mit-kdb: Implement KDB function to change passwords

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

4 files changed, 66 insertions, 1 deletions

diff --git a/source4/kdc/mit-kdb/kdb_samba.c b/source4/kdc/mit-kdb/kdb_samba.c
index 1f3fb7300ae..dc80a2291c1 100644
--- a/source4/kdc/mit-kdb/kdb_samba.c
+++ b/source4/kdc/mit-kdb/kdb_samba.c
@@ -170,7 +170,7 @@ kdb_vftabl kdb_function_table = {
 	kdb_samba_fetch_master_key_list,   /* fetch_master_key_list */
 	NULL,                              /* store_master_key_list */
 	NULL,                              /* dbe_search_enctype */
-	NULL,                              /* change_pwd */
+	kdb_samba_change_pwd,              /* change_pwd */
 	NULL,                              /* promote_db */
 	kdb_samba_dbekd_decrypt_key_data,  /* decrypt_key_data */
 	kdb_samba_dbekd_encrypt_key_data,  /* encrypt_key_data */
diff --git a/source4/kdc/mit-kdb/kdb_samba.h b/source4/kdc/mit-kdb/kdb_samba.h
index 32c8d843548..b2273c3efcc 100644
--- a/source4/kdc/mit-kdb/kdb_samba.h
+++ b/source4/kdc/mit-kdb/kdb_samba.h
@@ -145,5 +145,13 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
 						       krb5_const_principal client,
 						       const krb5_db_entry *server,
 						       krb5_const_principal proxy);
+/* from kdb_samba_change_pwd.c */
+
+krb5_error_code kdb_samba_change_pwd(krb5_context context,
+				     krb5_keyblock *master_key,
+				     krb5_key_salt_tuple *ks_tuple,
+				     int ks_tuple_count, char *passwd,
+				     int new_kvno, krb5_boolean keepold,
+				     krb5_db_entry *db_entry);
 
 #endif /* _KDB_SAMBA_H_ */
diff --git a/source4/kdc/mit-kdb/kdb_samba_change_pwd.c b/source4/kdc/mit-kdb/kdb_samba_change_pwd.c
new file mode 100644
index 00000000000..e0264cb4f09
--- /dev/null
+++ b/source4/kdc/mit-kdb/kdb_samba_change_pwd.c
@@ -0,0 +1,56 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Samba KDB plugin for MIT Kerberos
+
+   Copyright (c) 2010      Simo Sorce <idra@samba.org>.
+   Copyright (c) 2014      Andreas Schneider <asn@samba.org>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+#include "system/kerberos.h"
+
+#include <profile.h>
+#include <kdb.h>
+
+#include "kdc/mit_samba.h"
+#include "kdb_samba.h"
+
+krb5_error_code kdb_samba_change_pwd(krb5_context context,
+				     krb5_keyblock *master_key,
+				     krb5_key_salt_tuple *ks_tuple,
+				     int ks_tuple_count, char *passwd,
+				     int new_kvno, krb5_boolean keepold,
+				     krb5_db_entry *db_entry)
+{
+	struct mit_samba_context *mit_ctx;
+	krb5_error_code code;
+
+	mit_ctx = ks_get_context(context);
+	if (mit_ctx == NULL) {
+		return KRB5_KDB_DBNOTINITED;
+	}
+
+	code = mit_samba_kpasswd_change_password(mit_ctx, passwd, db_entry);
+	if (code != 0) {
+		goto cleanup;
+	}
+
+cleanup:
+
+	return code;
+}
diff --git a/source4/kdc/mit-kdb/wscript_build b/source4/kdc/mit-kdb/wscript_build
index 68f086649c2..82cea4a1bc3 100644
--- a/source4/kdc/mit-kdb/wscript_build
+++ b/source4/kdc/mit-kdb/wscript_build
@@ -8,6 +8,7 @@ bld.SAMBA_LIBRARY('mit-kdb-samba',
                          kdb_samba_pac.c
                          kdb_samba_policies.c
                          kdb_samba_principals.c
+                         kdb_samba_change_pwd.c
                          ''',
                   private_library=True,
                   realname='samba.so',