Fix setting passwords in pdb_ads

The samba4 password_hash module does not allow changing the password fields via
the "delete oldval" -> "add newval" set of modify operations, it requires a
single "replace with newval" operation.

Andrew, Samba3 by default uses that delete/add pair to detect if between
fetching the old value and storing the new one the old value has changed. This
is lost by using the "replace" operation.

Would it make sense to add this to the password_hash module?

Volker

diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index 0811082e848ff9d25573dafeb91a6adef6b92e1b..4bd0b89d6da3bbc45f73ee1954fffd3baa44689f 100644 (file)
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -258,6 +258,7 @@ static bool pdb_ads_init_ads_from_sam(struct pdb_ads_state *state,
                                      struct samu *sam)
 {
        bool ret = true;
+       DATA_BLOB blob;
 
        /* TODO: All fields :-) */
 
@@ -265,13 +266,13 @@ static bool pdb_ads_init_ads_from_sam(struct pdb_ads_state *state,
                existing, mem_ctx, pnum_mods, pmods, "displayName",
                "%s", pdb_get_fullname(sam));
 
-       ret &= tldap_make_mod_blob(
-               existing, mem_ctx, pnum_mods, pmods, "unicodePwd",
-               data_blob_const(pdb_get_nt_passwd(sam), NT_HASH_LEN));
+       blob = data_blob_const(pdb_get_nt_passwd(sam), NT_HASH_LEN);
+       ret &= tldap_add_mod_blobs(mem_ctx, pmods, TLDAP_MOD_REPLACE,
+                                  "unicodePwd", 1, &blob);
 
-       ret &= tldap_make_mod_blob(
-               existing, mem_ctx, pnum_mods, pmods, "dBCSPwd",
-               data_blob_const(pdb_get_lanman_passwd(sam), NT_HASH_LEN));
+       blob = data_blob_const(pdb_get_lanman_passwd(sam), NT_HASH_LEN);
+       ret &= tldap_add_mod_blobs(mem_ctx, pmods, TLDAP_MOD_REPLACE,
+                                  "dBCSPwd", 1, &blob);
 
        ret &= tldap_make_mod_fmt(
                existing, mem_ctx, pnum_mods, pmods, "userAccountControl",