The branch, master has been updated via bcb0212 s4:dsdb/password_hash: add DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID via 94899cd Revert "ldb: support raw OIDs in control string parsing" via c180feb s4:dbchecker: make use of local_oid controls for dsdb.DSDB_CONTROL_DBCHECK via ec910d9 ldb/ldb_controls: allow oid up to 255 chars via ff1ce65 s4:dsdb: fix the order of DSDB_CONTROL_* defines in samdb.h from 4493c57 uid_wrapper: Add uwrap_setresuid().
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit bcb02129c3eaa3e22b74f65a44c7059a298831a3 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Oct 5 14:59:59 2011 +0200 s4:dsdb/password_hash: add DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID Which allows the caller to pass a given 'pwdLastSet' value (every useful for migrations). metze Autobuild-User: Stefan Metzmacher <me...@samba.org> Autobuild-Date: Fri Oct 7 15:28:13 CEST 2011 on sn-devel-104 commit 94899cd83ce2270d7760e0f9bb472b80de89f80b Author: Stefan Metzmacher <me...@samba.org> Date: Fri Oct 7 09:58:29 2011 +0200 Revert "ldb: support raw OIDs in control string parsing" This reverts commit ea41860d32d38448e08cefd79d30ee1150317a9e. This is not needed, because we already have the 'local_oid' magic. metze commit c180feb16cd6933fc81e949b440707c4982a8295 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Oct 7 09:57:34 2011 +0200 s4:dbchecker: make use of local_oid controls for dsdb.DSDB_CONTROL_DBCHECK metze commit ec910d94d3f4515c1cb4528e5e07be2296734f9a Author: Stefan Metzmacher <me...@samba.org> Date: Fri Oct 7 09:56:17 2011 +0200 ldb/ldb_controls: allow oid up to 255 chars We have char oid[256], so allow sscanf() to consume 255 chars. metze commit ff1ce6521b0b38fa3d2e09d79a8145a52c63b926 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Oct 7 09:49:48 2011 +0200 s4:dsdb: fix the order of DSDB_CONTROL_* defines in samdb.h This makes clear that struct dsdb_control_password_change belongs to DSDB_CONTROL_PASSWORD_CHANGE_OID. metze ----------------------------------------------------------------------- Summary of changes: lib/ldb/common/ldb_controls.c | 20 +------------ lib/ldb/include/ldb_private.h | 1 - source4/dsdb/samdb/ldb_modules/password_hash.c | 38 ++++++++++++++++++++++++ source4/dsdb/samdb/samdb.h | 22 +++++++------ source4/scripting/python/samba/dbchecker.py | 2 +- source4/setup/schema_samba4.ldif | 1 + 6 files changed, 53 insertions(+), 31 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c index 42fabfc..5b5f357 100644 --- a/lib/ldb/common/ldb_controls.c +++ b/lib/ldb/common/ldb_controls.c @@ -949,7 +949,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO oid[0] = '\0'; p = &(control_strings[10]); - ret = sscanf(p, "%64[^:]:%d", oid, &crit); + ret = sscanf(p, "%255[^:]:%d", oid, &crit); if ((ret != 2) || strlen(oid) == 0 || (crit < 0) || (crit > 1)) { error_string = talloc_asprintf(mem_ctx, "invalid local_oid control syntax\n"); @@ -1018,27 +1018,9 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO return ctrl; } - - /* support a raw OID */ - if (isdigit(control_strings[0])) { - const char *p = strchr(control_strings, ':'); - if (p == NULL) { - goto failed; - } - if (strspn(control_strings, "0123456789.") != (p-control_strings)) { - goto failed; - } - ctrl->oid = talloc_strndup(ctrl, control_strings, p-control_strings); - ctrl->critical = (p[1]=='1'?1:0); - ctrl->data = NULL; - return ctrl; - } - /* * When no matching control has been found. */ -failed: - talloc_free(ctrl); return NULL; } diff --git a/lib/ldb/include/ldb_private.h b/lib/ldb/include/ldb_private.h index db2457d..cafc020 100644 --- a/lib/ldb/include/ldb_private.h +++ b/lib/ldb/include/ldb_private.h @@ -40,7 +40,6 @@ #include "replace.h" #include "system/filesys.h" #include "system/time.h" -#include "system/locale.h" #include "ldb.h" #include "ldb_module.h" diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 02e68cd..9fcdcf7 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -95,6 +95,7 @@ struct ph_context { bool change_status; bool hash_values; bool userPassword; + bool pwd_last_set_bypass; }; @@ -1663,6 +1664,33 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) static