diff --git a/examples/libmsrpc/test/sam/samenum.c b/examples/libmsrpc/test/sam/samenum.c index 5b10475aacf..f1b9ebdf842 100644 --- a/examples/libmsrpc/test/sam/samenum.c +++ b/examples/libmsrpc/test/sam/samenum.c @@ -51,7 +51,7 @@ int main(int argc, char **argv) { eu.in.dom_hnd = sod.out.dom_hnd; printf("ACB mask (can be 0): "); - scanf("%hx", &eu.in.acb_mask); + scanf("%x", &eu.in.acb_mask); while(cac_SamEnumUsers(hnd, mem_ctx, &eu)) { printf("Enumerated %d users:\n", eu.out.num_users); diff --git a/examples/pdb/test.c b/examples/pdb/test.c index 63eb1eaaf97..68b5b9a3e5a 100644 --- a/examples/pdb/test.c +++ b/examples/pdb/test.c @@ -29,7 +29,7 @@ static int testsam_debug_level = DBGC_ALL; Start enumeration of the passwd list. ****************************************************************/ -static NTSTATUS testsam_setsampwent(struct pdb_methods *methods, BOOL update, uint16 acb_mask) +static NTSTATUS testsam_setsampwent(struct pdb_methods *methods, BOOL update, uint32 acb_mask) { DEBUG(10, ("testsam_setsampwent called\n")); return NT_STATUS_NOT_IMPLEMENTED; diff --git a/source/auth/auth_sam.c b/source/auth/auth_sam.c index f06eb83ba1a..740170d73d0 100644 --- a/source/auth/auth_sam.c +++ b/source/auth/auth_sam.c @@ -40,7 +40,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, DATA_BLOB *user_sess_key, DATA_BLOB *lm_sess_key) { - uint16 acct_ctrl; + uint32 acct_ctrl; const uint8 *lm_pw, *nt_pw; const char *username = pdb_get_username(sampass); @@ -116,7 +116,7 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, struct samu *sampass, const auth_usersupplied_info *user_info) { - uint16 acct_ctrl = pdb_get_acct_ctrl(sampass); + uint32 acct_ctrl = pdb_get_acct_ctrl(sampass); char *workstation_list; time_t kickoff_time; diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c index 2de362cabea..1f853e5eb90 100644 --- a/source/auth/auth_util.c +++ b/source/auth/auth_util.c @@ -1598,6 +1598,11 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } + if (!pdb_set_acct_ctrl(sam_account, info3->acct_flags, PDB_CHANGED)) { + TALLOC_FREE(sam_account); + return NT_STATUS_NO_MEMORY; + } + result = make_server_info(NULL); if (result == NULL) { DEBUG(4, ("make_server_info failed!\n")); diff --git a/source/include/libmsrpc.h b/source/include/libmsrpc.h index 9fbd57a8d32..36bae441775 100644 --- a/source/include/libmsrpc.h +++ b/source/include/libmsrpc.h @@ -1761,7 +1761,7 @@ struct SamEnumUsers { POLICY_HND *dom_hnd; /**Enumerate users with specific ACB. If 0, all users will be enumerated*/ - uint16 acb_mask; + uint32 acb_mask; } in; struct { diff --git a/source/include/passdb.h b/source/include/passdb.h index 0e64653fe6b..a9688c6f818 100644 --- a/source/include/passdb.h +++ b/source/include/passdb.h @@ -130,7 +130,7 @@ enum pdb_value_state { /* cache for bad password lockout data, to be used on replicated SAMs */ typedef struct logon_cache_struct { time_t entry_timestamp; - uint16 acct_ctrl; + uint32 acct_ctrl; uint16 bad_password_count; time_t bad_password_time; } LOGIN_CACHE; @@ -171,7 +171,7 @@ struct samu { DATA_BLOB nt_pw_his; /* nt hashed password history .data is Null if not available */ char* plaintext_pw; /* is Null if not available */ - uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */ + uint32 acct_ctrl; /* account info (ACB_xxxx bit-mask) */ uint32 fields_present; /* 0x00ff ffff */ uint16 logon_divs; /* 168 - number of hours in a week */ @@ -204,7 +204,7 @@ struct acct_info { struct samr_displayentry { uint32 idx; uint32 rid; - uint16 acct_flags; + uint32 acct_flags; const char *account_name; const char *fullname; const char *description; @@ -248,7 +248,7 @@ struct pdb_methods { const char *name; /* What name got this module */ - NTSTATUS (*setsampwent)(struct pdb_methods *, BOOL update, uint16 acb_mask); + NTSTATUS (*setsampwent)(struct pdb_methods *, BOOL update, uint32 acb_mask); void (*endsampwent)(struct pdb_methods *); @@ -382,7 +382,7 @@ struct pdb_methods BOOL (*search_users)(struct pdb_methods *methods, struct pdb_search *search, - uint16 acct_flags); + uint32 acct_flags); BOOL (*search_groups)(struct pdb_methods *methods, struct pdb_search *search); BOOL (*search_aliases)(struct pdb_methods *methods, diff --git a/source/include/rpc_samr.h b/source/include/rpc_samr.h index a9e3e0a08d9..ccb4fc9e440 100644 --- a/source/include/rpc_samr.h +++ b/source/include/rpc_samr.h @@ -743,8 +743,7 @@ typedef struct q_samr_enum_dom_users_info POLICY_HND pol; /* policy handle */ uint32 start_idx; /* number of values (0 indicates unlimited?) */ - uint16 acb_mask; /* 0x0000 indicates all */ - uint16 unknown_1; /* 0x0000 */ + uint32 acb_mask; /* 0x0000 indicates all */ uint32 max_size; /* 0x0000 ffff */ @@ -847,7 +846,7 @@ typedef struct samr_entry_info1 uint32 user_idx; uint32 rid_user; - uint16 acb_info; + uint32 acb_info; UNIHDR hdr_acct_name; UNIHDR hdr_user_name; @@ -878,7 +877,7 @@ typedef struct samr_entry_info2 uint32 user_idx; uint32 rid_user; - uint16 acb_info; + uint32 acb_info; UNIHDR hdr_srv_name; UNIHDR hdr_srv_desc; diff --git a/source/include/smb.h b/source/include/smb.h index fd3c23e5756..832f91f9bd1 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -243,6 +243,7 @@ typedef struct nttime_info { #define ACB_NOT_DELEGATED 0x00004000 /* 1 = Not delegated */ #define ACB_USE_DES_KEY_ONLY 0x00008000 /* 1 = Use DES key only */ #define ACB_DONT_REQUIRE_PREAUTH 0x00010000 /* 1 = Preauth not required */ +#define ACB_NO_AUTH_DATA_REQD 0x00080000 /* 1 = No authorization data required */ #define MAX_HOURS_LEN 32 diff --git a/source/libads/ads_utils.c b/source/libads/ads_utils.c index 1aad0bed547..0cbf235989e 100644 --- a/source/libads/ads_utils.c +++ b/source/libads/ads_utils.c @@ -25,21 +25,28 @@ /* translated the ACB_CTRL Flags to UserFlags (userAccountControl) */ -uint32 ads_acb2uf(uint16 acb) +uint32 ads_acb2uf(uint32 acb) { uint32 uf = 0x00000000; - if (acb & ACB_DISABLED) uf |= UF_ACCOUNTDISABLE; - if (acb & ACB_HOMDIRREQ) uf |= UF_HOMEDIR_REQUIRED; - if (acb & ACB_PWNOTREQ) uf |= UF_PASSWD_NOTREQD; - if (acb & ACB_TEMPDUP) uf |= UF_TEMP_DUPLICATE_ACCOUNT; - if (acb & ACB_NORMAL) uf |= UF_NORMAL_ACCOUNT; - if (acb & ACB_MNS) uf |= UF_MNS_LOGON_ACCOUNT; - if (acb & ACB_DOMTRUST) uf |= UF_INTERDOMAIN_TRUST_ACCOUNT; - if (acb & ACB_WSTRUST) uf |= UF_WORKSTATION_TRUST_ACCOUNT; - if (acb & ACB_SVRTRUST) uf |= UF_SERVER_TRUST_ACCOUNT; - if (acb & ACB_PWNOEXP) uf |= UF_DONT_EXPIRE_PASSWD; - if (acb & ACB_AUTOLOCK) uf |= UF_LOCKOUT; + if (acb & ACB_DISABLED) uf |= UF_ACCOUNTDISABLE; + if (acb & ACB_HOMDIRREQ) uf |= UF_HOMEDIR_REQUIRED; + if (acb & ACB_PWNOTREQ) uf |= UF_PASSWD_NOTREQD; + if (acb & ACB_TEMPDUP) uf |= UF_TEMP_DUPLICATE_ACCOUNT; + if (acb & ACB_NORMAL) uf |= UF_NORMAL_ACCOUNT; + if (acb & ACB_MNS) uf |= UF_MNS_LOGON_ACCOUNT; + if (acb & ACB_DOMTRUST) uf |= UF_INTERDOMAIN_TRUST_ACCOUNT; + if (acb & ACB_WSTRUST) uf |= UF_WORKSTATION_TRUST_ACCOUNT; + if (acb & ACB_SVRTRUST) uf |= UF_SERVER_TRUST_ACCOUNT; + if (acb & ACB_PWNOEXP) uf |= UF_DONT_EXPIRE_PASSWD; + if (acb & ACB_AUTOLOCK) uf |= UF_LOCKOUT; + if (acb & ACB_USE_DES_KEY_ONLY) uf |= UF_USE_DES_KEY_ONLY; + if (acb & ACB_SMARTCARD_REQUIRED) uf |= UF_SMARTCARD_REQUIRED; + if (acb & ACB_TRUSTED_FOR_DELEGATION) uf |= UF_TRUSTED_FOR_DELEGATION; + if (acb & ACB_DONT_REQUIRE_PREAUTH) uf |= UF_DONT_REQUIRE_PREAUTH; + if (acb & ACB_NO_AUTH_DATA_REQD) uf |= UF_NO_AUTH_DATA_REQUIRED; + if (acb & ACB_NOT_DELEGATED) uf |= UF_NOT_DELEGATED; + if (acb & ACB_ENC_TXT_PWD_ALLOWED) uf |= UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED; return uf; } @@ -47,9 +54,9 @@ uint32 ads_acb2uf(uint16 acb) /* translated the UserFlags (userAccountControl) to ACB_CTRL Flags */ -uint16 ads_uf2acb(uint32 uf) +uint32 ads_uf2acb(uint32 uf) { - uint16 acb = 0x0000; + uint32 acb = 0x00000000; if (uf & UF_ACCOUNTDISABLE) acb |= ACB_DISABLED; if (uf & UF_HOMEDIR_REQUIRED) acb |= ACB_HOMDIRREQ; @@ -57,6 +64,13 @@ uint16 ads_uf2acb(uint32 uf) if (uf & UF_MNS_LOGON_ACCOUNT) acb |= ACB_MNS; if (uf & UF_DONT_EXPIRE_PASSWD) acb |= ACB_PWNOEXP; if (uf & UF_LOCKOUT) acb |= ACB_AUTOLOCK; + if (uf & UF_USE_DES_KEY_ONLY) acb |= ACB_USE_DES_KEY_ONLY; + if (uf & UF_SMARTCARD_REQUIRED) acb |= ACB_SMARTCARD_REQUIRED; + if (uf & UF_TRUSTED_FOR_DELEGATION) acb |= ACB_TRUSTED_FOR_DELEGATION; + if (uf & UF_DONT_REQUIRE_PREAUTH) acb |= ACB_DONT_REQUIRE_PREAUTH; + if (uf & UF_NO_AUTH_DATA_REQUIRED) acb |= ACB_NO_AUTH_DATA_REQD; + if (uf & UF_NOT_DELEGATED) acb |= ACB_NOT_DELEGATED; + if (uf & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED) acb |= ACB_ENC_TXT_PWD_ALLOWED; switch (uf & UF_ACCOUNT_TYPE_MASK) { diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c index c0cf3f2a23a..130d6ba8f62 100644 --- a/source/passdb/passdb.c +++ b/source/passdb/passdb.c @@ -253,7 +253,7 @@ NTSTATUS samu_alloc_rid_unix(struct samu *user, const struct passwd *pwd) null). length *MUST BE MORE THAN 2* ! **********************************************************/ -char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length) +char *pdb_encode_acct_ctrl(uint32 acct_ctrl, size_t length) { static fstring acct_str; @@ -289,9 +289,9 @@ char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length) Decode the account control bits from a string. **********************************************************/ -uint16 pdb_decode_acct_ctrl(const char *p) +uint32 pdb_decode_acct_ctrl(const char *p) { - uint16 acct_ctrl = 0; + uint32 acct_ctrl = 0; BOOL finished = False; /* @@ -331,7 +331,7 @@ uint16 pdb_decode_acct_ctrl(const char *p) Routine to set 32 hex password characters from a 16 byte array. **************************************************************/ -void pdb_sethexpwd(char *p, const unsigned char *pwd, uint16 acct_ctrl) +void pdb_sethexpwd(char *p, const unsigned char *pwd, uint32 acct_ctrl) { if (pwd != NULL) { int i; @@ -620,7 +620,7 @@ NTSTATUS local_password_change(const char *user_name, int local_flags, char *msg_str, size_t msg_str_len) { struct samu *sam_pass=NULL; - uint16 other_acb; + uint32 other_acb; NTSTATUS result; *err_str = '\0'; @@ -799,12 +799,12 @@ NTSTATUS local_password_change(const char *user_name, int local_flags, Marshall/unmarshall struct samu structs. *********************************************************************/ -#define TDB_FORMAT_STRING_V2 "dddddddBBBBBBBBBBBBddBBBwwdBwwd" +#define TDB_FORMAT_STRING_V3 "dddddddBBBBBBBBBBBBddBBBdwdBwwd" /********************************************************************* *********************************************************************/ -BOOL init_sam_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 buflen) +BOOL init_sam_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 buflen) { /* times are stored as 32bit integer @@ -834,8 +834,8 @@ BOOL init_sam_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 