Author: abartlet Date: 2006-10-16 01:09:10 +0000 (Mon, 16 Oct 2006) New Revision: 19307
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19307 Log: Fix samsync. The problem was that we were adding an empty sambaPassword attribute in the vampire code. We should never add empty attributes, they are illigal. (It however a valid way to delete an attribute on a modify request). Also add some code to the password_hash module that would have made this easier to track down. Andrew Bartlett Modified: branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/password_hash.c branches/SAMBA_4_0_RELEASE/source/libnet/libnet_samsync_ldb.c Changeset: Modified: branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/password_hash.c =================================================================== --- branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/password_hash.c 2006-10-16 01:03:43 UTC (rev 19306) +++ branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/password_hash.c 2006-10-16 01:09:10 UTC (rev 19307) @@ -102,7 +102,7 @@ sambaPassword = ldb_msg_find_attr_as_string(msg, "sambaPassword", NULL); if (sambaPassword == NULL) { /* impossible, what happened ?! */ - return LDB_ERR_OPERATIONS_ERROR; + return LDB_ERR_CONSTRAINT_VIOLATION; } if (is_mod) { @@ -634,6 +634,20 @@ return LDB_ERR_CONSTRAINT_VIOLATION; } + if (sambaAttr && sambaAttr->num_values == 0) { + ldb_set_errstring(module->ldb, "sambaPassword must have a value!\n"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + if (ntAttr && (ntAttr->num_values == 0)) { + ldb_set_errstring(module->ldb, "lmPwdHash must have a value!\n"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + if (lmAttr && (lmAttr->num_values == 0)) { + ldb_set_errstring(module->ldb, "lmPwdHash must have a value!\n"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + h = ph_init_handle(req, module, PH_ADD); if (!h) { return LDB_ERR_OPERATIONS_ERROR; Modified: branches/SAMBA_4_0_RELEASE/source/libnet/libnet_samsync_ldb.c =================================================================== --- branches/SAMBA_4_0_RELEASE/source/libnet/libnet_samsync_ldb.c 2006-10-16 01:03:43 UTC (rev 19306) +++ branches/SAMBA_4_0_RELEASE/source/libnet/libnet_samsync_ldb.c 2006-10-16 01:09:10 UTC (rev 19307) @@ -357,21 +357,23 @@ return NT_STATUS_NO_MEMORY; } - /* Passwords. Ensure there is no plaintext stored against - * this entry, as we only have hashes */ - samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg, - "sambaPassword"); + if (!add) { + /* Passwords. Ensure there is no plaintext stored against + * this entry, as we only have hashes */ + samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg, + "sambaPassword"); + } if (user->lm_password_present) { samdb_msg_add_hash(state->sam_ldb, mem_ctx, msg, "lmPwdHash", &user->lmpassword); - } else { + } else if (!add) { samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg, "lmPwdHash"); } if (user->nt_password_present) { samdb_msg_add_hash(state->sam_ldb, mem_ctx, msg, "ntPwdHash", &user->ntpassword); - } else { + } else if (!add) { samdb_msg_add_delete(state->sam_ldb, mem_ctx, msg, "ntPwdHash"); }
