diff options
Diffstat (limited to 'source4/kdc/kpasswdd.c')
-rw-r--r-- | source4/kdc/kpasswdd.c | 39 |
1 files changed, 27 insertions, 12 deletions
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c index 603332e69e..1336b0157e 100644 --- a/source4/kdc/kpasswdd.c +++ b/source4/kdc/kpasswdd.c @@ -25,7 +25,7 @@ #include "lib/events/events.h" #include "lib/socket/socket.h" #include "system/network.h" -#include "lib/util/dlinklist.h" +#include "../lib/util/dlinklist.h" #include "lib/ldb/include/ldb.h" #include "auth/gensec/gensec.h" #include "auth/credentials/credentials.h" @@ -175,7 +175,7 @@ static bool kpasswd_make_pwchange_reply(struct kdc_server *kdc, static bool kpasswdd_change_password(struct kdc_server *kdc, TALLOC_CTX *mem_ctx, struct auth_session_info *session_info, - const char *password, + const DATA_BLOB *password, DATA_BLOB *reply) { NTSTATUS status; @@ -219,6 +219,8 @@ static bool kpasswd_process_request(struct kdc_server *kdc, DATA_BLOB *reply) { struct auth_session_info *session_info; + ssize_t pw_len; + if (!NT_STATUS_IS_OK(gensec_session_info(gensec_security, &session_info))) { return kpasswdd_make_error_reply(kdc, mem_ctx, @@ -230,12 +232,20 @@ static bool kpasswd_process_request(struct kdc_server *kdc, switch (version) { case KRB5_KPASSWD_VERS_CHANGEPW: { - char *password = talloc_strndup(mem_ctx, (const char *)input->data, input->length); - if (!password) { + DATA_BLOB password; + pw_len = convert_string_talloc(mem_ctx, lp_iconv_convenience(kdc->task->lp_ctx), + CH_UTF8, CH_UTF16, + (const char *)input->data, + input->length, + (void **)&password.data); + + if (pw_len == -1) { return false; } + password.length = pw_len; + return kpasswdd_change_password(kdc, mem_ctx, session_info, - password, reply); + &password, reply); break; } case KRB5_KPASSWD_VERS_SETPW: @@ -248,7 +258,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc, krb5_context context = kdc->smb_krb5_context->krb5_context; ChangePasswdDataMS chpw; - char *password; + DATA_BLOB password; krb5_principal principal; char *set_password_on_princ; @@ -271,13 +281,18 @@ static bool kpasswd_process_request(struct kdc_server *kdc, reply); } - password = talloc_strndup(mem_ctx, - (const char *)chpw.newpasswd.data, - chpw.newpasswd.length); - if (!password) { + pw_len = convert_string_talloc(mem_ctx, lp_iconv_convenience(kdc->task->lp_ctx), + CH_UTF8, CH_UTF16, + (const char *)chpw.newpasswd.data, + chpw.newpasswd.length, + (void **)&password.data); + if (pw_len == -1) { free_ChangePasswdDataMS(&chpw); return false; } + + password.length = pw_len; + if ((chpw.targname && !chpw.targrealm) || (!chpw.targname && chpw.targrealm)) { return kpasswdd_make_error_reply(kdc, mem_ctx, @@ -306,7 +321,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc, } else { free_ChangePasswdDataMS(&chpw); return kpasswdd_change_password(kdc, mem_ctx, session_info, - password, reply); + &password, reply); } free_ChangePasswdDataMS(&chpw); @@ -371,7 +386,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc, /* Admin password set */ status = samdb_set_password(samdb, mem_ctx, set_password_on_dn, NULL, - msg, password, NULL, NULL, + msg, &password, NULL, NULL, false, /* this is not a user password change */ &reject_reason, &dominfo); } |