From 5a6819dbee516f926da67dca707153b3654dc349 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Thu, 30 Jul 2015 14:47:11 +0200 Subject: mit-kdb: Implement KDB function to change passwords Signed-off-by: Andreas Schneider Reviewed-by: Sumit Bose Reviewed-by: Guenther Deschner Reviewed-by: Andrew Bartlett --- source4/kdc/mit-kdb/kdb_samba.c | 2 +- source4/kdc/mit-kdb/kdb_samba.h | 8 +++++ source4/kdc/mit-kdb/kdb_samba_change_pwd.c | 56 ++++++++++++++++++++++++++++++ source4/kdc/mit-kdb/wscript_build | 1 + 4 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 source4/kdc/mit-kdb/kdb_samba_change_pwd.c (limited to 'source4/kdc') diff --git a/source4/kdc/mit-kdb/kdb_samba.c b/source4/kdc/mit-kdb/kdb_samba.c index 1f3fb7300ae..dc80a2291c1 100644 --- a/source4/kdc/mit-kdb/kdb_samba.c +++ b/source4/kdc/mit-kdb/kdb_samba.c @@ -170,7 +170,7 @@ kdb_vftabl kdb_function_table = { kdb_samba_fetch_master_key_list, /* fetch_master_key_list */ NULL, /* store_master_key_list */ NULL, /* dbe_search_enctype */ - NULL, /* change_pwd */ + kdb_samba_change_pwd, /* change_pwd */ NULL, /* promote_db */ kdb_samba_dbekd_decrypt_key_data, /* decrypt_key_data */ kdb_samba_dbekd_encrypt_key_data, /* encrypt_key_data */ diff --git a/source4/kdc/mit-kdb/kdb_samba.h b/source4/kdc/mit-kdb/kdb_samba.h index 32c8d843548..b2273c3efcc 100644 --- a/source4/kdc/mit-kdb/kdb_samba.h +++ b/source4/kdc/mit-kdb/kdb_samba.h @@ -145,5 +145,13 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context, krb5_const_principal client, const krb5_db_entry *server, krb5_const_principal proxy); +/* from kdb_samba_change_pwd.c */ + +krb5_error_code kdb_samba_change_pwd(krb5_context context, + krb5_keyblock *master_key, + krb5_key_salt_tuple *ks_tuple, + int ks_tuple_count, char *passwd, + int new_kvno, krb5_boolean keepold, + krb5_db_entry *db_entry); #endif /* _KDB_SAMBA_H_ */ diff --git a/source4/kdc/mit-kdb/kdb_samba_change_pwd.c b/source4/kdc/mit-kdb/kdb_samba_change_pwd.c new file mode 100644 index 00000000000..e0264cb4f09 --- /dev/null +++ b/source4/kdc/mit-kdb/kdb_samba_change_pwd.c @@ -0,0 +1,56 @@ +/* + Unix SMB/CIFS implementation. + + Samba KDB plugin for MIT Kerberos + + Copyright (c) 2010 Simo Sorce . + Copyright (c) 2014 Andreas Schneider + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" + +#include "system/kerberos.h" + +#include +#include + +#include "kdc/mit_samba.h" +#include "kdb_samba.h" + +krb5_error_code kdb_samba_change_pwd(krb5_context context, + krb5_keyblock *master_key, + krb5_key_salt_tuple *ks_tuple, + int ks_tuple_count, char *passwd, + int new_kvno, krb5_boolean keepold, + krb5_db_entry *db_entry) +{ + struct mit_samba_context *mit_ctx; + krb5_error_code code; + + mit_ctx = ks_get_context(context); + if (mit_ctx == NULL) { + return KRB5_KDB_DBNOTINITED; + } + + code = mit_samba_kpasswd_change_password(mit_ctx, passwd, db_entry); + if (code != 0) { + goto cleanup; + } + +cleanup: + + return code; +} diff --git a/source4/kdc/mit-kdb/wscript_build b/source4/kdc/mit-kdb/wscript_build index 68f086649c2..82cea4a1bc3 100644 --- a/source4/kdc/mit-kdb/wscript_build +++ b/source4/kdc/mit-kdb/wscript_build @@ -8,6 +8,7 @@ bld.SAMBA_LIBRARY('mit-kdb-samba', kdb_samba_pac.c kdb_samba_policies.c kdb_samba_principals.c + kdb_samba_change_pwd.c ''', private_library=True, realname='samba.so', -- cgit v1.2.1