diff options
author | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2009-09-26 12:09:07 +0200 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-05-10 19:07:46 +0200 |
commit | 6e8098b261b9357204c8fa5534871a4c137ca1c5 (patch) | |
tree | d3d438644b66be45e06d114d198ca72757b30e12 /source4/kdc | |
parent | fc8e3ffb5f261e7efdcbcef46b1f13c3b5599730 (diff) | |
download | samba-6e8098b261b9357204c8fa5534871a4c137ca1c5.tar.gz samba-6e8098b261b9357204c8fa5534871a4c137ca1c5.tar.bz2 samba-6e8098b261b9357204c8fa5534871a4c137ca1c5.zip |
s4:samdb_set_password/samdb_set_password_sid - Rework
Adapt the two functions for the restructured "password_hash" module. This
means that basically all checks are now performed in the mentioned module.
An exception consists in the SAMR password change calls since they need very
precise NTSTATUS return codes on wrong constraints ("samr_password.c") file
Diffstat (limited to 'source4/kdc')
-rw-r--r-- | source4/kdc/kpasswdd.c | 35 |
1 files changed, 4 insertions, 31 deletions
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c index 5e1efeedc0..a0ff28a4ca 100644 --- a/source4/kdc/kpasswdd.c +++ b/source4/kdc/kpasswdd.c @@ -241,7 +241,6 @@ static bool kpasswd_process_request(struct kdc_server *kdc, enum samPwdChangeReason reject_reason = SAM_PWD_CHANGE_NO_ERROR; struct samr_DomInfo1 *dominfo = NULL; struct ldb_context *samdb; - struct ldb_message *msg; krb5_context context = kdc->smb_krb5_context->krb5_context; ChangePasswdDataMS chpw; @@ -255,11 +254,6 @@ static bool kpasswd_process_request(struct kdc_server *kdc, size_t len; int ret; - msg = ldb_msg_new(mem_ctx); - if (!msg) { - return false; - } - ret = decode_ChangePasswdDataMS(input->data, input->length, &chpw, &len); if (ret) { @@ -351,7 +345,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc, dom_sid_string(mem_ctx, session_info->security_token->user_sid), set_password_on_princ)); ret = ldb_transaction_start(samdb); - if (ret) { + if (ret != LDB_SUCCESS) { status = NT_STATUS_TRANSACTION_ABORTED; return kpasswd_make_pwchange_reply(kdc, mem_ctx, status, @@ -379,41 +373,20 @@ static bool kpasswd_process_request(struct kdc_server *kdc, reply); } - msg = ldb_msg_new(mem_ctx); - if (msg == NULL) { - ldb_transaction_cancel(samdb); - status = NT_STATUS_NO_MEMORY; - } else { - msg->dn = ldb_dn_copy(msg, set_password_on_dn); - if (!msg->dn) { - status = NT_STATUS_NO_MEMORY; - } - } - if (NT_STATUS_IS_OK(status)) { /* Admin password set */ status = samdb_set_password(samdb, mem_ctx, set_password_on_dn, NULL, - msg, &password, NULL, NULL, + &password, NULL, NULL, false, /* this is not a user password change */ &reject_reason, &dominfo); } if (NT_STATUS_IS_OK(status)) { - /* modify the samdb record */ - ret = dsdb_replace(samdb, msg, 0); - if (ret != 0) { - DEBUG(2,("Failed to modify record to set password on %s: %s\n", - ldb_dn_get_linearized(msg->dn), - ldb_errstring(samdb))); - status = NT_STATUS_ACCESS_DENIED; - } - } - if (NT_STATUS_IS_OK(status)) { ret = ldb_transaction_commit(samdb); - if (ret != 0) { + if (ret != LDB_SUCCESS) { DEBUG(1,("Failed to commit transaction to set password on %s: %s\n", - ldb_dn_get_linearized(msg->dn), + ldb_dn_get_linearized(set_password_on_dn), ldb_errstring(samdb))); status = NT_STATUS_TRANSACTION_ABORTED; } |