* Once this is done (which could update anything at all), we
* calculate the password hashes.
*
- * This function must not only update the unicodePwd, dBCSPwd and
- * supplementalCredentials fields, it must also atomicly increment the
- * msDS-KeyVersionNumber. We should be in a transaction, so all this
- * should be quite safe...
- *
* Finally, if the administrator has requested that a password history
* be maintained, then this should also be written out.
*
struct samr_Password *lm_history;
const struct ldb_val *supplemental;
struct supplementalCredentialsBlob scb;
- uint32_t kvno;
} o;
/* generated credentials */
DATA_BLOB des_crc;
struct ldb_val supplemental;
NTTIME last_set;
- uint32_t kvno;
} g;
};
return LDB_SUCCESS;
}
-static int setup_kvno_field(struct setup_password_fields_io *io)
-{
- /* increment by one */
- io->g.kvno = io->o.kvno + 1;
-
- return LDB_SUCCESS;
-}
-
static int setup_password_fields(struct setup_password_fields_io *io)
{
struct ldb_context *ldb;
return ret;
}
- ret = setup_kvno_field(io);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
-
return LDB_SUCCESS;
}
ldb_msg_remove_attr(msg, "unicodePwd");
ldb_msg_remove_attr(msg, "dBCSPwd");
ldb_msg_remove_attr(msg, "pwdLastSet");
- io.o.kvno = samdb_result_uint(msg, "msDs-KeyVersionNumber", 1) - 1;
- ldb_msg_remove_attr(msg, "msDs-KeyVersionNumber");
ldb = ldb_module_get_ctx(ac->module);
if (ret != LDB_SUCCESS) {
return ret;
}
- ret = samdb_msg_add_uint(ldb, ac, msg,
- "msDs-KeyVersionNumber",
- io.g.kvno);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
ret = ldb_build_add_req(&down_req, ldb, ac,
msg,
struct ldb_context *ldb;
static const char * const attrs[] = { "userAccountControl", "lmPwdHistory",
"ntPwdHistory",
- "objectSid", "msDS-KeyVersionNumber",
+ "objectSid",
"objectClass", "userPrincipalName",
"sAMAccountName",
"dBCSPwd", "unicodePwd",
searched_msg = ac->search_res->message;
/* Fill in some final details (only relevent once the password has been set) */
- io.o.kvno = samdb_result_uint(searched_msg, "msDs-KeyVersionNumber", 0);
io.o.nt_history_len = samdb_result_hashes(io.ac, searched_msg, "ntPwdHistory", &io.o.nt_history);
io.o.lm_history_len = samdb_result_hashes(io.ac, searched_msg, "lmPwdHistory", &io.o.lm_history);
io.o.supplemental = ldb_msg_find_ldb_val(searched_msg, "supplementalCredentials");
ret = ldb_msg_add_empty(msg, "lmPwdHistory", LDB_FLAG_MOD_REPLACE, NULL);
ret = ldb_msg_add_empty(msg, "supplementalCredentials", LDB_FLAG_MOD_REPLACE, NULL);
ret = ldb_msg_add_empty(msg, "pwdLastSet", LDB_FLAG_MOD_REPLACE, NULL);
- ret = ldb_msg_add_empty(msg, "msDs-KeyVersionNumber", LDB_FLAG_MOD_REPLACE, NULL);
if (io.g.nt_hash) {
ret = samdb_msg_add_hash(ldb, ac, msg,
if (ret != LDB_SUCCESS) {
return ret;
}
- ret = samdb_msg_add_uint(ldb, ac, msg,
- "msDs-KeyVersionNumber",
- io.g.kvno);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
ret = ldb_build_mod_req(&mod_req, ldb, ac,
msg,