mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
fixed the client side password change code
The client side code was not falling back to older routines correctly as it didn't check for the operation range error appropriately. It also used the old rpc semantics.
This commit is contained in:
parent
2bf1e8b5e1
commit
4dcc058ea1
@ -99,30 +99,19 @@ static NTSTATUS libnet_ChangePassword_samr(struct libnet_context *ctx, TALLOC_CT
|
|||||||
|
|
||||||
/* 2. try samr_ChangePasswordUser3 */
|
/* 2. try samr_ChangePasswordUser3 */
|
||||||
status = dcerpc_samr_ChangePasswordUser3(c.out.dcerpc_pipe, mem_ctx, &pw3);
|
status = dcerpc_samr_ChangePasswordUser3(c.out.dcerpc_pipe, mem_ctx, &pw3);
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
if (!NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
|
||||||
r->samr.out.error_string = talloc_asprintf(mem_ctx,
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
"samr_ChangePasswordUser3 failed: %s",
|
r->samr.out.error_string = talloc_asprintf(mem_ctx,
|
||||||
nt_errstr(status));
|
"samr_ChangePasswordUser3 failed: %s",
|
||||||
goto ChangePasswordUser2;
|
nt_errstr(status));
|
||||||
}
|
r->samr.out.error_string = talloc_asprintf(mem_ctx,
|
||||||
|
"samr_ChangePasswordUser3 for '%s\\%s' failed: %s",
|
||||||
/* check result of samr_ChangePasswordUser3 */
|
r->samr.in.domain_name, r->samr.in.account_name,
|
||||||
if (!NT_STATUS_IS_OK(pw3.out.result)) {
|
nt_errstr(status));
|
||||||
r->samr.out.error_string = talloc_asprintf(mem_ctx,
|
|
||||||
"samr_ChangePasswordUser3 for '%s\\%s' failed: %s",
|
|
||||||
r->samr.in.domain_name, r->samr.in.account_name,
|
|
||||||
nt_errstr(pw3.out.result));
|
|
||||||
/* TODO: give the reason of the reject */
|
|
||||||
if (NT_STATUS_EQUAL(pw3.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
|
|
||||||
status = pw3.out.result;
|
|
||||||
goto disconnect;
|
|
||||||
}
|
}
|
||||||
goto ChangePasswordUser2;
|
goto disconnect;
|
||||||
}
|
}
|
||||||
|
|
||||||
goto disconnect;
|
|
||||||
|
|
||||||
ChangePasswordUser2:
|
|
||||||
/* prepare samr_ChangePasswordUser2 */
|
/* prepare samr_ChangePasswordUser2 */
|
||||||
encode_pw_buffer(lm_pass.data, r->samr.in.newpassword, STR_ASCII|STR_TERMINATE);
|
encode_pw_buffer(lm_pass.data, r->samr.in.newpassword, STR_ASCII|STR_TERMINATE);
|
||||||
arcfour_crypt(lm_pass.data, old_lm_hash, 516);
|
arcfour_crypt(lm_pass.data, old_lm_hash, 516);
|
||||||
@ -142,29 +131,17 @@ ChangePasswordUser2:
|
|||||||
|
|
||||||
/* 3. try samr_ChangePasswordUser2 */
|
/* 3. try samr_ChangePasswordUser2 */
|
||||||
status = dcerpc_samr_ChangePasswordUser2(c.out.dcerpc_pipe, mem_ctx, &pw2);
|
status = dcerpc_samr_ChangePasswordUser2(c.out.dcerpc_pipe, mem_ctx, &pw2);
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
if (!NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
|
||||||
r->samr.out.error_string = talloc_asprintf(mem_ctx,
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
"samr_ChangePasswordUser2 failed: %s",
|
r->samr.out.error_string = talloc_asprintf(mem_ctx,
|
