Winbindd change password request
Andrew Bartlett
abartlet at samba.org
Mon Jul 3 11:17:40 GMT 2006
On Mon, 2006-07-03 at 14:12 +0200, Alexey Kobozev wrote:
> Volker Lendecke wrote:
> > On Mon, Jul 03, 2006 at 10:42:49AM +0200, Alexey Kobozev wrote:
> >> Could you please give a clue which way this should be done?
> >
> > If an error occurs, just return. There's no retry logic
> > necessary in this call.
>
> OK. I see your point. Here is the patch - there is no more
> retry logic.
> +/* Change user password with auth crap*/
> +
> +void winbindd_pam_chng_pswd_auth_crap(struct winbindd_cli_state *state)
> +{
> + struct winbindd_domain *domain = NULL;
> + const char *domain_name = NULL;
> + NTSTATUS result;
> +
> + if (!state->privileged) {
> + char *error_string = NULL;
> + DEBUG(2, ("winbindd_pam_chng_pswd_auth_crap: non-privileged access "
> + "denied. !\n"));
> + DEBUGADD(2, ("winbindd_pam_chng_pswd_auth_crap: Ensure permissions "
> + "on %s are set correctly.\n",
> + get_winbind_priv_pipe_dir()));
> + /* send a better message than ACCESS_DENIED */
> + error_string = talloc_asprintf(state->mem_ctx,
> + "winbind client not authorized "
> + "to use winbindd_pam_auth_crap."
> + " Ensure permissions on %s "
> + "are set correctly.",
> + get_winbind_priv_pipe_dir());
I don't see any reason why password changes should require privileged
access. Again, this is partly because you copied the wrong example.
This should be identical to the plaintext operation, but with
pre-encrypted blobs.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060703/5c96618c/attachment.bin
More information about the samba-technical
mailing list