2014-08-05 17:49:55 +02:00
/*
Unix SMB / CIFS implementation .
kpasswd Server implementation
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2005
Copyright ( C ) Andrew Tridgell 2005
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# include "includes.h"
# include "dsdb/samdb/samdb.h"
# include "../lib/util/util_ldb.h"
# include "libcli/security/security.h"
# include "dsdb/common/util.h"
# include "auth/auth.h"
# include "kdc/kpasswd_glue.h"
2022-09-09 12:32:57 +02:00
# undef DBGC_CLASS
# define DBGC_CLASS DBGC_KERBEROS
2014-08-05 17:49:55 +02:00
/*
A user password change
Return true if there is a valid error packet ( or success ) formed in
the error_blob
*/
NTSTATUS samdb_kpasswd_change_password ( TALLOC_CTX * mem_ctx ,
struct loadparm_context * lp_ctx ,
struct tevent_context * event_ctx ,
struct auth_session_info * session_info ,
const DATA_BLOB * password ,
enum samPwdChangeReason * reject_reason ,
struct samr_DomInfo1 * * dominfo ,
const char * * error_string ,
NTSTATUS * result )
{
NTSTATUS status ;
2022-02-10 14:11:03 +13:00
struct ldb_context * samdb = NULL ;
2014-08-05 17:49:55 +02:00
/* Start a SAM with user privileges for the password change */
2018-04-12 06:41:30 +12:00
samdb = samdb_connect ( mem_ctx ,
event_ctx ,
lp_ctx ,
session_info ,
NULL ,
0 ) ;
2014-08-05 17:49:55 +02:00
if ( ! samdb ) {
* error_string = " Failed to open samdb " ;
return NT_STATUS_ACCESS_DENIED ;
}
2023-07-21 11:44:05 +12:00
DBG_NOTICE ( " Changing password of %s \\ %s (%s) \n " ,
session_info - > info - > domain_name ,
session_info - > info - > account_name ,
dom_sid_string ( mem_ctx , & session_info - > security_token - > sids [ PRIMARY_USER_SID_INDEX ] ) ) ;
2014-08-05 17:49:55 +02:00
/* Performs the password change */
status = samdb_set_password_sid ( samdb ,
mem_ctx ,
& session_info - > security_token - > sids [ PRIMARY_USER_SID_INDEX ] ,
NULL ,
password ,
NULL ,
2022-02-09 16:33:23 +13:00
DSDB_PASSWORD_CHECKED_AND_CORRECT ,
2014-08-05 17:49:55 +02:00
reject_reason ,
dominfo ) ;
2022-02-10 14:11:03 +13:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_NO_SUCH_USER ) ) {
* error_string = " No such user when changing password " ;
} else if ( ! NT_STATUS_IS_OK ( status ) ) {
2014-08-05 17:49:55 +02:00
* error_string = nt_errstr ( status ) ;
}
* result = status ;
return NT_STATUS_OK ;
}