[PATCH] winbindd user password changing
Samuel Ziegler
sam at xpedion.com
Tue Jan 29 18:40:08 GMT 2002
Here is a patch to allow winbindd to change user passwords. I did this so
that I could use pam_winbind to update windows passwords via passwd. It
seems to work fine. The only irritation which I didn't bother fixing is
that it pam_winbindd prints out "Changing password for user %s".
- Sam
-------------- next part --------------
Index: pam_winbind.c
===================================================================
RCS file: /cvsroot/samba/source/nsswitch/pam_winbind.c,v
retrieving revision 1.5
diff -a -b -u -r1.5 pam_winbind.c
--- pam_winbind.c 7 Jan 2002 02:57:06 -0000 1.5
+++ pam_winbind.c 30 Jan 2002 02:22:19 -0000
@@ -456,7 +456,9 @@
return PAM_AUTHTOK_ERR;
}
+#if 0
fprintf(stderr, "oldpw = %s, newpw = %s\n", oldpw, newpw);
+#endif
if (retval == PAM_SUCCESS &&
winbind_chauthtok_request(user, oldpw, newpw) == 0) {
Index: winbindd_pam.c
===================================================================
RCS file: /cvsroot/samba/source/nsswitch/winbindd_pam.c,v
retrieving revision 1.34
diff -a -b -u -r1.34 winbindd_pam.c
--- winbindd_pam.c 18 Jan 2002 02:37:55 -0000 1.34
+++ winbindd_pam.c 30 Jan 2002 02:22:19 -0000
@@ -209,6 +209,7 @@
fstring domain, user;
uchar nt_oldhash[16];
uchar lm_oldhash[16];
+ CLI_POLICY_HND *hnd;
DEBUG(3, ("[%5d]: pam chauthtok %s\n", state->pid,
state->request.data.chauthtok.user));
@@ -224,20 +225,21 @@
oldpass = state->request.data.chauthtok.oldpass;
newpass = state->request.data.chauthtok.newpass;
- nt_lm_owf_gen(oldpass, nt_oldhash, lm_oldhash);
+ /* Not needed: handled in cli_ome_change_password */
+ /* nt_lm_owf_gen(oldpass, nt_oldhash, lm_oldhash); */
/* Change password */
-#if 0
+ /* Get sam handle */
- /* XXX */
+ if (!(hnd = cm_get_sam_handle(domain))) {
+ return WINBINDD_ERROR;
+ }
- if (!msrpc_sam_ntchange_pwd(server_state.controller, domain, user,
- lm_oldhash, nt_oldhash, newpass)) {
+ if (!cli_oem_change_password(hnd->cli, user, newpass, oldpass)) {
DEBUG(0, ("password change failed for user %s/%s\n", domain, user));
return WINBINDD_ERROR;
}
-#endif
return WINBINDD_OK;
}
More information about the samba-technical
mailing list