source4/kdc/kpasswd_glue.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    kpasswd Server implementation
   5
   6    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
   7    Copyright (C) Andrew Tridgell        2005
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22
  23 #include "includes.h"
  24 #include "dsdb/samdb/samdb.h"
  25 #include "../lib/util/util_ldb.h"
  26 #include "libcli/security/security.h"
  27 #include "dsdb/common/util.h"
  28 #include "auth/auth.h"
  29 #include "kdc/kpasswd_glue.h"
  30
  31 #undef DBGC_CLASS
  32 #define DBGC_CLASS DBGC_KERBEROS
  33
  34 /*
  35    A user password change
  36
  37    Return true if there is a valid error packet (or success) formed in
  38    the error_blob
  39 */
  40 NTSTATUS samdb_kpasswd_change_password(TALLOC_CTX *mem_ctx,
  41                                        struct loadparm_context *lp_ctx,
  42                                        struct tevent_context *event_ctx,
  43                                        struct auth_session_info *session_info,
  44                                        const DATA_BLOB *password,
  45                                        enum samPwdChangeReason *reject_reason,
  46                                        struct samr_DomInfo1 **dominfo,
  47                                        const char **error_string,
  48                                        NTSTATUS *result)
  49 {
  50         NTSTATUS status;
  51         struct ldb_context *samdb = NULL;
  52
  53         /* Start a SAM with user privileges for the password change */
  54         samdb = samdb_connect(mem_ctx,
  55                               event_ctx,
  56                               lp_ctx,
  57                               session_info,
  58                               NULL,
  59                               0);
  60         if (!samdb) {
  61                 *error_string = "Failed to open samdb";
  62                 return NT_STATUS_ACCESS_DENIED;
  63         }
  64
  65         DBG_NOTICE("Changing password of %s\\%s (%s)\n",
  66                    session_info->info->domain_name,
  67                    session_info->info->account_name,
  68                    dom_sid_string(mem_ctx, &session_info->security_token->sids[PRIMARY_USER_SID_INDEX]));
  69
  70         /* Performs the password change */
  71         status = samdb_set_password_sid(samdb,
  72                                         mem_ctx,
  73                                         &session_info->security_token->sids[PRIMARY_USER_SID_INDEX],
  74                                         NULL,
  75                                         password,
  76                                         NULL,
  77                                         DSDB_PASSWORD_CHECKED_AND_CORRECT,
  78                                         reject_reason,
  79                                         dominfo);
  80         if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
  81                 *error_string = "No such user when changing password";
  82         } else if (!NT_STATUS_IS_OK(status)) {
  83                 *error_string = nt_errstr(status);
  84         }
  85         *result = status;
  86
  87         return NT_STATUS_OK;
  88 }