Hi,
in IPAv3 we introduce a new attribute 'ipaNTHash' to store the NT hash.
Currently the plugin handling the change password extended operation
only sets and updates 'sambaNTPassword'. This patch add support for the
new attribute without removing the support for the old one.
bye,
Sumit
From 68d66eba4e31a314242322471dbfe698f4493737 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Thu, 24 Nov 2011 18:38:38 +0100
Subject: [PATCH] Make pwd-extop aware of new ipaNTHash attribute
---
.../ipa-pwd-extop/ipa_pwd_extop.c |4 +-
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h |7 ++-
.../ipa-pwd-extop/ipapwd_common.c | 38 +---
.../ipa-pwd-extop/ipapwd_encoding.c| 22 -
.../ipa-pwd-extop/ipapwd_prepost.c | 47 +--
5 files changed, 89 insertions(+), 29 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index
65c5834595f89aee8502347311f247be058c3416..82acc49dd0a48bea9b560b882966e996ae5c4775
100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -156,7 +156,7 @@ static int ipapwd_chpwop(Slapi_PBlock *pb, struct
ipapwd_krbcfg *krbcfg)
Slapi_Value *objectclass=NULL;
char *attrlist[] = {"*", "passwordHistory", NULL };
struct ipapwd_data pwdata;
- int is_krb, is_smb;
+ int is_krb, is_smb, is_ipant;
char *principal = NULL;
/* Get the ber value of the extended operation */
@@ -365,7 +365,7 @@ parse_req_done:
}
rc = ipapwd_entry_checks(pb, targetEntry,
- &is_root, &is_krb, &is_smb,
+ &is_root, &is_krb, &is_smb, &is_ipant,
SLAPI_USERPWD_ATTR, SLAPI_ACL_WRITE);
if (rc) {
goto free_and_return;
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
index
787ed500a080674d4a8e1002468006b020eb1578..0edd2dcad580b25d108a762bd78271b3d8244bc5
100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
@@ -113,7 +113,7 @@ struct ipapwd_krbcfg {
};
int ipapwd_entry_checks(Slapi_PBlock *pb, struct slapi_entry *e,
-int *is_root, int *is_krb, int *is_smb,
+int *is_root, int *is_krb, int *is_smb, int *is_ipant,
char *attr, int access);
int ipapwd_gen_checks(Slapi_PBlock *pb, char **errMesg,
struct ipapwd_krbcfg **config, int check_flags);
@@ -144,8 +144,9 @@ void ipapwd_keyset_free(struct ipapwd_keyset **pkset);
int ipapwd_gen_hashes(struct ipapwd_krbcfg *krbcfg,
struct ipapwd_data *data, char *userpw,
- int is_krb, int is_smb, Slapi_Value ***svals,
- char **nthash, char **lmhash, char **errMesg);
+ int is_krb, int is_smb, int is_ipant,
+ Slapi_Value ***svals, char **nthash, char **lmhash,
+ Slapi_Value ***ntvals, char **errMesg);
/* from ipapwd_prepost.c */
int ipapwd_ext_init(void);
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
index
9e203be2763b13328e2d392c76e8545ba7ab549a..c36189987f785de8e8e97737554b854539b83ea2
100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
@@ -498,7 +498,7 @@ done:
/*==Common-public-functions=*/
int ipapwd_entry_checks(Slapi_PBlock *pb, struct slapi_entry *e,
-int *is_root, int *is_krb, int *is_smb,
+int *is_root, int *is_krb, int *is_smb, int *is_ipant,
char *attr, int acc)
{
Slapi_Value *sval;
@@ -535,6 +535,15 @@ int ipapwd_entry_checks(Slapi_PBlock *pb, struct
slapi_entry *e,
*is_smb = slapi_entry_attr_has_syntax_value(e, SLAPI_ATTR_OBJECTCLASS,
sval);
slapi_value_free(&sval);
+sval = slapi_value_new_string("ipaNTUserAttrs");
+if (!sval) {
+rc = LDAP_OPERATIONS_ERROR;
+goto done;
+}
+*is_ipant = slapi_entry_attr_has_syntax_value(e, SLAPI_ATTR_OBJECTCLASS,
+ sval);
+slapi_value_free(&sval);
+
rc = LDAP_SUCCESS;
done:
@@ -765,14 +774,17 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
int ret = 0;
Slapi_Mods *smods = NULL;
Slapi_Value **svals = NULL;
+Slapi_Value **ntvals = NULL;
Slapi_Value **pwvals = NULL;
struct tm utctime;
char timestr[GENERALIZED_TIME_LENGTH+1];
char *lm = NULL;
char *nt = NULL;
int is_smb = 0;
+int is_ipant = 0;
int is