s4:samdb_set_password - adapt it for the user password change handling

Make use of the new "change old password checked" control.

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index a63c4204cc6879f61467ba421a3b0421529b1799..5deb1d08b156c605f861d1f9bb42dec53c9a77f6 100644 (file)
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1994,6 +1994,18 @@ NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
                return NT_STATUS_NO_MEMORY;
         }
 
+       if (user_change) {
+               /* a user password change and we've checked already the old
+                * password somewhere else (callers responsability) */
+               ret = ldb_request_add_control(req,
+                                             DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID,
+                                             true, NULL);
+               if (ret != LDB_SUCCESS) {
+                       talloc_free(req);
+                       talloc_free(msg);
+                       return NT_STATUS_NO_MEMORY;
+               }
+       }
        ret = ldb_request_add_control(req,
                                      DSDB_CONTROL_PASSWORD_HASH_VALUES_OID,
                                      true, NULL);