Preliminary merge of winbind into HEAD. Note that this compiles and links

but I haven't actually run it yet so it probably doesn't work.  (-:
(This used to be commit 59f95416b66db6df05289bde224de29c721978e5)

1 files changed, 79 insertions, 9 deletions

diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index c74afd8e29..57b2394799 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -23,6 +23,28 @@
 
 #include "winbindd.h"
 
+/* Copy of parse_domain_user from winbindd_util.c.  Parse a string of the
+   form DOMAIN/user into a domain and a user */
+
+static void parse_domain_user(char *domuser, fstring domain, fstring user)
+{
+        char *p;
+        char *sep = lp_winbind_separator();
+        if (!sep) sep = "\\";
+        p = strchr(domuser,*sep);
+        if (!p) p = strchr(domuser,'\\');
+        if (!p) {
+                fstrcpy(domain,"");
+                fstrcpy(user, domuser);
+                return;
+        }
+        
+        fstrcpy(user, p+1);
+        fstrcpy(domain, domuser);
+        domain[PTR_DIFF(p, domuser)] = 0;
+        strupper(domain);
+}
+
 /* Return a password structure from a username.  Specify whether cached data 
    can be returned. */
 
@@ -31,31 +53,37 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
 	NET_USER_INFO_3 info3;
 	uchar ntpw[16];
 	uchar lmpw[16];
-	uint8 trust_passwd[16];
+	uchar trust_passwd[16];
 	uint32 status;
 	fstring server;
 	fstring name_domain, name_user;
 	extern pstring global_myname;
 
-	DEBUG(1,("winbindd_pam_auth user=%s\n", 
-		 state->request.data.auth.user));
+	DEBUG(3, ("[%5d]: pam auth %s\n", state->pid,
+		  state->request.data.auth.user));
 
 	/* Parse domain and username */
-	parse_domain_user(state->request.data.auth.user, name_domain, name_user);
+	parse_domain_user(state->request.data.auth.user, name_domain, 
+                          name_user);
 
 	/* don't allow the null domain */
 	if (strcmp(name_domain,"") == 0) return WINBINDD_ERROR;
 
 	ZERO_STRUCT(info3);
 
-	if (!secrets_fetch_trust_account_password(lp_workgroup(), 
-						  trust_passwd, NULL)) {
-		return WINBINDD_ERROR;
-	}
+	if (!_get_trust_account_password(lp_workgroup(), trust_passwd, NULL)) {
+            DEBUG(1, ("could not get trust password for domain %s\n",
+                      name_domain));
+            return WINBINDD_ERROR;
+        }
 
 	nt_lm_owf_gen(state->request.data.auth.pass, ntpw, lmpw);
 
-	slprintf(server, sizeof(server)-1, "\\\\%s", server_state.controller);
+	slprintf(server, sizeof(server), "\\\\%s", server_state.controller);
+
+#if 0
+
+	/* XXX */
 
 	status = domain_client_validate_backend(server, 
 						name_user, name_domain,
@@ -64,9 +92,51 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
 						NULL,
 						lmpw, sizeof(lmpw),
 						ntpw, sizeof(ntpw), &info3);
+#else
+	status = NT_STATUS_UNSUCCESSFUL;
+#endif
+	
 
 	if (status != NT_STATUS_NOPROBLEMO) return WINBINDD_ERROR;
 
 	return WINBINDD_OK;
 }
 
+/* Change a user password */
+
+enum winbindd_result winbindd_pam_chauthtok(struct winbindd_cli_state *state)
+{
+    char *oldpass, *newpass;
+    fstring domain, user;
+    uchar nt_oldhash[16];
+    uchar lm_oldhash[16];
+
+    DEBUG(3, ("[%5d]: pam chauthtok %s\n", state->pid,
+	      state->request.data.chauthtok.user));
+
+    /* Setup crap */
+
+    if (state == NULL) return WINBINDD_ERROR;
+
+    parse_domain_user(state->request.data.chauthtok.user, domain, user);
+
+    oldpass = state->request.data.chauthtok.oldpass;
+    newpass = state->request.data.chauthtok.newpass;
+
+    nt_lm_owf_gen(oldpass, nt_oldhash, lm_oldhash);
+
+    /* Change password */
+
+#if 0
+
+    /* XXX */
+
+    if (!msrpc_sam_ntchange_pwd(server_state.controller, domain, user,
+                               lm_oldhash, nt_oldhash, newpass)) {
+        DEBUG(0, ("password change failed for user %s/%s\n", domain, user));
+        return WINBINDD_ERROR;
+    }
+#endif
+    
+    return WINBINDD_OK;
+}