diff options
| author | Sumit Bose <sbose@redhat.com> | 2011-11-24 18:38:38 +0100 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2011-12-06 08:29:53 -0500 |
| commit | 27f02881c1d27a081370cf327e30a81b38184916 (patch) | |
| tree | a0c837a32ed2967d77043ade5da17cf77e97edb2 /daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c | |
| parent | 3de257fe54117550cc4fe82dc0614f2d07bc98de (diff) | |
| download | freeipa.git-27f02881c1d27a081370cf327e30a81b38184916.tar.gz freeipa.git-27f02881c1d27a081370cf327e30a81b38184916.tar.xz freeipa.git-27f02881c1d27a081370cf327e30a81b38184916.zip | |
Make pwd-extop aware of new ipaNTHash attribute
Diffstat (limited to 'daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c')
| -rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c | 38 |
1 files changed, 32 insertions, 6 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c index 9e203be2..c3618998 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c @@ -498,7 +498,7 @@ done: /*==Common-public-functions=============================================*/ int ipapwd_entry_checks(Slapi_PBlock *pb, struct slapi_entry *e, - int *is_root, int *is_krb, int *is_smb, + int *is_root, int *is_krb, int *is_smb, int *is_ipant, char *attr, int acc) { Slapi_Value *sval; @@ -535,6 +535,15 @@ int ipapwd_entry_checks(Slapi_PBlock *pb, struct slapi_entry *e, *is_smb = slapi_entry_attr_has_syntax_value(e, SLAPI_ATTR_OBJECTCLASS, sval); slapi_value_free(&sval); + sval = slapi_value_new_string("ipaNTUserAttrs"); + if (!sval) { + rc = LDAP_OPERATIONS_ERROR; + goto done; + } + *is_ipant = slapi_entry_attr_has_syntax_value(e, SLAPI_ATTR_OBJECTCLASS, + sval); + slapi_value_free(&sval); + rc = LDAP_SUCCESS; done: @@ -765,14 +774,17 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg, int ret = 0; Slapi_Mods *smods = NULL; Slapi_Value **svals = NULL; + Slapi_Value **ntvals = NULL; Slapi_Value **pwvals = NULL; struct tm utctime; char timestr[GENERALIZED_TIME_LENGTH+1]; char *lm = NULL; char *nt = NULL; int is_smb = 0; + int is_ipant = 0; int is_host = 0; Slapi_Value *sambaSamAccount; + Slapi_Value *ipaNTUserAttrs; Slapi_Value *ipaHost; char *errMesg = NULL; char *modtime = NULL; @@ -782,10 +794,17 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg, sambaSamAccount = slapi_value_new_string("sambaSamAccount"); if (slapi_entry_attr_has_syntax_value(data->target, "objectClass", sambaSamAccount)) { - is_smb = 1;; + is_smb = 1; } slapi_value_free(&sambaSamAccount); + ipaNTUserAttrs = slapi_value_new_string("ipaNTUserAttrs"); + if (slapi_entry_attr_has_syntax_value(data->target, + "objectClass", ipaNTUserAttrs)) { + is_ipant = 1; + } + slapi_value_free(&ipaNTUserAttrs); + ipaHost = slapi_value_new_string("ipaHost"); if (slapi_entry_attr_has_syntax_value(data->target, "objectClass", ipaHost)) { @@ -795,8 +814,8 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg, ret = ipapwd_gen_hashes(krbcfg, data, data->password, - is_krb, is_smb, - &svals, &nt, &lm, &errMesg); + is_krb, is_smb, is_ipant, + &svals, &nt, &lm, &ntvals, &errMesg); if (ret) { goto free_and_return; } @@ -835,15 +854,21 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg, } } - if (lm) { + if (lm && is_smb) { slapi_mods_add_string(smods, LDAP_MOD_REPLACE, "sambaLMPassword", lm); } - if (nt) { + if (nt && is_smb) { slapi_mods_add_string(smods, LDAP_MOD_REPLACE, "sambaNTPassword", nt); } + + if (ntvals && is_ipant) { + slapi_mods_add_mod_values(smods, LDAP_MOD_REPLACE, + "ipaNTHash", ntvals); + } + if (is_smb) { /* with samba integration we need to also set sambaPwdLastSet or * samba will decide the user has to change the password again */ @@ -899,6 +924,7 @@ free_and_return: if (modtime) slapi_ch_free((void **)&modtime); slapi_mods_free(&smods); ipapwd_free_slapi_value_array(&svals); + ipapwd_free_slapi_value_array(&ntvals); ipapwd_free_slapi_value_array(&pwvals); return ret; |