static NTSTATUS samdb_set_password_internal(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
struct ldb_dn *user_dn, struct ldb_dn *domain_dn,
const DATA_BLOB *new_password,
- const struct samr_Password *lmNewHash,
const struct samr_Password *ntNewHash,
enum dsdb_password_checked old_password_checked,
enum samPwdChangeReason *reject_reason,
}
msg->dn = user_dn;
if ((new_password != NULL)
- && ((lmNewHash == NULL) && (ntNewHash == NULL))) {
+ && ((ntNewHash == NULL))) {
/* we have the password as plaintext UTF16 */
CHECK_RET(ldb_msg_add_value(msg, "clearTextPassword",
new_password, NULL));
el = ldb_msg_find_element(msg, "clearTextPassword");
el->flags = LDB_FLAG_MOD_REPLACE;
} else if ((new_password == NULL)
- && ((lmNewHash != NULL) || (ntNewHash != NULL))) {
- /* we have a password as LM and/or NT hash */
- if (lmNewHash != NULL) {
- CHECK_RET(samdb_msg_add_hash(ldb, mem_ctx, msg,
- "dBCSPwd", lmNewHash));
- el = ldb_msg_find_element(msg, "dBCSPwd");
- el->flags = LDB_FLAG_MOD_REPLACE;
- }
+ && ((ntNewHash != NULL))) {
+ /* we have a password as NT hash */
if (ntNewHash != NULL) {
CHECK_RET(samdb_msg_add_hash(ldb, mem_ctx, msg,
"unicodePwd", ntNewHash));
NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
struct ldb_dn *user_dn, struct ldb_dn *domain_dn,
const DATA_BLOB *new_password,
- const struct samr_Password *lmNewHash,
const struct samr_Password *ntNewHash,
enum dsdb_password_checked old_password_checked,
enum samPwdChangeReason *reject_reason,
return samdb_set_password_internal(ldb, mem_ctx,
user_dn, domain_dn,
new_password,
- lmNewHash, ntNewHash,
+ ntNewHash,
old_password_checked,
reject_reason, _dominfo,
false); /* reject trusts */
const struct dom_sid *user_sid,
const uint32_t *new_version, /* optional for trusts */
const DATA_BLOB *new_password,
- const struct samr_Password *lmNewHash,
const struct samr_Password *ntNewHash,
enum dsdb_password_checked old_password_checked,
enum samPwdChangeReason *reject_reason,
nt_status = samdb_set_password_internal(ldb, mem_ctx,
user_msg->dn, NULL,
new_password,
- lmNewHash, ntNewHash,
+ ntNewHash,
old_password_checked,
reject_reason, _dominfo,
true); /* permit trusts */