Re: [Freeipa-devel] [PATCH] Make pwd-extop aware of new ipaNTHash attribute

[Simo Sorce]

On Mon, 2011-12-05 at 11:40 +0200, Alexander Bokovoy wrote:
 On Mon, 28 Nov 2011, Sumit Bose wrote:
  Hi,
  
  in IPAv3 we introduce a new attribute 'ipaNTHash' to store the NT hash.
  Currently the plugin handling the change password extended operation
  only sets and updates 'sambaNTPassword'. This patch add support for the
  new attribute without removing the support for the old one.
 ACK
  
 One possible enhancement I would make is to get attribute names as 
 constant defines and re-use them across the code.

Pushed to master.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] Make pwd-extop aware of new ipaNTHash attribute

[Alexander Bokovoy]

On Mon, 28 Nov 2011, Sumit Bose wrote:
 Hi,
 
 in IPAv3 we introduce a new attribute 'ipaNTHash' to store the NT hash.
 Currently the plugin handling the change password extended operation
 only sets and updates 'sambaNTPassword'. This patch add support for the
 new attribute without removing the support for the old one.
ACK
 
One possible enhancement I would make is to get attribute names as 
constant defines and re-use them across the code.
-- 
/ Alexander Bokovoy

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] Make pwd-extop aware of new ipaNTHash attribute

[Sumit Bose]

Hi,

in IPAv3 we introduce a new attribute 'ipaNTHash' to store the NT hash.
Currently the plugin handling the change password extended operation
only sets and updates 'sambaNTPassword'. This patch add support for the
new attribute without removing the support for the old one.

bye,
Sumit
From 68d66eba4e31a314242322471dbfe698f4493737 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 24 Nov 2011 18:38:38 +0100
Subject: [PATCH] Make pwd-extop aware of new ipaNTHash attribute

---
 .../ipa-pwd-extop/ipa_pwd_extop.c  |4 +-
 daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h   |7 ++-
 .../ipa-pwd-extop/ipapwd_common.c  |   38 +---
 .../ipa-pwd-extop/ipapwd_encoding.c|   22 -
 .../ipa-pwd-extop/ipapwd_prepost.c |   47 +--
 5 files changed, 89 insertions(+), 29 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c 
b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index 
65c5834595f89aee8502347311f247be058c3416..82acc49dd0a48bea9b560b882966e996ae5c4775
 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -156,7 +156,7 @@ static int ipapwd_chpwop(Slapi_PBlock *pb, struct 
ipapwd_krbcfg *krbcfg)
Slapi_Value *objectclass=NULL;
char *attrlist[] = {*, passwordHistory, NULL };
struct ipapwd_data pwdata;
-   int is_krb, is_smb;
+   int is_krb, is_smb, is_ipant;
 char *principal = NULL;
 
/* Get the ber value of the extended operation */
@@ -365,7 +365,7 @@ parse_req_done:
 }
 
 rc = ipapwd_entry_checks(pb, targetEntry,
-   is_root, is_krb, is_smb,
+   is_root, is_krb, is_smb, is_ipant,
SLAPI_USERPWD_ATTR, SLAPI_ACL_WRITE);
 if (rc) {
goto free_and_return;
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h 
b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
index 
787ed500a080674d4a8e1002468006b020eb1578..0edd2dcad580b25d108a762bd78271b3d8244bc5
 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
@@ -113,7 +113,7 @@ struct ipapwd_krbcfg {
 };
 
 int ipapwd_entry_checks(Slapi_PBlock *pb, struct slapi_entry *e,
-int *is_root, int *is_krb, int *is_smb,
+int *is_root, int *is_krb, int *is_smb, int *is_ipant,
 char *attr, int access);
 int ipapwd_gen_checks(Slapi_PBlock *pb, char **errMesg,
   struct ipapwd_krbcfg **config, int check_flags);
@@ -144,8 +144,9 @@ void ipapwd_keyset_free(struct ipapwd_keyset **pkset);
 
 int ipapwd_gen_hashes(struct ipapwd_krbcfg *krbcfg,
   struct ipapwd_data *data, char *userpw,
-  int is_krb, int is_smb, Slapi_Value ***svals,
-  char **nthash, char **lmhash, char **errMesg);
+  int is_krb, int is_smb, int is_ipant,
+  Slapi_Value ***svals, char **nthash, char **lmhash,
+  Slapi_Value ***ntvals, char **errMesg);
 
 /* from ipapwd_prepost.c */
 int ipapwd_ext_init(void);
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c 
b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
index 
9e203be2763b13328e2d392c76e8545ba7ab549a..c36189987f785de8e8e97737554b854539b83ea2
 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
@@ -498,7 +498,7 @@ done:
 /*==Common-public-functions=*/
 
 int ipapwd_entry_checks(Slapi_PBlock *pb, struct slapi_entry *e,
-int *is_root, int *is_krb, int *is_smb,
+int *is_root, int *is_krb, int *is_smb, int *is_ipant,
 char *attr, int acc)
 {
 Slapi_Value *sval;
@@ -535,6 +535,15 @@ int ipapwd_entry_checks(Slapi_PBlock *pb, struct 
slapi_entry *e,
 *is_smb = slapi_entry_attr_has_syntax_value(e, SLAPI_ATTR_OBJECTCLASS, 
sval);
 slapi_value_free(sval);
 
+sval = slapi_value_new_string(ipaNTUserAttrs);
+if (!sval) {
+rc = LDAP_OPERATIONS_ERROR;
+goto done;
+}
+*is_ipant = slapi_entry_attr_has_syntax_value(e, SLAPI_ATTR_OBJECTCLASS,
+  sval);
+slapi_value_free(sval);
+
 rc = LDAP_SUCCESS;
 
 done:
@@ -765,14 +774,17 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
 int ret = 0;
 Slapi_Mods *smods = NULL;
 Slapi_Value **svals = NULL;
+Slapi_Value **ntvals = NULL;
 Slapi_Value **pwvals = NULL;
 struct tm utctime;
 char timestr[GENERALIZED_TIME_LENGTH+1];
 char *lm = NULL;
 char *nt = NULL;
 int is_smb = 0;
+int is_ipant = 0;
 int