ldap_state->smbldap_state, 
-						    dn ,mods);
-				break;
-			default: 	
-				DEBUG(0,("ldapsam_modify_entry: Wrong LDAP operation type: %d!\n", 
-					 ldap_op));
-				return NT_STATUS_INVALID_PARAMETER;
-		}
-
-		if (rc!=LDAP_SUCCESS) {
-			return NT_STATUS_UNSUCCESSFUL;
-		}  
-	}
-
 	if (!(pdb_get_acct_ctrl(newpwd)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)) &&
 			(lp_ldap_passwd_sync() != LDAP_PASSWD_SYNC_OFF) &&
 			need_update(newpwd, PDB_PLAINTEXT_PW) &&
@@ -1895,6 +1862,40 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
 		}
 		ber_bvfree(bv);
 	}
+
+	if (!mods) {
+		DEBUG(5,("ldapsam_modify_entry: mods is empty: nothing to modify\n"));
+		/* may be password change below however */
+	} else {
+		switch(ldap_op) {
+			case LDAP_MOD_ADD:
+				if (ldap_state->is_nds_ldap) {
+					smbldap_set_mod(&mods, LDAP_MOD_ADD,
+							"objectclass",
+							"inetOrgPerson");
+				} else {
+					smbldap_set_mod(&mods, LDAP_MOD_ADD,
+							"objectclass",
+							LDAP_OBJ_ACCOUNT);
+				}
+				rc = smbldap_add(ldap_state->smbldap_state,
+						 dn, mods);
+				break;
+			case LDAP_MOD_REPLACE:
+				rc = smbldap_modify(ldap_state->smbldap_state,
+						    dn ,mods);
+				break;
+			default:
+				DEBUG(0,("ldapsam_modify_entry: Wrong LDAP operation type: %d!\n",
+					 ldap_op));
+				return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		if (rc!=LDAP_SUCCESS) {
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+	}
+
 	return NT_STATUS_OK;
 }
 


-- 
Samba Shared Repository
