From 6e8098b261b9357204c8fa5534871a4c137ca1c5 Mon Sep 17 00:00:00 2001
From: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
Date: Sat, 26 Sep 2009 12:09:07 +0200
Subject: s4:samdb_set_password/samdb_set_password_sid - Rework

Adapt the two functions for the restructured "password_hash" module. This
means that basically all checks are now performed in the mentioned module.

An exception consists in the SAMR password change calls since they need very
precise NTSTATUS return codes on wrong constraints ("samr_password.c") file
---
 source4/kdc/kpasswdd.c | 35 ++++-------------------------------
 1 file changed, 4 insertions(+), 31 deletions(-)

(limited to 'source4/kdc')

diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index 5e1efeedc0..a0ff28a4ca 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -241,7 +241,6 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
 		enum samPwdChangeReason reject_reason = SAM_PWD_CHANGE_NO_ERROR;
 		struct samr_DomInfo1 *dominfo = NULL;
 		struct ldb_context *samdb;
-		struct ldb_message *msg;
 		krb5_context context = kdc->smb_krb5_context->krb5_context;
 
 		ChangePasswdDataMS chpw;
@@ -255,11 +254,6 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
 		size_t len;
 		int ret;
 
-		msg = ldb_msg_new(mem_ctx);
-		if (!msg) {
-			return false;
-		}
-
 		ret = decode_ChangePasswdDataMS(input->data, input->length,
 						&chpw, &len);
 		if (ret) {
@@ -351,7 +345,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
 			  dom_sid_string(mem_ctx, session_info->security_token->user_sid),
 			  set_password_on_princ));
 		ret = ldb_transaction_start(samdb);
-		if (ret) {
+		if (ret != LDB_SUCCESS) {
 			status = NT_STATUS_TRANSACTION_ABORTED;
 			return kpasswd_make_pwchange_reply(kdc, mem_ctx,
 							   status,
@@ -379,41 +373,20 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
 							   reply);
 		}
 
-		msg = ldb_msg_new(mem_ctx);
-		if (msg == NULL) {
-			ldb_transaction_cancel(samdb);
-			status = NT_STATUS_NO_MEMORY;
-		} else {
-			msg->dn = ldb_dn_copy(msg, set_password_on_dn);
-			if (!msg->dn) {
-				status = NT_STATUS_NO_MEMORY;
-			}
-		}
-
 		if (NT_STATUS_IS_OK(status)) {
 			/* Admin password set */
 			status = samdb_set_password(samdb, mem_ctx,
 						    set_password_on_dn, NULL,
-						    msg, &password, NULL, NULL,
+						    &password, NULL, NULL,
 						    false, /* this is not a user password change */
 						    &reject_reason, &dominfo);
 		}
 
-		if (NT_STATUS_IS_OK(status)) {
-			/* modify the samdb record */
-			ret = dsdb_replace(samdb, msg, 0);
-			if (ret != 0) {
-				DEBUG(2,("Failed to modify record to set password on %s: %s\n",
-					 ldb_dn_get_linearized(msg->dn),
-					 ldb_errstring(samdb)));
-				status = NT_STATUS_ACCESS_DENIED;
-			}
-		}
 		if (NT_STATUS_IS_OK(status)) {
 			ret = ldb_transaction_commit(samdb);
-			if (ret != 0) {
+			if (ret != LDB_SUCCESS) {
 				DEBUG(1,("Failed to commit transaction to set password on %s: %s\n",
-					 ldb_dn_get_linearized(msg->dn),
+					 ldb_dn_get_linearized(set_password_on_dn),
 					 ldb_errstring(samdb)));
 				status = NT_STATUS_TRANSACTION_ABORTED;
 			}
-- 
cgit