s4:dsdb/samldb: add DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID when defaulting pwdLas...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 667bd866a6f40a519843984f396fd73da6c47ba8..b27c73bb9be137d9459d156e41c993d4cc5c9fae 100644 (file)
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -772,13 +772,21 @@ struct ldb_message_element *samdb_find_attribute(struct ldb_context *ldb,
        return NULL;
 }
 
-int samdb_find_or_add_attribute(struct ldb_context *ldb, struct ldb_message *msg, const char *name, const char *set_value)
+static int samdb_find_or_add_attribute_ex(struct ldb_context *ldb,
+                                         struct ldb_message *msg,
+                                         const char *name,
+                                         const char *set_value,
+                                         bool *added)
 {
        int ret;
        struct ldb_message_element *el;
 
                el = ldb_msg_find_element(msg, name);
        if (el) {
+               if (added != NULL) {
+                       *added = false;
+               }
+
                return LDB_SUCCESS;
        }
 
@@ -787,9 +795,17 @@ int samdb_find_or_add_attribute(struct ldb_context *ldb, struct ldb_message *msg
                return ret;
        }
        msg->elements[msg->num_elements - 1].flags = LDB_FLAG_MOD_ADD;
+       if (added != NULL) {
+               *added = true;
+       }
        return LDB_SUCCESS;
 }
 
+int samdb_find_or_add_attribute(struct ldb_context *ldb, struct ldb_message *msg, const char *name, const char *set_value)
+{
+       return samdb_find_or_add_attribute_ex(ldb, msg, name, set_value, NULL);
+}
+
 /*
   add a dom_sid element to a message
 */
@@ -5225,12 +5241,15 @@ NTSTATUS dsdb_update_bad_pwd_count(TALLOC_CTX *mem_ctx,
  *     codePage, countryCode, lastLogoff, lastLogon
  *     logonCount, pwdLastSet
  */
-int dsdb_user_obj_set_defaults(struct ldb_context *ldb, struct ldb_message *usr_obj)
+int dsdb_user_obj_set_defaults(struct ldb_context *ldb,
+                              struct ldb_message *usr_obj,
+                              struct ldb_request *req)
 {
        int i, ret;
        const struct attribute_values {
                const char *name;
                const char *value;
+               const char *add_control;
        } map[] = {
                {
                        .name = "accountExpires",
@@ -5266,16 +5285,30 @@ int dsdb_user_obj_set_defaults(struct ldb_context *ldb, struct ldb_message *usr_
                },
                {
                        .name = "pwdLastSet",
-                       .value = "0"
+                       .value = "0",
+                       .add_control = DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID,
                }
        };
 
        for (i = 0; i < ARRAY_SIZE(map); i++) {
-               ret = samdb_find_or_add_attribute(ldb, usr_obj,
-                                                 map[i].name, map[i].value);
+               bool added = false;
+
+               ret = samdb_find_or_add_attribute_ex(ldb, usr_obj,
+                                                    map[i].name,
+                                                    map[i].value,
+                                                    &added);
                if (ret != LDB_SUCCESS) {
                        return ret;
                }
+
+               if (req != NULL && added && map[i].add_control != NULL) {
+                       ret = ldb_request_add_control(req,
+                                                     map[i].add_control,
+                                                     false, NULL);
+                       if (ret != LDB_SUCCESS) {
+                               return ret;
+                       }
+               }
        }
 
        return LDB_SUCCESS;

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index ea88e4b4fe8b0b56c9911b6e37c920d2b2c28972..19229eb800c31945f0226e1670225f6aee6368f3 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -1126,7 +1126,7 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac)
                bool uac_generated = false, uac_add_flags = false;
 
                /* Step 1.2: Default values */
-               ret = dsdb_user_obj_set_defaults(ldb, ac->msg);
+               ret = dsdb_user_obj_set_defaults(ldb, ac->msg, ac->req);
                if (ret != LDB_SUCCESS) return ret;
 
                /* On add operations we might need to generate a

diff --git a/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c b/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c
index 0c6c500c7e96794e6297b6e89a71dfac9a6def81..fad856f9bbdbca1baad5bab74c468cf37d60ca47 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c
+++ b/source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c
@@ -239,7 +239,7 @@ static int tr_restore_attributes(struct ldb_context *ldb, struct ldb_message *cu
                /* restoring 'user' instance attribute is heavily borrowed from samldb.c */
 
                /* Default values */
-               ret = dsdb_user_obj_set_defaults(ldb, new_msg);
+               ret = dsdb_user_obj_set_defaults(ldb, new_msg, NULL);
                if (ret != LDB_SUCCESS) return ret;
 
                /* Following are set only while reanimating objects */