mirror of
https://github.com/samba-team/samba.git
synced 2025-11-22 16:23:49 +03:00
r16060: This is one of the more dirty patches I've put in lately. Parse enough of
SetUserInfo level 25 to survive the join method XP uses if the user did not exist before. For good taste this contains way too much cut&paste, but for a real fix there is just not enough time. Up to 3.0.22 we completely ignored that a full level 21 is being sent together with level 25, but we got away with that because on creation we did not set the "disabled" flag on the workstation account. Now we correctly follow W2k3 in this regard, and we end up with a disabled workstation after join. Man, I hate rpc_parse/. The correct fix would be to import PIDL generated samr parsing, but this is would probably be a bit too much for .23... Thanks to Tom Bork for finding this one. Volker
This commit is contained in:
Volker Lendecke
committed by
Gerald (Jerry) Carter
Gerald (Jerry) Carter
parent
aafd4db457
commit
5a37aba105
@@ -3298,6 +3298,52 @@ static BOOL set_user_info_pw(uint8 *pass, struct samu *pwd)
|
||||
return True;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
set_user_info_25
|
||||
********************************************************************/
|
||||
|
||||
static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, SAM_USER_INFO_25 *id25,
|
||||
struct samu *pwd)
|
||||
{
|
||||
NTSTATUS status;
|
||||
|
||||
if (id25 == NULL) {
|
||||
DEBUG(5, ("set_user_info_25: NULL id25\n"));
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
copy_id25_to_sam_passwd(pwd, id25);
|
||||
|
||||
/*
|
||||
* The funny part about the previous two calls is
|
||||
* that pwd still has the password hashes from the
|
||||
* passdb entry. These have not been updated from
|
||||
* id21. I don't know if they need to be set. --jerry
|
||||
*/
|
||||
|
||||
if ( IS_SAM_CHANGED(pwd, PDB_GROUPSID) ) {
|
||||
status = pdb_set_unix_primary_group(mem_ctx, pwd);
|
||||
if ( !NT_STATUS_IS_OK(status) ) {
|
||||
return status;
|
||||
}
|
||||
}
|
||||
|
||||
/* Don't worry about writing out the user account since the
|
||||
primary group SID is generated solely from the user's Unix
|
||||
primary group. */
|
||||
|
||||
/* write the change out */
|
||||
if(!NT_STATUS_IS_OK(status = pdb_update_sam_account(pwd))) {
|
||||
TALLOC_FREE(pwd);
|
||||
return status;
|
||||
}
|
||||
|
||||
/* WARNING: No TALLOC_FREE(pwd), we are about to set the password
|
||||
* hereafter! */
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
samr_reply_set_userinfo
|
||||
********************************************************************/
|
||||
@@ -3401,6 +3447,11 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
|
||||
|
||||
dump_data(100, (char *)ctr->info.id25->pass, 532);
|
||||
|
||||
r_u->status = set_user_info_25(p->mem_ctx,
|
||||
ctr->info.id25, pwd);
|
||||
if (!NT_STATUS_IS_OK(r_u->status)) {
|
||||
goto done;
|
||||
}
|
||||
if (!set_user_info_pw(ctr->info.id25->pass, pwd))
|
||||
r_u->status = NT_STATUS_ACCESS_DENIED;
|
||||
break;
|
||||
@@ -3433,6 +3484,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
|
||||
r_u->status = NT_STATUS_INVALID_INFO_CLASS;
|
||||
}
|
||||
|
||||
done:
|
||||
|
||||
if ( has_enough_rights )
|
||||
unbecome_root();
|
||||
|
||||
Reference in New Issue
Block a user