buflen) fullname_len, homedir_len, logon_script_len, profile_path_len, acct_desc_len, workstations_len; - uint32 user_rid, group_rid, hours_len, unknown_6; - uint16 acct_ctrl, logon_divs; + uint32 user_rid, group_rid, hours_len, unknown_6, acct_ctrl; + uint16 logon_divs; uint16 bad_password_count, logon_count; uint8 *hours = NULL; uint8 *lm_pw_ptr = NULL, *nt_pw_ptr = NULL, *nt_pw_hist_ptr = NULL; @@ -847,14 +847,14 @@ BOOL init_sam_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 buflen) BOOL expand_explicit = lp_passdb_expand_explicit(); if(sampass == NULL || buf == NULL) { - DEBUG(0, ("init_sam_from_buffer_v2: NULL parameters found!\n")); + DEBUG(0, ("init_sam_from_buffer_v3: NULL parameters found!\n")); return False; } -/* TDB_FORMAT_STRING_V2 "dddddddBBBBBBBBBBBBddBBBwwdBwwd" */ +/* TDB_FORMAT_STRING_V3 "dddddddBBBBBBBBBBBBddBBBdwdBwwd" */ /* unpack the buffer into variables */ - len = tdb_unpack ((char *)buf, buflen, TDB_FORMAT_STRING_V2, + len = tdb_unpack ((char *)buf, buflen, TDB_FORMAT_STRING_V3, &logon_time, /* d */ &logoff_time, /* d */ &kickoff_time, /* d */ @@ -880,7 +880,8 @@ BOOL init_sam_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 buflen) &nt_pw_len, &nt_pw_ptr, /* B */ /* Change from V1 is addition of password history field. */ &nt_pw_hist_len, &nt_pw_hist_ptr, /* B */ - &acct_ctrl, /* w */ + /* Change from V2 is the uint32 acb_mask */ + &acct_ctrl, /* d */ /* Also "remove_me" field was removed. */ &logon_divs, /* w */ &hours_len, /* d */ @@ -972,7 +973,6 @@ BOOL init_sam_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 buflen) } } - /* Change from V1 is addition of password history field. */ pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); if (pwHistLen) { uint8 *pw_hist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN); @@ -1006,6 +1006,7 @@ BOOL init_sam_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 buflen) pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET); pdb_set_logon_count(sampass, logon_count, PDB_SET); pdb_set_unknown_6(sampass, unknown_6, PDB_SET); + /* Change from V2 is the uint32 acct_ctrl */ pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET); pdb_set_logon_divs(sampass, logon_divs, PDB_SET); pdb_set_hours(sampass, hours, PDB_SET); @@ -1035,7 +1036,7 @@ done: /********************************************************************* *********************************************************************/ -uint32 init_buffer_from_sam_v2 (uint8 **buf, struct samu *sampass, BOOL size_only) +uint32 init_buffer_from_sam_v3 (uint8 **buf, struct samu *sampass, BOOL size_only) { size_t len, buflen; @@ -1215,10 +1216,10 @@ uint32 init_buffer_from_sam_v2 (uint8 **buf, struct samu *sampass, BOOL size_onl munged_dial_len = 0; } -/* TDB_FORMAT_STRING_V2 "dddddddBBBBBBBBBBBBddBBBwwdBwwd" */ +/* TDB_FORMAT_STRING_V3 "dddddddBBBBBBBBBBBBddBBBdwdBwwd" */ /* one time to get the size needed */ - len = tdb_pack(NULL, 0, TDB_FORMAT_STRING_V2, + len = tdb_pack(NULL, 0, TDB_FORMAT_STRING_V3, logon_time, /* d */ logoff_time, /* d */ kickoff_time, /* d */ @@ -1243,7 +1244,7 @@ uint32 init_buffer_from_sam_v2 (uint8 **buf, struct samu *sampass, BOOL size_onl lm_pw_len, lm_pw, /* B */ nt_pw_len, nt_pw, /* B */ nt_pw_hist_len, nt_pw_hist, /* B */ - pdb_get_acct_ctrl(sampass), /* w */ + pdb_get_acct_ctrl(sampass), /* d */ pdb_get_logon_divs(sampass), /* w */ pdb_get_hours_len(sampass), /* d */ MAX_HOURS_LEN, pdb_get_hours(sampass), /* B */ @@ -1257,12 +1258,12 @@ uint32 init_buffer_from_sam_v2 (uint8 **buf, struct samu *sampass, BOOL size_onl /* malloc the space needed */ if ( (*buf=(uint8*)SMB_MALLOC(len)) == NULL) { - DEBUG(0,("init_buffer_from_sam_v2: Unable to malloc() memory for buffer!