static NTSTATUS samdb_set_password_internal(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
struct ldb_dn *user_dn, struct ldb_dn *domain_dn,
const DATA_BLOB *new_password,
- const struct samr_Password *lmNewHash,
const struct samr_Password *ntNewHash,
enum dsdb_password_checked old_password_checked,
enum samPwdChangeReason *reject_reason,
}
msg->dn = user_dn;
if ((new_password != NULL)
- && ((lmNewHash == NULL) && (ntNewHash == NULL))) {
+ && ((ntNewHash == NULL))) {
/* we have the password as plaintext UTF16 */
CHECK_RET(ldb_msg_add_value(msg, "clearTextPassword",
new_password, NULL));
el = ldb_msg_find_element(msg, "clearTextPassword");
el->flags = LDB_FLAG_MOD_REPLACE;
} else if ((new_password == NULL)
- && ((lmNewHash != NULL) || (ntNewHash != NULL))) {
- /* we have a password as LM and/or NT hash */
- if (lmNewHash != NULL) {
- CHECK_RET(samdb_msg_add_hash(ldb, mem_ctx, msg,
- "dBCSPwd", lmNewHash));
- el = ldb_msg_find_element(msg, "dBCSPwd");
- el->flags = LDB_FLAG_MOD_REPLACE;
- }
+ && ((ntNewHash != NULL))) {
+ /* we have a password as NT hash */
if (ntNewHash != NULL) {
CHECK_RET(samdb_msg_add_hash(ldb, mem_ctx, msg,
"unicodePwd", ntNewHash));
NTSTATUS samdb_set_password(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
struct ldb_dn *user_dn, struct ldb_dn *domain_dn,
const DATA_BLOB *new_password,
- const struct samr_Password *lmNewHash,
const struct samr_Password *ntNewHash,
enum dsdb_password_checked old_password_checked,
enum samPwdChangeReason *reject_reason,
return samdb_set_password_internal(ldb, mem_ctx,
user_dn, domain_dn,
new_password,
- lmNewHash, ntNewHash,
+ ntNewHash,
old_password_checked,
reject_reason, _dominfo,
false); /* reject trusts */
const struct dom_sid *user_sid,
const uint32_t *new_version, /* optional for trusts */
const DATA_BLOB *new_password,
- const struct samr_Password *lmNewHash,
const struct samr_Password *ntNewHash,
enum dsdb_password_checked old_password_checked,
enum samPwdChangeReason *reject_reason,
nt_status = samdb_set_password_internal(ldb, mem_ctx,
user_msg->dn, NULL,
new_password,
- lmNewHash, ntNewHash,
+ ntNewHash,
old_password_checked,
reject_reason, _dominfo,
true); /* permit trusts */
status = samdb_set_password(sam_ctx, mem_ctx,
user_dn, NULL,
&new_password,
- NULL, NULL,
+ NULL,
DSDB_PASSWORD_CHECKED_AND_CORRECT,
&reason,
&dominfo);
domain_dn,
&new_password,
NULL,
- NULL,
DSDB_PASSWORD_RESET,
NULL,
NULL);
domain_dn,
&new_password,
NULL,
- NULL,
DSDB_PASSWORD_RESET,
NULL,
NULL);
return nt_status;
}
- if (lm_pwd_hash != NULL) {
- in = data_blob_const(lm_pwd_hash, 16);
- out = data_blob_talloc_zero(mem_ctx, 16);
-
- rc = sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_DECRYPT);
- if (rc != 0) {
- return gnutls_error_to_ntstatus(rc,
- NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
- }
-
- d_lm_pwd_hash = (struct samr_Password *) out.data;
- }
if (nt_pwd_hash != NULL) {
in = data_blob_const(nt_pwd_hash, 16);
out = data_blob_talloc_zero(mem_ctx, 16);
if ((d_lm_pwd_hash != NULL) || (d_nt_pwd_hash != NULL)) {
nt_status = samdb_set_password(sam_ctx, mem_ctx, account_dn,
domain_dn, NULL,
- d_lm_pwd_hash, d_nt_pwd_hash,
+ d_nt_pwd_hash,
DSDB_PASSWORD_RESET,
NULL, NULL);
}