s4:dsdb/password_hash: add DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID

Which allows the caller to pass a given 'pwdLastSet' value
(every useful for migrations).

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Oct  7 15:28:13 CEST 2011 on sn-devel-104

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 02e68cd9190254d7f5731b5e2ba6dd620403af4b..9fcdcf7ac8982e5c4d774cb6118ea81383f1917b 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -95,6 +95,7 @@ struct ph_context {
        bool change_status;
        bool hash_values;
        bool userPassword;
+       bool pwd_last_set_bypass;
 };
 
 
@@ -1663,6 +1664,33 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
 
 static int setup_last_set_field(struct setup_password_fields_io *io)
 {
+       const struct ldb_message *msg = NULL;
+
+       switch (io->ac->req->operation) {
+       case LDB_ADD:
+               msg = io->ac->req->op.add.message;
+               break;
+       case LDB_MODIFY:
+               msg = io->ac->req->op.mod.message;
+               break;
+       }
+
+       if (io->ac->pwd_last_set_bypass) {
+               struct ldb_message_element *el;
+
+               if (msg == NULL) {
+                       return LDB_ERR_CONSTRAINT_VIOLATION;
+               }
+
+               el = ldb_msg_find_element(msg, "pwdLastSet");
+               if (el == NULL) {
+                       return LDB_ERR_CONSTRAINT_VIOLATION;
+               }
+
+               io->g.last_set = samdb_result_nttime(msg, "pwdLastSet", 0);
+               return LDB_SUCCESS;
+       }
+
        /* set it as now */
        unix_to_nt_time(&io->g.last_set, time(NULL));
 
@@ -2484,6 +2512,16 @@ static void ph_apply_controls(struct ph_context *ac)
                /* Mark the "change" control as uncritical (done) */
                ctrl->critical = false;
        }
+
+       ac->pwd_last_set_bypass = false;
+       ctrl = ldb_request_get_control(ac->req,
+                               DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID);
+       if (ctrl != NULL) {
+               ac->pwd_last_set_bypass = true;
+
+               /* Mark the "bypass pwdLastSet" control as uncritical (done) */
+               ctrl->critical = false;
+       }
 }
 
 static int ph_op_callback(struct ldb_request *req, struct ldb_reply *ares)

diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h
index 2fb15b9a628cf9b2088cabecd57f923b2788d54e..ae6042c6bd6c731c1b1945f9320c47d2705ac6c4 100644 (file)
--- a/source4/dsdb/samdb/samdb.h
+++ b/source4/dsdb/samdb/samdb.h
@@ -113,7 +113,6 @@ struct dsdb_control_password_change {
 */
 #define DSDB_CONTROL_CHANGEREPLMETADATA_OID "1.3.6.1.4.1.7165.4.3.14"
 
-
 /* passed when we want to get the behaviour of the non-global catalog port */
 #define DSDB_CONTROL_NO_GLOBAL_CATALOG "1.3.6.1.4.1.7165.4.3.17"
 
@@ -123,6 +122,9 @@ struct dsdb_control_password_change {
 /* passed when we want special behaviour for dbcheck */
 #define DSDB_CONTROL_DBCHECK "1.3.6.1.4.1.7165.4.3.19"
 
+/* passed when importing plain text password on upgrades */
+#define DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID "1.3.6.1.4.1.7165.4.3.20"
+
 #define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1"
 struct dsdb_extended_replicated_object {
        struct ldb_message *msg;

diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
index bfa6dd094a6ce6b270c3f649355bde721b59eff8..5f4a20a2f087024536f50b727b7a79f73bba6a1d 100644 (file)
--- a/source4/setup/schema_samba4.ldif
+++ b/source4/setup/schema_samba4.ldif
@@ -194,6 +194,7 @@
 #Allocated: DSDB_CONTROL_NO_GLOBAL_CATALOG 1.3.6.1.4.1.7165.4.3.17
 #Allocated: DSDB_CONTROL_PARTIAL_REPLICA 1.3.6.1.4.1.7165.4.3.18
 #Allocated: DSDB_CONTROL_DBCHECK 1.3.6.1.4.1.7165.4.3.19
+#Allocated: DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID 1.3.6.1.4.1.7165.4.3.20
 
 # Extended 1.3.6.1.4.1.7165.4.4.x
 #Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1