summaryrefslogtreecommitdiff
path: root/source4/kdc
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mwallnoefer@yahoo.de>2009-09-26 12:09:07 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-05-10 19:07:46 +0200
commit6e8098b261b9357204c8fa5534871a4c137ca1c5 (patch)
treed3d438644b66be45e06d114d198ca72757b30e12 /source4/kdc
parentfc8e3ffb5f261e7efdcbcef46b1f13c3b5599730 (diff)
downloadsamba-6e8098b261b9357204c8fa5534871a4c137ca1c5.tar.gz
samba-6e8098b261b9357204c8fa5534871a4c137ca1c5.tar.bz2
samba-6e8098b261b9357204c8fa5534871a4c137ca1c5.zip
s4:samdb_set_password/samdb_set_password_sid - Rework
Adapt the two functions for the restructured "password_hash" module. This means that basically all checks are now performed in the mentioned module. An exception consists in the SAMR password change calls since they need very precise NTSTATUS return codes on wrong constraints ("samr_password.c") file
Diffstat (limited to 'source4/kdc')
-rw-r--r--source4/kdc/kpasswdd.c35
1 files changed, 4 insertions, 31 deletions
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index 5e1efeedc0..a0ff28a4ca 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -241,7 +241,6 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
enum samPwdChangeReason reject_reason = SAM_PWD_CHANGE_NO_ERROR;
struct samr_DomInfo1 *dominfo = NULL;
struct ldb_context *samdb;
- struct ldb_message *msg;
krb5_context context = kdc->smb_krb5_context->krb5_context;
ChangePasswdDataMS chpw;
@@ -255,11 +254,6 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
size_t len;
int ret;
- msg = ldb_msg_new(mem_ctx);
- if (!msg) {
- return false;
- }
-
ret = decode_ChangePasswdDataMS(input->data, input->length,
&chpw, &len);
if (ret) {
@@ -351,7 +345,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
dom_sid_string(mem_ctx, session_info->security_token->user_sid),
set_password_on_princ));
ret = ldb_transaction_start(samdb);
- if (ret) {
+ if (ret != LDB_SUCCESS) {
status = NT_STATUS_TRANSACTION_ABORTED;
return kpasswd_make_pwchange_reply(kdc, mem_ctx,
status,
@@ -379,41 +373,20 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
reply);
}
- msg = ldb_msg_new(mem_ctx);
- if (msg == NULL) {
- ldb_transaction_cancel(samdb);
- status = NT_STATUS_NO_MEMORY;
- } else {
- msg->dn = ldb_dn_copy(msg, set_password_on_dn);
- if (!msg->dn) {
- status = NT_STATUS_NO_MEMORY;
- }
- }
-
if (NT_STATUS_IS_OK(status)) {
/* Admin password set */
status = samdb_set_password(samdb, mem_ctx,
set_password_on_dn, NULL,
- msg, &password, NULL, NULL,
+ &password, NULL, NULL,
false, /* this is not a user password change */
&reject_reason, &dominfo);
}
if (NT_STATUS_IS_OK(status)) {
- /* modify the samdb record */
- ret = dsdb_replace(samdb, msg, 0);
- if (ret != 0) {
- DEBUG(2,("Failed to modify record to set password on %s: %s\n",
- ldb_dn_get_linearized(msg->dn),
- ldb_errstring(samdb)));
- status = NT_STATUS_ACCESS_DENIED;
- }
- }
- if (NT_STATUS_IS_OK(status)) {
ret = ldb_transaction_commit(samdb);
- if (ret != 0) {
+ if (ret != LDB_SUCCESS) {
DEBUG(1,("Failed to commit transaction to set password on %s: %s\n",
- ldb_dn_get_linearized(msg->dn),
+ ldb_dn_get_linearized(set_password_on_dn),
ldb_errstring(samdb)));
status = NT_STATUS_TRANSACTION_ABORTED;
}