* PAM Password Change Suite
*/
-bool smb_pam_passchange(const char * user, const char * oldpassword, const char * newpassword)
+bool smb_pam_passchange(const char *user, const char *rhost,
+ const char *oldpassword, const char *newpassword)
{
/* Appropriate quantities of root should be obtained BEFORE calling this function */
struct pam_conv *pconv = NULL;
if ((pconv = smb_setup_pam_conv(smb_pam_passchange_conv, user, oldpassword, newpassword)) == NULL)
return False;
- if(!smb_pam_start(&pamh, user, NULL, pconv))
+ if(!smb_pam_start(&pamh, user, rhost, pconv))
return False;
if (!smb_pam_chauthtok(pamh, user)) {
bool smb_pam_close_session(char *user, char *tty, char *rhost);
NTSTATUS smb_pam_accountcheck(const char *user, const char *rhost);
NTSTATUS smb_pam_passcheck(const char * user, const char * password);
-bool smb_pam_passchange(const char * user, const char * oldpassword, const char * newpassword);
+bool smb_pam_passchange(const char *user, const char *rhost,
+ const char *oldpassword, const char *newpassword);
bool smb_pam_claim_session(char *user, char *tty, char *rhost);
bool smb_pam_close_session(char *in_user, char *tty, char *rhost);
return (chstat);
}
-bool chgpasswd(const char *name, const struct passwd *pass,
+bool chgpasswd(const char *name, const char *rhost, const struct passwd *pass,
const char *oldpass, const char *newpass, bool as_root)
{
char *passwordprogram = NULL;
become_root();
if (pass) {
- ret = smb_pam_passchange(pass->pw_name, oldpass, newpass);
+ ret = smb_pam_passchange(pass->pw_name, rhost,
+ oldpass, newpass);
} else {
- ret = smb_pam_passchange(name, oldpass, newpass);
+ ret = smb_pam_passchange(name, rhost, oldpass,
+ newpass);
}
if (as_root)
is correct before calling. JRA.
************************************************************/
-static NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passwd, bool as_root, enum samPwdChangeReason *samr_reject_reason)
+static NTSTATUS change_oem_password(struct samu *hnd, const char *rhost,
+ char *old_passwd, char *new_passwd,
+ bool as_root,
+ enum samPwdChangeReason *samr_reject_reason)
{
uint32 min_len;
uint32 refuse;
*/
if(lp_unix_password_sync() &&
- !chgpasswd(username, pass, old_passwd, new_passwd, as_root)) {
+ !chgpasswd(username, rhost, pass, old_passwd, new_passwd,
+ as_root)) {
TALLOC_FREE(pass);
return NT_STATUS_ACCESS_DENIED;
}
Code to check and change the OEM hashed password.
************************************************************/
-NTSTATUS pass_oem_change(char *user,
+NTSTATUS pass_oem_change(char *user, const char *rhost,
uchar password_encrypted_with_lm_hash[516],
const uchar old_lm_hash_encrypted[16],
uchar password_encrypted_with_nt_hash[516],
/* We've already checked the old password here.... */
become_root();
- nt_status = change_oem_password(sampass, NULL, new_passwd, True, reject_reason);
+ nt_status = change_oem_password(sampass, rhost, NULL, new_passwd,
+ True, reject_reason);
unbecome_root();
memset(new_passwd, 0, strlen(new_passwd));
*/
status = pass_oem_change(user_name,
+ p->client_id->name,
r->in.lm_password->data,
r->in.lm_verifier->hash,
r->in.nt_password->data,
}
status = pass_oem_change(user_name,
+ p->client_id->name,
r->in.password->data,
r->in.hash->hash,
0,
*/
status = pass_oem_change(user_name,
+ p->client_id->name,
r->in.lm_password->data,
r->in.lm_verifier->hash,
r->in.nt_password->data,
static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx,
struct samr_UserInfo23 *id23,
+ const char *rhost,
struct samu *pwd)
{
char *plaintext_buf = NULL;
DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n"));
}
- if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) {
+ if(!chgpasswd(pdb_get_username(pwd), rhost,
+ passwd, "", plaintext_buf, True)) {
return NT_STATUS_ACCESS_DENIED;
}
TALLOC_FREE(passwd);
set_user_info_pw
********************************************************************/
-static bool set_user_info_pw(uint8 *pass, struct samu *pwd)
+static bool set_user_info_pw(uint8 *pass, const char *rhost, struct samu *pwd)
{
size_t len = 0;
char *plaintext_buf = NULL;
DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n"));
}
- if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) {
+ if(!chgpasswd(pdb_get_username(pwd), rhost, passwd,
+ "", plaintext_buf, True)) {
return False;
}
TALLOC_FREE(passwd);
********************************************************************/
static NTSTATUS set_user_info_24(TALLOC_CTX *mem_ctx,
+ const char *rhost,
struct samr_UserInfo24 *id24,
struct samu *pwd)
{
return NT_STATUS_INVALID_PARAMETER;
}
- if (!set_user_info_pw(id24->password.data, pwd)) {
+ if (!set_user_info_pw(id24->password.data, rhost, pwd)) {
return NT_STATUS_WRONG_PASSWORD;
}
********************************************************************/
static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx,
+ const char *rhost,
struct samr_UserInfo25 *id25,
struct samu *pwd)
{
if ((id25->info.fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
(id25->info.fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT)) {
- if (!set_user_info_pw(id25->password.data, pwd)) {
+ if (!set_user_info_pw(id25->password.data, rhost, pwd)) {
return NT_STATUS_WRONG_PASSWORD;
}
}
********************************************************************/
static NTSTATUS set_user_info_26(TALLOC_CTX *mem_ctx,
+ const char *rhost,
struct samr_UserInfo26 *id26,
struct samu *pwd)
{
return NT_STATUS_INVALID_PARAMETER;
}
- if (!set_user_info_pw(id26->password.data, pwd)) {
+ if (!set_user_info_pw(id26->password.data, rhost, pwd)) {
return NT_STATUS_WRONG_PASSWORD;
}
dump_data(100, info->info23.password.data, 516);
status = set_user_info_23(p->mem_ctx,
- &info->info23, pwd);
+ &info->info23,
+ p->client_id->name,
+ pwd);
break;
case 24:
dump_data(100, info->info24.password.data, 516);
status = set_user_info_24(p->mem_ctx,
+ p->client_id->name,
&info->info24, pwd);
break;
dump_data(100, info->info25.password.data, 532);
status = set_user_info_25(p->mem_ctx,
+ p->client_id->name,
&info->info25, pwd);
break;
dump_data(100, info->info26.password.data, 516);
status = set_user_info_26(p->mem_ctx,
+ p->client_id->name,
&info->info26, pwd);
break;
/* The following definitions come from rpc_server/srv_samr_chgpasswd.c */
-bool chgpasswd(const char *name, const struct passwd *pass,
+bool chgpasswd(const char *name, const char *rhost, const struct passwd *pass,
const char *oldpass, const char *newpass, bool as_root);
-NTSTATUS pass_oem_change(char *user,
+NTSTATUS pass_oem_change(char *user, const char *rhost,
uchar password_encrypted_with_lm_hash[516],
const uchar old_lm_hash_encrypted[16],
uchar password_encrypted_with_nt_hash[516],
git.samba.org / obnox / samba / samba-obnox.git / commitdiff