||||||
nt_errstr(status));
|
"samr_ChangePasswordUser2 for '%s\\%s' failed: %s",
|
||||||
goto OemChangePasswordUser2;
|
r->samr.in.domain_name, r->samr.in.account_name,
|
||||||
}
|
nt_errstr(status));
|
||||||
|
|
||||||
/* check result of samr_ChangePasswordUser2 */
|
|
||||||
if (!NT_STATUS_IS_OK(pw2.out.result)) {
|
|
||||||
r->samr.out.error_string = talloc_asprintf(mem_ctx,
|
|
||||||
"samr_ChangePasswordUser2 for '%s\\%s' failed: %s",
|
|
||||||
r->samr.in.domain_name, r->samr.in.account_name,
|
|
||||||
nt_errstr(pw2.out.result));
|
|
||||||
if (NT_STATUS_EQUAL(pw2.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
|
|
||||||
status = pw2.out.result;
|
|
||||||
goto disconnect;
|
|
||||||
}
|
}
|
||||||
goto OemChangePasswordUser2;
|
goto disconnect;
|
||||||
}
|
}
|
||||||
|
|
||||||
goto disconnect;
|
|
||||||
|
|
||||||
OemChangePasswordUser2:
|
|
||||||
/* prepare samr_OemChangePasswordUser2 */
|
/* prepare samr_OemChangePasswordUser2 */
|
||||||
a_server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(c.out.dcerpc_pipe));
|
a_server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(c.out.dcerpc_pipe));
|
||||||
a_account.string = r->samr.in.account_name;
|
a_account.string = r->samr.in.account_name;
|
||||||
@ -180,29 +157,16 @@ OemChangePasswordUser2:
|
|||||||
|
|
||||||
/* 4. try samr_OemChangePasswordUser2 */
|
/* 4. try samr_OemChangePasswordUser2 */
|
||||||
status = dcerpc_samr_OemChangePasswordUser2(c.out.dcerpc_pipe, mem_ctx, &oe2);
|
status = dcerpc_samr_OemChangePasswordUser2(c.out.dcerpc_pipe, mem_ctx, &oe2);
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
if (!NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
|
||||||
r->samr.out.error_string = talloc_asprintf(mem_ctx,
|
if (!NT_STATUS_IS_OK(oe2.out.result)) {
|
||||||
"samr_OemChangePasswordUser2 failed: %s",
|
r->samr.out.error_string = talloc_asprintf(mem_ctx,
|
||||||
nt_errstr(status));
|
"samr_OemChangePasswordUser2 for '%s\\%s' failed: %s",
|
||||||
goto ChangePasswordUser;
|
r->samr.in.domain_name, r->samr.in.account_name,
|
||||||
}
|
nt_errstr(status));
|
||||||
|
|
||||||
/* check result of samr_OemChangePasswordUser2 */
|
|
||||||
if (!NT_STATUS_IS_OK(oe2.out.result)) {
|
|
||||||
r->samr.out.error_string = talloc_asprintf(mem_ctx,
|
|
||||||
"samr_OemChangePasswordUser2 for '%s\\%s' failed: %s",
|
|
||||||
r->samr.in.domain_name, r->samr.in.account_name,
|
|
||||||
nt_errstr(oe2.out.result));
|
|
||||||
if (NT_STATUS_EQUAL(oe2.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
|
|
||||||
status = oe2.out.result;
|
|
||||||
goto disconnect;
|
|
||||||
}
|
}
|
||||||
goto ChangePasswordUser;
|
goto disconnect;
|
||||||
}
|
}
|
||||||
|
|
||||||
goto disconnect;
|
|
||||||
|
|
||||||
ChangePasswordUser:
|
|
||||||
#if 0
|
#if 0
|
||||||
/* prepare samr_ChangePasswordUser */
|
/* prepare samr_ChangePasswordUser */
|
||||||
E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
|
E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
|
||||||
|
Loading…
Reference in New Issue
Block a user