\n")); + DEBUG(0,("init_buffer_from_sam_v3: Unable to malloc() memory for buffer!\n")); return (-1); } /* now for the real call to tdb_pack() */ - buflen = tdb_pack((char *)*buf, len, TDB_FORMAT_STRING_V2, + buflen = tdb_pack((char *)*buf, len, TDB_FORMAT_STRING_V3, logon_time, /* d */ logoff_time, /* d */ kickoff_time, /* d */ @@ -1287,7 +1288,7 @@ uint32 init_buffer_from_sam_v2 (uint8 **buf, struct samu *sampass, BOOL size_onl lm_pw_len, lm_pw, /* B */ nt_pw_len, nt_pw, /* B */ nt_pw_hist_len, nt_pw_hist, /* B */ - pdb_get_acct_ctrl(sampass), /* w */ + pdb_get_acct_ctrl(sampass), /* d */ pdb_get_logon_divs(sampass), /* w */ pdb_get_hours_len(sampass), /* d */ MAX_HOURS_LEN, pdb_get_hours(sampass), /* B */ @@ -1297,7 +1298,7 @@ uint32 init_buffer_from_sam_v2 (uint8 **buf, struct samu *sampass, BOOL size_onl /* check to make sure we got it correct */ if (buflen != len) { - DEBUG(0, ("init_buffer_from_sam_v2: somthing odd is going on here: bufflen (%lu) != len (%lu) in tdb_pack operations!\n", + DEBUG(0, ("init_buffer_from_sam_v3: somthing odd is going on here: bufflen (%lu) != len (%lu) in tdb_pack operations!\n", (unsigned long)buflen, (unsigned long)len)); /* error */ SAFE_FREE (*buf); @@ -1320,12 +1321,12 @@ BOOL pdb_copy_sam_account(struct samu *dst, struct samu *src ) if ( !dst ) return False; - len = init_buffer_from_sam_v2(&buf, src, False); + len = init_buffer_from_sam_v3(&buf, src, False); if (len == -1) return False; - result = init_sam_from_buffer_v2( dst, buf, len ); + result = init_sam_from_buffer_v3( dst, buf, len ); dst->methods = src->methods; if ( src->unix_pw ) diff --git a/source/passdb/pdb_get_set.c b/source/passdb/pdb_get_set.c index 921e13a3d21..f704c5c4811 100644 --- a/source/passdb/pdb_get_set.c +++ b/source/passdb/pdb_get_set.c @@ -40,7 +40,7 @@ Collection of get...() functions for struct samu. ********************************************************************/ -uint16 pdb_get_acct_ctrl (const struct samu *sampass) +uint32 pdb_get_acct_ctrl (const struct samu *sampass) { if (sampass) return (sampass->acct_ctrl); @@ -424,7 +424,7 @@ void *pdb_get_backend_private_data (const struct samu *sampass, const struct pdb Collection of set...() functions for struct samu. ********************************************************************/ -BOOL pdb_set_acct_ctrl (struct samu *sampass, uint16 acct_ctrl, enum pdb_value_state flag) +BOOL pdb_set_acct_ctrl (struct samu *sampass, uint32 acct_ctrl, enum pdb_value_state flag) { if (!sampass) return False; diff --git a/source/passdb/pdb_interface.c b/source/passdb/pdb_interface.c index 2b5c53534d2..c49e032389b 100644 --- a/source/passdb/pdb_interface.c +++ b/source/passdb/pdb_interface.c @@ -1248,7 +1248,7 @@ static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, return NT_STATUS_OK; } -static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, BOOL update, uint16 acb_mask) +static NTSTATUS pdb_default_setsampwent(struct pdb_methods *methods, BOOL update, uint32 acb_mask) { return NT_STATUS_NOT_IMPLEMENTED; } @@ -1854,7 +1854,7 @@ static void search_end_users(struct pdb_search *search) static BOOL pdb_default_search_users(struct pdb_methods *methods, struct pdb_search *search, - uint16 acct_flags) + uint32 acct_flags) { struct user_search *state; @@ -1985,7 +1985,7 @@ static struct samr_displayentry *pdb_search_getentry(struct pdb_search *search, return (search->num_entries > idx) ? &search->cache[idx] : NULL; } -struct pdb_search *pdb_search_users(uint16 acct_flags) +struct