struct loadparm_context);
int ret;
+ ret = setup_last_set_field(io);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ if (!io->ac->update_password) {
+ return LDB_SUCCESS;
+ }
+
/* transform the old password (for password changes) */
ret = setup_given_passwords(io, &io->og);
if (ret != LDB_SUCCESS) {
return ret;
}
- ret = setup_last_set_field(io);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
-
return LDB_SUCCESS;
}
ldb = ldb_module_get_ctx(io->ac->module);
+ if (!io->ac->update_password) {
+ return LDB_SUCCESS;
+ }
+
/* First check the old password is correct, for password changes */
if (!io->ac->pwd_reset) {
bool nt_hash_checked = false;
/* refuse the change if someone tries to set/change the password by
* the lanman hash alone and we've deactivated that mechanism. This
* would end in an account without any password! */
- if ((!io->n.cleartext_utf8) && (!io->n.cleartext_utf16)
+ if (io->ac->update_password
+ && (!io->n.cleartext_utf8) && (!io->n.cleartext_utf16)
&& (!io->n.nt_hash) && (!io->n.lm_hash)) {
ldb_asprintf_errstring(ldb,
"setup_io: "
struct ldb_control *bypass = NULL;
bool userPassword = dsdb_user_password_support(module, req, req);
bool update_password = false;
+ bool processing_needed = false;
*_ac = NULL;
if (attr_cnt > 0) {
update_password = true;
+ processing_needed = true;
+ }
+
+ if (ldb_msg_find_element(msg, "pwdLastSet")) {
+ processing_needed = true;
}
- if (!update_password) {
+ if (!processing_needed) {
return ldb_next_request(module, req);
}
return LDB_ERR_UNWILLING_TO_PERFORM;
}
+ ldb_msg_remove_attr(msg, "pwdLastSet");
+
/* if there was nothing else to be modified skip to next step */
if (msg->num_elements == 0) {
return password_hash_mod_search_self(ac);