summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-08-15 20:44:28 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-08-17 18:45:33 +0200
commitd72d7f9c5f318b58e38a47d38debe72bb6f53891 (patch)
treeefead30a543b0f8aeef1f989abef114a81924829 /source4/dsdb
parent35954bb3108ce1d2c05c729712ce881402bf3723 (diff)
downloadsamba-d72d7f9c5f318b58e38a47d38debe72bb6f53891.tar.gz
samba-d72d7f9c5f318b58e38a47d38debe72bb6f53891.tar.bz2
samba-d72d7f9c5f318b58e38a47d38debe72bb6f53891.zip
s4:samdb_set_password/samdb_set_password_sid - make the adaptions to support the password change control
And introduce parameters to pass the old password hashes.
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/common/util.c40
1 files changed, 27 insertions, 13 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 86b74d5630..25d6a407c5 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2000,11 +2000,11 @@ int samdb_set_password_callback(struct ldb_request *req, struct ldb_reply *ares)
/*
* Sets the user password using plaintext UTF16 (attribute "new_password") or
* LM (attribute "lmNewHash") or NT (attribute "ntNewHash") hash. Also pass
- * as parameter if it's a user change or not ("userChange"). The "rejectReason"
- * gives some more informations if the changed failed.
+ * the old LM and/or NT hash (attributes "lmOldHash"/"ntOldHash") if it is a
+ * user change or not. The "rejectReason" gives some more informations if the
+ * change failed.
*
- * Results: NT_STATUS_OK, NT_STATUS_INTERNAL_DB_CORRUPTION,
- * NT_STATUS_INVALID_PARAMETER, NT_STATUS_UNSUCCESSFUL,
+ * Results: NT_STATUS_OK, NT_STATUS_INVALID_PARAMETER, NT_STATUS_UNSUCCESSFUL,
* NT_STATUS_WRONG_PASSWORD, NT_STATUS_PASSWORD_RESTRICTION
*/
NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
@@ -2012,7 +2012,8 @@ NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
const DATA_BLOB *new_password,
struct samr_Password *lmNewHash,
struct samr_Password *ntNewHash,
- bool user_change,
+ const struct samr_Password *lmOldHash,
+ const struct samr_Password *ntOldHash,
enum samPwdChangeReason *reject_reason,
struct samr_DomInfo1 **_dominfo)
{
@@ -2070,12 +2071,23 @@ NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- if (user_change) {
- /* a user password change and we've checked already the old
- * password somewhere else (callers responsability) */
+ /* A password change operation */
+ if ((ntOldHash != NULL) || (lmOldHash != NULL)) {
+ struct dsdb_control_password_change *change;
+
+ change = talloc(req, struct dsdb_control_password_change);
+ if (change == NULL) {
+ talloc_free(req);
+ talloc_free(msg);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ change->old_nt_pwd_hash = ntOldHash;
+ change->old_lm_pwd_hash = lmOldHash;
+
ret = ldb_request_add_control(req,
DSDB_CONTROL_PASSWORD_CHANGE_OID,
- true, NULL);
+ true, change);
if (ret != LDB_SUCCESS) {
talloc_free(req);
talloc_free(msg);
@@ -2170,8 +2182,9 @@ NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
/*
* Sets the user password using plaintext UTF16 (attribute "new_password") or
* LM (attribute "lmNewHash") or NT (attribute "ntNewHash") hash. Also pass
- * as parameter if it's a user change or not ("userChange"). The "rejectReason"
- * gives some more informations if the changed failed.
+ * the old LM and/or NT hash (attributes "lmOldHash"/"ntOldHash") if it is a
+ * user change or not. The "rejectReason" gives some more informations if the
+ * change failed.
*
* This wrapper function for "samdb_set_password" takes a SID as input rather
* than a user DN.
@@ -2189,7 +2202,8 @@ NTSTATUS samdb_set_password_sid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
const DATA_BLOB *new_password,
struct samr_Password *lmNewHash,
struct samr_Password *ntNewHash,
- bool user_change,
+ const struct samr_Password *lmOldHash,
+ const struct samr_Password *ntOldHash,
enum samPwdChangeReason *reject_reason,
struct samr_DomInfo1 **_dominfo)
{
@@ -2217,7 +2231,7 @@ NTSTATUS samdb_set_password_sid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
user_dn, NULL,
new_password,
lmNewHash, ntNewHash,
- user_change,
+ lmOldHash, ntOldHash,
reject_reason, _dominfo);
if (!NT_STATUS_IS_OK(nt_status)) {
ldb_transaction_cancel(ldb);