Line data    Source code

       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             : 
       4             :    kpasswd Server implementation
       5             : 
       6             :    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
       7             :    Copyright (C) Andrew Tridgell        2005
       8             : 
       9             :    This program is free software; you can redistribute it and/or modify
      10             :    it under the terms of the GNU General Public License as published by
      11             :    the Free Software Foundation; either version 3 of the License, or
      12             :    (at your option) any later version.
      13             : 
      14             :    This program is distributed in the hope that it will be useful,
      15             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      16             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      17             :    GNU General Public License for more details.
      18             : 
      19             :    You should have received a copy of the GNU General Public License
      20             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      21             : */
      22             : 
      23             : #include "includes.h"
      24             : #include "dsdb/samdb/samdb.h"
      25             : #include "../lib/util/util_ldb.h"
      26             : #include "libcli/security/security.h"
      27             : #include "dsdb/common/util.h"
      28             : #include "auth/auth.h"
      29             : #include "kdc/kpasswd_glue.h"
      30             : 
      31             : #undef DBGC_CLASS
      32             : #define DBGC_CLASS DBGC_KERBEROS
      33             : 
      34             : /*
      35             :    A user password change
      36             : 
      37             :    Return true if there is a valid error packet (or success) formed in
      38             :    the error_blob
      39             : */
      40          57 : NTSTATUS samdb_kpasswd_change_password(TALLOC_CTX *mem_ctx,
      41             :                                        struct loadparm_context *lp_ctx,
      42             :                                        struct tevent_context *event_ctx,
      43             :                                        struct auth_session_info *session_info,
      44             :                                        const DATA_BLOB *password,
      45             :                                        enum samPwdChangeReason *reject_reason,
      46             :                                        struct samr_DomInfo1 **dominfo,
      47             :                                        const char **error_string,
      48             :                                        NTSTATUS *result)
      49             : {
      50           0 :         NTSTATUS status;
      51          57 :         struct ldb_context *samdb = NULL;
      52             : 
      53             :         /* Start a SAM with user privileges for the password change */
      54          57 :         samdb = samdb_connect(mem_ctx,
      55             :                               event_ctx,
      56             :                               lp_ctx,
      57             :                               session_info,
      58             :                               NULL,
      59             :                               0);
      60          57 :         if (!samdb) {
      61           0 :                 *error_string = "Failed to open samdb";
      62           0 :                 return NT_STATUS_ACCESS_DENIED;
      63             :         }
      64             : 
      65          57 :         DBG_NOTICE("Changing password of %s\\%s (%s)\n",
      66             :                    session_info->info->domain_name,
      67             :                    session_info->info->account_name,
      68             :                    dom_sid_string(mem_ctx, &session_info->security_token->sids[PRIMARY_USER_SID_INDEX]));
      69             : 
      70             :         /* Performs the password change */
      71          57 :         status = samdb_set_password_sid(samdb,
      72             :                                         mem_ctx,
      73          57 :                                         &session_info->security_token->sids[PRIMARY_USER_SID_INDEX],
      74             :                                         NULL,
      75             :                                         password,
      76             :                                         NULL,
      77             :                                         DSDB_PASSWORD_CHECKED_AND_CORRECT,
      78             :                                         reject_reason,
      79             :                                         dominfo);
      80          57 :         if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
      81           0 :                 *error_string = "No such user when changing password";
      82          57 :         } else if (!NT_STATUS_IS_OK(status)) {
      83          10 :                 *error_string = nt_errstr(status);
      84             :         }
      85          57 :         *result = status;
      86             : 
      87          57 :         return NT_STATUS_OK;
      88             : }