From 6171d0a01b0b71ebee5bbc82f5a9da2b0abdc34c Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed, 22 Aug 2012 14:19:54 +0300
Subject: Fix ipasam ipaNThash magic regen to actually fetch updated password

With this change ipasam is able to ask for ipaNTHash generation and if
corresponding Kerberos key is available, will be able to retrieve generated ipaNTHash.

Part 1 of https://fedorahosted.org/freeipa/ticket/3016
---
 daemons/ipa-sam/ipa_sam.c | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

(limited to 'daemons')

diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c
index 059109374..8a4a08bc7 100644
--- a/daemons/ipa-sam/ipa_sam.c
+++ b/daemons/ipa-sam/ipa_sam.c
@@ -2417,7 +2417,7 @@ static bool ipasam_nthash_retrieve(struct ldapsam_privates *ldap_state,
 				  };
 
 	ret = smbldap_search(smbldap_state, entry_dn,
-			     LDAP_SCOPE_BASE, "", attr_list, 0,
+			     LDAP_SCOPE_BASE, "(objectclass=*)", attr_list, 0,
 			     &result);
 	if (ret != LDAP_SUCCESS) {
 		DEBUG(1, ("Failed to get NT hash: %s\n",
@@ -2453,15 +2453,13 @@ static bool ipasam_nthash_regen(struct ldapsam_privates *ldap_state,
 				TALLOC_CTX *mem_ctx,
 				char * entry_dn)
 {
-	LDAPMod **mods;
+	LDAPMod **mods = NULL;
 	int ret;
 
-	mods = NULL;
-	smbldap_make_mod(ldap_state->smbldap_state->ldap_struct,
-			 NULL, &mods, LDAP_ATTRIBUTE_NTHASH, "MagicRegen");
-
+	smbldap_set_mod(&mods, LDAP_MOD_ADD, LDAP_ATTRIBUTE_NTHASH, "MagicRegen");
 	talloc_autofree_ldapmod(mem_ctx, mods);
-	ret = smbldap_add(ldap_state->smbldap_state, entry_dn, mods);
+
+	ret = smbldap_modify(ldap_state->smbldap_state, entry_dn, mods);
 	if (ret != LDAP_SUCCESS) {
 		DEBUG(5, ("ipasam: attempt to regen ipaNTHash failed\n"));
 	}
@@ -2585,13 +2583,11 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
 		 * */
 		temp = smbldap_talloc_dn(tmp_ctx, ldap_state->smbldap_state->ldap_struct, entry);
 		if (temp) {
-			retval = ipasam_nthash_regen(tmp_ctx,
-						     ldap_state->smbldap_state->ldap_struct,
-						     temp);
+			retval = ipasam_nthash_regen(ldap_state,
+						     tmp_ctx, temp);
 			if (retval) {
-				retval = ipasam_nthash_retrieve(tmp_ctx,
-							ldap_state->smbldap_state->ldap_struct,
-							temp, &nthash);
+				retval = ipasam_nthash_retrieve(ldap_state,
+								tmp_ctx, temp, &nthash);
 			}
 		}
 	}
-- 
cgit