diff options
author | Andreas Schneider <asn@samba.org> | 2016-09-07 15:07:49 +0200 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2016-09-13 00:19:24 +0200 |
commit | b61ca170ffc35985218de0a1dc9c582df9f378ab (patch) | |
tree | 2a7dcb78fd5762ce81321228241156809b3aab3a /source4/kdc | |
parent | 76360caad20dae0389e3e78d58d5866e5657a6cd (diff) | |
download | samba-b61ca170ffc35985218de0a1dc9c582df9f378ab.tar.gz |
s4-kdc: Add a kpasswd_samdb_set_password() helper function
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source4/kdc')
-rw-r--r-- | source4/kdc/kpasswd-helper.c | 83 | ||||
-rw-r--r-- | source4/kdc/kpasswd-helper.h | 10 |
2 files changed, 93 insertions, 0 deletions
diff --git a/source4/kdc/kpasswd-helper.c b/source4/kdc/kpasswd-helper.c index 5ecb6e976b4..996b318bd40 100644 --- a/source4/kdc/kpasswd-helper.c +++ b/source4/kdc/kpasswd-helper.c @@ -23,6 +23,8 @@ #include "includes.h" #include "system/kerberos.h" #include "librpc/gen_ndr/samr.h" +#include "dsdb/samdb/samdb.h" +#include "auth/auth.h" #include "kdc/kpasswd-helper.h" bool kpasswd_make_error_reply(TALLOC_CTX *mem_ctx, @@ -156,3 +158,84 @@ bool kpasswd_make_pwchange_reply(TALLOC_CTX *mem_ctx, "Password changed", error_blob); } + +NTSTATUS kpasswd_samdb_set_password(TALLOC_CTX *mem_ctx, + struct tevent_context *event_ctx, + struct loadparm_context *lp_ctx, + struct auth_session_info *session_info, + bool is_service_principal, + const char *target_principal_name, + DATA_BLOB *password, + enum samPwdChangeReason *reject_reason, + struct samr_DomInfo1 **dominfo) +{ + NTSTATUS status; + struct ldb_context *samdb; + struct ldb_dn *target_dn = NULL; + int rc; + + samdb = samdb_connect(mem_ctx, + event_ctx, + lp_ctx, + session_info, + 0); + if (samdb == NULL) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + DBG_INFO("%s\\%s (%s) is changing password of %s\n", + session_info->info->domain_name, + session_info->info->account_name, + dom_sid_string(mem_ctx, + &session_info->security_token->sids[PRIMARY_USER_SID_INDEX]), + target_principal_name); + + rc = ldb_transaction_start(samdb); + if (rc != LDB_SUCCESS) { + return NT_STATUS_TRANSACTION_ABORTED; + } + + if (is_service_principal) { + status = crack_service_principal_name(samdb, + mem_ctx, + target_principal_name, + &target_dn, + NULL); + } else { + status = crack_user_principal_name(samdb, + mem_ctx, + target_principal_name, + &target_dn, + NULL); + } + if (!NT_STATUS_IS_OK(status)) { + ldb_transaction_cancel(samdb); + return status; + } + + status = samdb_set_password(samdb, + mem_ctx, + target_dn, + NULL, /* domain_dn */ + password, + NULL, /* lmNewHash */ + NULL, /* ntNewHash */ + NULL, /* lmOldHash */ + NULL, /* ntOldHash */ + reject_reason, + dominfo); + if (NT_STATUS_IS_OK(status)) { + rc = ldb_transaction_commit(samdb); + if (rc != LDB_SUCCESS) { + DBG_WARNING("Failed to commit transaction to " + "set password on %s: %s\n", + ldb_dn_get_linearized(target_dn), + ldb_errstring(samdb)); + return NT_STATUS_TRANSACTION_ABORTED; + } + } else { + ldb_transaction_cancel(samdb); + } + + return status; +} diff --git a/source4/kdc/kpasswd-helper.h b/source4/kdc/kpasswd-helper.h index d2ff1e3ec2f..8fad81e0a5d 100644 --- a/source4/kdc/kpasswd-helper.h +++ b/source4/kdc/kpasswd-helper.h @@ -33,4 +33,14 @@ bool kpasswd_make_pwchange_reply(TALLOC_CTX *mem_ctx, struct samr_DomInfo1 *dominfo, DATA_BLOB *error_blob); +NTSTATUS kpasswd_samdb_set_password(TALLOC_CTX *mem_ctx, + struct tevent_context *event_ctx, + struct loadparm_context *lp_ctx, + struct auth_session_info *session_info, + bool is_service_principal, + const char *target_principal_name, + DATA_BLOB *password, + enum samPwdChangeReason *reject_reason, + struct samr_DomInfo1 **dominfo); + #endif /* _KPASSWD_HELPER_H */ |