[PATCH] winbindd user password changing

Samuel Ziegler sam at xpedion.com
Tue Jan 29 18:40:08 GMT 2002


Here is a patch to allow winbindd to change user passwords.  I did this so 
that I could use pam_winbind to update windows passwords via passwd.  It 
seems to work fine.  The only irritation which I didn't bother fixing is 
that it pam_winbindd prints out "Changing password for user %s".

  - Sam
-------------- next part --------------
Index: pam_winbind.c
===================================================================
RCS file: /cvsroot/samba/source/nsswitch/pam_winbind.c,v
retrieving revision 1.5
diff -a -b -u -r1.5 pam_winbind.c
--- pam_winbind.c	7 Jan 2002 02:57:06 -0000	1.5
+++ pam_winbind.c	30 Jan 2002 02:22:19 -0000
@@ -456,7 +456,9 @@
             return PAM_AUTHTOK_ERR;
         }
 
+#if 0
         fprintf(stderr, "oldpw = %s, newpw = %s\n", oldpw, newpw);
+#endif
 
         if (retval == PAM_SUCCESS && 
             winbind_chauthtok_request(user, oldpw, newpw) == 0) {
Index: winbindd_pam.c
===================================================================
RCS file: /cvsroot/samba/source/nsswitch/winbindd_pam.c,v
retrieving revision 1.34
diff -a -b -u -r1.34 winbindd_pam.c
--- winbindd_pam.c	18 Jan 2002 02:37:55 -0000	1.34
+++ winbindd_pam.c	30 Jan 2002 02:22:19 -0000
@@ -209,6 +209,7 @@
 	fstring domain, user;
 	uchar nt_oldhash[16];
 	uchar lm_oldhash[16];
+	CLI_POLICY_HND *hnd;
 
 	DEBUG(3, ("[%5d]: pam chauthtok %s\n", state->pid,
 		state->request.data.chauthtok.user));
@@ -224,20 +225,21 @@
 	oldpass = state->request.data.chauthtok.oldpass;
 	newpass = state->request.data.chauthtok.newpass;
 
-	nt_lm_owf_gen(oldpass, nt_oldhash, lm_oldhash);
+	/*  Not needed: handled in cli_ome_change_password */
+	/* nt_lm_owf_gen(oldpass, nt_oldhash, lm_oldhash); */
 
 	/* Change password */
 
-#if 0
+	/* Get sam handle */
 
-	/* XXX */
+	if (!(hnd = cm_get_sam_handle(domain))) {
+		return WINBINDD_ERROR;
+	}
 
-	if (!msrpc_sam_ntchange_pwd(server_state.controller, domain, user,
-		lm_oldhash, nt_oldhash, newpass)) {
+	if (!cli_oem_change_password(hnd->cli, user, newpass, oldpass)) {
 		DEBUG(0, ("password change failed for user %s/%s\n", domain, user));
 		return WINBINDD_ERROR;
 	}
-#endif
     
 	return WINBINDD_OK;
 }


More information about the samba-technical mailing list