diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2012-08-22 14:19:54 +0300 |
|---|---|---|
| committer | Alexander Bokovoy <abokovoy@redhat.com> | 2012-08-22 17:21:11 +0300 |
| commit | 6171d0a01b0b71ebee5bbc82f5a9da2b0abdc34c (patch) | |
| tree | 6a0043687fa1a8fccb93334ed02c54dffafa0fdc /daemons/ipa-sam | |
| parent | 14c48ba6fbb27a9d116da20f59be1cf5887b9b9e (diff) | |
| download | freeipa-6171d0a01b0b71ebee5bbc82f5a9da2b0abdc34c.tar.gz freeipa-6171d0a01b0b71ebee5bbc82f5a9da2b0abdc34c.tar.xz freeipa-6171d0a01b0b71ebee5bbc82f5a9da2b0abdc34c.zip | |
Fix ipasam ipaNThash magic regen to actually fetch updated password
With this change ipasam is able to ask for ipaNTHash generation and if
corresponding Kerberos key is available, will be able to retrieve generated ipaNTHash.
Part 1 of https://fedorahosted.org/freeipa/ticket/3016
Diffstat (limited to 'daemons/ipa-sam')
| -rw-r--r-- | daemons/ipa-sam/ipa_sam.c | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c index 059109374..8a4a08bc7 100644 --- a/daemons/ipa-sam/ipa_sam.c +++ b/daemons/ipa-sam/ipa_sam.c @@ -2417,7 +2417,7 @@ static bool ipasam_nthash_retrieve(struct ldapsam_privates *ldap_state, }; ret = smbldap_search(smbldap_state, entry_dn, - LDAP_SCOPE_BASE, "", attr_list, 0, + LDAP_SCOPE_BASE, "(objectclass=*)", attr_list, 0, &result); if (ret != LDAP_SUCCESS) { DEBUG(1, ("Failed to get NT hash: %s\n", @@ -2453,15 +2453,13 @@ static bool ipasam_nthash_regen(struct ldapsam_privates *ldap_state, TALLOC_CTX *mem_ctx, char * entry_dn) { - LDAPMod **mods; + LDAPMod **mods = NULL; int ret; - mods = NULL; - smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, - NULL, &mods, LDAP_ATTRIBUTE_NTHASH, "MagicRegen"); - + smbldap_set_mod(&mods, LDAP_MOD_ADD, LDAP_ATTRIBUTE_NTHASH, "MagicRegen"); talloc_autofree_ldapmod(mem_ctx, mods); - ret = smbldap_add(ldap_state->smbldap_state, entry_dn, mods); + + ret = smbldap_modify(ldap_state->smbldap_state, entry_dn, mods); if (ret != LDAP_SUCCESS) { DEBUG(5, ("ipasam: attempt to regen ipaNTHash failed\n")); } @@ -2585,13 +2583,11 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state, * */ temp = smbldap_talloc_dn(tmp_ctx, ldap_state->smbldap_state->ldap_struct, entry); if (temp) { - retval = ipasam_nthash_regen(tmp_ctx, - ldap_state->smbldap_state->ldap_struct, - temp); + retval = ipasam_nthash_regen(ldap_state, + tmp_ctx, temp); if (retval) { - retval = ipasam_nthash_retrieve(tmp_ctx, - ldap_state->smbldap_state->ldap_struct, - temp, &nthash); + retval = ipasam_nthash_retrieve(ldap_state, + tmp_ctx, temp, &nthash); } } } |