1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

s3-winbind: Allow changing the password for pdb

This commit is contained in:
Volker Lendecke 2010-04-16 16:28:05 +02:00
parent 45eeed2893
commit 9d0629d155
2 changed files with 50 additions and 1 deletions

View File

@ -1246,6 +1246,8 @@ WINBINDD_OBJ1 = \
auth/server_info.o \
auth/server_info_sam.o \
auth/user_info.o \
auth/pampass.o \
smbd/chgpasswd.o \
../nsswitch/libwbclient/wb_reqtrans.o
WINBINDD_OBJ = \
@ -2537,7 +2539,7 @@ bin/librpc_echo.@SHLIBEXT@: $(BINARY_PREREQS) $(RPC_ECHO_OBJ)
bin/winbindd@EXEEXT@: $(BINARY_PREREQS) $(WINBINDD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
@echo "Linking $@"
@$(CC) -o $@ $(WINBINDD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
$(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) \
$(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(AUTH_LIBS) \
$(PASSDB_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) \
$(ZLIB_LIBS)

View File

@ -1924,6 +1924,53 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact
/* Initialize reject reason */
state->response->data.auth.reject_reason = Undefined;
if (strequal(domain, get_global_sam_name())) {
struct samr_CryptPassword new_nt_password;
struct samr_CryptPassword new_lm_password;
struct samr_Password old_nt_hash_enc;
struct samr_Password old_lanman_hash_enc;
enum samPwdChangeReason rejectReason;
uchar old_nt_hash[16];
uchar old_lanman_hash[16];
uchar new_nt_hash[16];
uchar new_lanman_hash[16];
contact_domain = NULL;
E_md4hash(oldpass, old_nt_hash);
E_md4hash(newpass, new_nt_hash);
if (lp_client_lanman_auth() &&
E_deshash(newpass, new_lanman_hash) &&
E_deshash(oldpass, old_lanman_hash)) {
/* E_deshash returns false for 'long' passwords (> 14
DOS chars). This allows us to match Win2k, which
does not store a LM hash for these passwords (which
would reduce the effective password length to 14) */
encode_pw_buffer(new_lm_password.data, newpass, STR_UNICODE);
arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
} else {
ZERO_STRUCT(new_lm_password);
ZERO_STRUCT(old_lanman_hash_enc);
}
encode_pw_buffer(new_nt_password.data, newpass, STR_UNICODE);
arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
result = pass_oem_change(
user,
new_lm_password.data, old_lanman_hash_enc.hash,
new_nt_password.data, old_nt_hash_enc.hash,
&rejectReason);
goto done;
}
/* Get sam handle */
result = cm_connect_sam(contact_domain, state->mem_ctx, &cli,