int setup_last_set_field(struct setup_password_fields_io *io) { + const struct ldb_message *msg = NULL; + + switch (io->ac->req->operation) { + case LDB_ADD: + msg = io->ac->req->op.add.message; + break; + case LDB_MODIFY: + msg = io->ac->req->op.mod.message; + break; + } + + if (io->ac->pwd_last_set_bypass) { + struct ldb_message_element *el; + + if (msg == NULL) { + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + el = ldb_msg_find_element(msg, "pwdLastSet"); + if (el == NULL) { + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + io->g.last_set = samdb_result_nttime(msg, "pwdLastSet", 0); + return LDB_SUCCESS; + } + /* set it as now */ unix_to_nt_time(&io->g.last_set, time(NULL)); @@ -2484,6 +2512,16 @@ static void ph_apply_controls(struct ph_context *ac) /* Mark the "change" control as uncritical (done) */ ctrl->critical = false; } + + ac->pwd_last_set_bypass = false; + ctrl = ldb_request_get_control(ac->req, + DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID); + if (ctrl != NULL) { + ac->pwd_last_set_bypass = true; + + /* Mark the "bypass pwdLastSet" control as uncritical (done) */ + ctrl->critical = false; + } } static int ph_op_callback(struct ldb_request *req, struct ldb_reply *ares) diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h index aedd3db..ae6042c 100644 --- a/source4/dsdb/samdb/samdb.h +++ b/source4/dsdb/samdb/samdb.h @@ -92,16 +92,6 @@ struct dsdb_control_password_change_status { #define DSDB_CONTROL_PASSWORD_HASH_VALUES_OID "1.3.6.1.4.1.7165.4.3.9" #define DSDB_CONTROL_PASSWORD_CHANGE_OID "1.3.6.1.4.1.7165.4.3.10" - -/* passed when we want to get the behaviour of the non-global catalog port */ -#define DSDB_CONTROL_NO_GLOBAL_CATALOG "1.3.6.1.4.1.7165.4.3.17" - -/* passed when we want special behaviour for partial replicas */ -#define DSDB_CONTROL_PARTIAL_REPLICA "1.3.6.1.4.1.7165.4.3.18" - -/* passed when we want special behaviour for dbcheck */ -#define DSDB_CONTROL_DBCHECK "1.3.6.1.4.1.7165.4.3.19" - struct dsdb_control_password_change { const struct samr_Password *old_nt_pwd_hash; const struct samr_Password *old_lm_pwd_hash; @@ -123,6 +113,18 @@ struct dsdb_control_password_change { */ #define DSDB_CONTROL_CHANGEREPLMETADATA_OID "1.3.6.1.4.1.7165.4.3.14" +/* passed when we want to get the behaviour of the non-global catalog port */ +#define DSDB_CONTROL_NO_GLOBAL_CATALOG "1.3.6.1.4.1.7165.4.3.17" + +/* passed when we want special behaviour for partial replicas */ +#define DSDB_CONTROL_PARTIAL_REPLICA "1.3.6.1.4.1.7165.4.3.18" + +/* passed when we want special behaviour for dbcheck */ +#define DSDB_CONTROL_DBCHECK "1.3.6.1.4.1.7165.4.3.19" + +/* passed when importing plain text password on upgrades */ +#define DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID "1.3.6.1.4.1.7165.4.3.20" + #define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1" struct dsdb_extended_replicated_object { struct ldb_message *msg; diff --git a/source4/scripting/python/samba/dbchecker.py b/source4/scripting/python/samba/dbchecker.py index f19891a..8120307 100644 --- a/source4/scripting/python/samba/dbchecker.py +++ b/source4/scripting/python/samba/dbchecker.py @@ -211,7 +211,7 @@ class dbcheck(object): m = ldb.Message() m.dn = dn m['old_value'] = ldb.MessageElement(val, ldb.FLAG_MOD_DELETE, attrname) - if self.do_modify(m, ["show_recycled:1", "%s:0" % dsdb.DSDB_CONTROL_DBCHECK], + if self.do_modify(m, ["show_recycled:1", "local_oid:%s:0" % dsdb.DSDB_CONTROL_DBCHECK], "Failed to remove deleted DN attribute %s" % attrname): self.report("Removed deleted DN on attribute %s" % attrname) diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index bfa6dd0..5f4a20a 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -194,6 +194,7 @@ #Allocated: DSDB_CONTROL_NO_GLOBAL_CATALOG 1.3.6.1.4.1.7165.4.3.17 #Allocated: DSDB_CONTROL_PARTIAL_REPLICA 1.3.6.1.4.1.7165.4.3.18 #Allocated: DSDB_CONTROL_DBCHECK 1.3.6.1.4.1.7165.4.3.19 +#Allocated: DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID 1.3.6.1.4.1.7165.4.3.20 # Extended 1.3.6.1.4.1.7165.4.4.x #Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1 -- Samba Shared Repository