From 2dd71de11ac8c5bb5b1a3a68b7971adf75d9a8d3 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 11 Nov 2013 10:37:38 +1300
Subject: [PATCH] dsdb: Add samdb_result_passwords_from_history helper function

Change-Id: I949c6c64551f68c4381b41b30120874ead82949e
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 source4/dsdb/common/util.c | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 0ad0ea37ed7..3a65385887d 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -558,6 +558,43 @@ unsigned int samdb_result_hashes(TALLOC_CTX *mem_ctx, const struct ldb_message *
 	return count;
 }
 
+NTSTATUS samdb_result_passwords_from_history(TALLOC_CTX *mem_ctx,
+					     struct loadparm_context *lp_ctx,
+					     struct ldb_message *msg,
+					     unsigned int idx,
+					     struct samr_Password **lm_pwd,
+					     struct samr_Password **nt_pwd)
+{
+	struct samr_Password *lmPwdHash, *ntPwdHash;
+
+	if (nt_pwd) {
+		unsigned int num_nt;
+		num_nt = samdb_result_hashes(mem_ctx, msg, "ntPwdHistory", &ntPwdHash);
+		if (num_nt < idx) {
+			*nt_pwd = NULL;
+		} else {
+			*nt_pwd = &ntPwdHash[idx];
+		}
+	}
+	if (lm_pwd) {
+		/* Ensure that if we have turned off LM
+		 * authentication, that we never use the LM hash, even
+		 * if we store it */
+		if (lpcfg_lanman_auth(lp_ctx)) {
+			unsigned int num_lm;
+			num_lm = samdb_result_hashes(mem_ctx, msg, "lmPwdHistory", &lmPwdHash);
+			if (num_lm < idx) {
+				*lm_pwd = NULL;
+			} else {
+				*lm_pwd = &lmPwdHash[idx];
+			}
+		} else {
+			*lm_pwd = NULL;
+		}
+	}
+	return NT_STATUS_OK;
+}
+
 NTSTATUS samdb_result_passwords_no_lockout(TALLOC_CTX *mem_ctx,
 					   struct loadparm_context *lp_ctx,
 					   struct ldb_message *msg,
-- 
2.11.4.GIT