pdb_search *pdb_search_users(uint32 acct_flags) { struct pdb_methods *pdb = pdb_get_methods(); struct pdb_search *result; diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c index f559dae71db..f993ae96e01 100644 --- a/source/passdb/pdb_ldap.c +++ b/source/passdb/pdb_ldap.c @@ -488,8 +488,8 @@ static BOOL init_sam_from_ldap(struct ldapsam_privates *ldap_state, uint8 smblmpwd[LM_HASH_LEN], smbntpwd[NT_HASH_LEN]; BOOL use_samba_attrs = True; - uint16 acct_ctrl = 0, - logon_divs; + uint32 acct_ctrl = 0; + uint16 logon_divs; uint16 bad_password_count = 0, logon_count = 0; uint32 hours_len; @@ -1236,7 +1236,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, Connect to LDAP server for password enumeration. *********************************************************************/ -static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update, uint16 acb_mask) +static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update, uint32 acb_mask) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; int rc; @@ -3837,7 +3837,7 @@ const char **talloc_attrs(TALLOC_CTX *mem_ctx, ...) struct ldap_search_state { struct smbldap_state *connection; - uint16 acct_flags; + uint32 acct_flags; uint16 group_type; const char *base; @@ -4008,7 +4008,7 @@ static BOOL ldapuser2displayentry(struct ldap_search_state *state, { char **vals; DOM_SID sid; - uint16 acct_flags; + uint32 acct_flags; vals = ldap_get_values(ld, entry, "sambaAcctFlags"); if ((vals == NULL) || (vals[0] == NULL)) { @@ -4087,7 +4087,7 @@ static BOOL ldapuser2displayentry(struct ldap_search_state *state, static BOOL ldapsam_search_users(struct pdb_methods *methods, struct pdb_search *search, - uint16 acct_flags) + uint32 acct_flags) { struct ldapsam_privates *ldap_state = methods->private_data; struct ldap_search_state *state; diff --git a/source/passdb/pdb_smbpasswd.c b/source/passdb/pdb_smbpasswd.c index d4070b8d2fc..b976595008a 100644 --- a/source/passdb/pdb_smbpasswd.c +++ b/source/passdb/pdb_smbpasswd.c @@ -1223,7 +1223,7 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, Functions to be implemented by the new passdb API ****************************************************************/ -static NTSTATUS smbpasswd_setsampwent (struct pdb_methods *my_methods, BOOL update, uint16 acb_mask) +static NTSTATUS smbpasswd_setsampwent (struct pdb_methods *my_methods, BOOL update, uint32 acb_mask) { struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; diff --git a/source/passdb/pdb_tdb.c b/source/passdb/pdb_tdb.c index e905b026ec1..e33cd46d54c 100644 --- a/source/passdb/pdb_tdb.c +++ b/source/passdb/pdb_tdb.c @@ -38,7 +38,7 @@ static int tdbsam_debug_level = DBGC_ALL; #endif -#define TDBSAM_VERSION 2 /* Most recent TDBSAM version */ +#define TDBSAM_VERSION 3 /* Most recent TDBSAM version */ #define TDBSAM_VERSION_STRING "INFO/version" #define PASSDB_FILE_NAME "passdb.tdb" #define USERPREFIX "USER_" @@ -64,6 +64,7 @@ static pstring tdbsam_filename; #define TDB_FORMAT_STRING_V0 "ddddddBBBBBBBBBBBBddBBwdwdBwwd" #define TDB_FORMAT_STRING_V1 "dddddddBBBBBBBBBBBBddBBwdwdBwwd" +#define TDB_FORMAT_STRING_V2 "dddddddBBBBBBBBBBBBddBBBwwdBwwd" /********************************************************************* *********************************************************************/ @@ -432,13 +433,243 @@ done: return ret; } +BOOL init_sam_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 buflen) +{ + + /* times are stored as 32bit integer + take care on system with 64bit wide time_t + --SSS */ + uint32 logon_time, + logoff_time, + kickoff_time, + bad_password_time, + pass_last_set_time, + pass_can_change_time, + pass_must_change_time; + char *username = NULL; + char *domain = NULL; + char *nt_username = NULL; + char *dir_drive = NULL; + char *unknown_str = NULL; + char *munged_dial = NULL; + char *fullname = NULL; + char *homedir = NULL; + char *logon_script = NULL; + char *profile_path = NULL; + char *acct_desc = NULL; + char *workstations = NULL; + uint32 username_len, domain_len, nt_username_len, + dir_drive_len, unknown_str_len, munged_dial_len, + fullname_len, homedir_len, logon_script_len, + profile_path_len, acct_desc_len, workstations_len; + + uint32 user_rid, group_rid, hours_len, unknown_6; + uint16 acct_ctrl, logon_divs; + uint16 bad_password_count, logon_count; + uint8 *hours = NULL; + uint8 *lm_pw_ptr = NULL, *nt_pw_ptr = NULL, *nt_pw_hist_ptr = NULL; + uint32 len = 0; + uint32 lm_pw_len, nt_pw_len, nt_pw_hist_len, hourslen; + uint32 pwHistLen = 0; + BOOL ret = True; + fstring tmpstring; + BOOL expand_explicit = lp_passdb_expand_explicit(); + + if(sampass == NULL || buf == NULL) { + DEBUG(0, ("init_sam_from_buffer_v2: NULL parameters found!\n")); + return False; + } + +/* TDB_FORMAT_STRING_V2 "dddddddBBBBBBBBBBBBddBBBwwdBwwd" */ + + /* unpack the buffer into variables */ + len = tdb_unpack ((char *)buf, buflen, TDB_FORMAT_STRING_V2, + &logon_time, /* d */ + &logoff_time, /* d */ + &kickoff_time, /* d */ + &bad_password_time, /* d */ + &pass_last_set_time, /* d */ + &pass_can_change_time, /* d */ + &pass_must_change_time, /* d */ + &username_len, &username, /* B */ + &domain_len, &domain, /* B */ + &nt_username_len, &nt_username, /* B */ + &fullname_len, &fullname, /* B */ + &homedir_len, &homedir, /* B */ + &dir_drive_len, &dir_drive, /* B */ + &logon_script_len, &logon_script, /* B */ + &profile_path_len, &profile_path, /* B */ + &acct_desc_len, &acct_desc, /* B */ + &workstations_len, &workstations, /* B */ + &unknown_str_len, &unknown_str, /* B */ + &munged_dial_len, &munged_dial, /* B */ + &user_rid, /* d */ + &group_rid, /* d */ + &lm_pw_len, &lm_pw_ptr, /* B */ + &nt_pw_len, &nt_pw_ptr, /* B */ + /* Change from V1 is addition of password history field. */ + &nt_pw_hist_len, &nt_pw_hist_ptr, /* B */ + &acct_ctrl, /* w */ + /* Also "remove_me" field was removed. */ + &logon_divs, /* w */ + &hours_len, /* d */ + &hourslen, &hours, /* B */ + &bad_password_count, /* w */ + &logon_count, /* w */ + &unknown_6); /* d */ + + if (len == (uint32) -1) { + ret = False; + goto done; + } + + pdb_set_logon_time(sampass, logon_time, PDB_SET); + pdb_set_logoff_time(sampass, logoff_time, PDB_SET); + pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET); + pdb_set_bad_password_time(sampass, bad_password_time, PDB_SET); + pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET); + pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET); + pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET); + + pdb_set_username(sampass, username, PDB_SET); + pdb_set_domain(sampass, domain, PDB_SET); + pdb_set_nt_username(sampass, nt_username, PDB_SET); + pdb_set_fullname(sampass, fullname, PDB_SET); + + if (homedir) { + fstrcpy( tmpstring, homedir ); + if (expand_explicit) { + standard_sub_basic( username, tmpstring, + sizeof(tmpstring) ); + } + pdb_set_homedir(sampass, tmpstring, PDB_SET); + } + else { + pdb_set_homedir(sampass, + talloc_sub_basic(sampass, username, lp_logon_home()), + PDB_DEFAULT); + } + + if (dir_drive) + pdb_set_dir_drive(sampass, dir_drive, PDB_SET); + else + pdb_set_dir_drive(sampass, lp_logon_drive(), PDB_DEFAULT ); + + if (logon_script) { + fstrcpy( tmpstring, logon_script ); + if (expand_explicit) { + standard_sub_basic( username, tmpstring, + sizeof(tmpstring) ); + } + pdb_set_logon_script(sampass, tmpstring, PDB_SET); + } + else { + pdb_set_logon_script(sampass, + talloc_sub_basic(sampass, username, lp_logon_script()), + PDB_DEFAULT); + } + + if (profile_path) { + fstrcpy( tmpstring, profile_path ); + if (expand_explicit) { + standard_sub_basic( username, tmpstring, + sizeof(tmpstring) ); + } + pdb_set_profile_path(sampass, tmpstring, PDB_SET); + } + else { + pdb_set_profile_path(sampass, + talloc_sub_basic(sampass, username, lp_logon_path()), + PDB_DEFAULT); + } + + pdb_set_acct_desc(sampass, acct_desc, PDB_SET); + pdb_set_workstations(sampass, workstations, PDB_SET); + pdb_set_munged_dial(sampass, munged_dial, PDB_SET); + + if (lm_pw_ptr && lm_pw_len == LM_HASH_LEN) { + if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr, PDB_SET)) { + ret = False; + goto done; + } + } + + if (nt_pw_ptr && nt_pw_len == NT_HASH_LEN) { + if (!pdb_set_nt_passwd(sampass, nt_pw_ptr, PDB_SET)) { + ret = False; + goto done; + } + } + + /* Change from V1 is addition of password history field. */ + pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); + if (pwHistLen) { + uint8 *pw_hist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN); + if (!pw_hist) { + ret = False; + goto done; + } + memset(pw_hist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN); + if (nt_pw_hist_ptr && nt_pw_hist_len) { + int i; + SMB_ASSERT((nt_pw_hist_len % PW_HISTORY_ENTRY_LEN) == 0); + nt_pw_hist_len /= PW_HISTORY_ENTRY_LEN; + for (i = 0; (i < pwHistLen) && (i < nt_pw_hist_len); i++) { + memcpy(&pw_hist[i*PW_HISTORY_ENTRY_LEN], + &nt_pw_hist_ptr[i*PW_HISTORY_ENTRY_LEN], + PW_HISTORY_ENTRY_LEN); + } + } + if (!pdb_set_pw_history(sampass, pw_hist, pwHistLen, PDB_SET)) { + SAFE_FREE(pw_hist); + ret = False; + goto done; + } + SAFE_FREE(pw_hist); + } else { + pdb_set_pw_history(sampass, NULL, 0, PDB_SET); + } + + pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET); + pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET); + pdb_set_hours_len(sampass, hours_len, PDB_SET); + pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET); + pdb_set_logon_count(sampass, logon_count, PDB_SET); + pdb_set_unknown_6(sampass, unknown_6, PDB_SET); + pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET); + pdb_set_logon_divs(sampass, logon_divs, PDB_SET); + pdb_set_hours(sampass, hours, PDB_SET); + +done: + + SAFE_FREE(username); + SAFE_FREE(domain); + SAFE_FREE(nt_username); + SAFE_FREE(fullname); + SAFE_FREE(homedir); + SAFE_FREE(dir_drive); + SAFE_FREE(logon_script); + SAFE_FREE(profile_path); + SAFE_FREE(acct_desc); + SAFE_FREE(workstations); + SAFE_FREE(munged_dial); + SAFE_FREE(unknown_str); + SAFE_FREE(lm_pw_ptr); + SAFE_FREE(nt_pw_ptr); + SAFE_FREE(nt_pw_hist_ptr); + SAFE_FREE(hours); + + return ret; +} + + /********************************************************************** Intialize a struct samu struct from a BYTE buffer of size len *********************************************************************/ static BOOL init_sam_from_buffer(struct samu *sampass, uint8 *buf, uint32 buflen) { - return init_sam_from_buffer_v2(sampass, buf, buflen); + return init_sam_from_buffer_v3(sampass, buf, buflen); } /********************************************************************** @@ -447,7 +678,7 @@ static BOOL init_sam_from_buffer(struct samu *sampass, uint8 *buf, uint32 buflen static uint32 init_buffer_from_sam (uint8 **buf, struct samu *sampass, BOOL size_only) { - return init_buffer_from_sam_v2(buf, sampass, size_only); + return init_buffer_from_sam_v3(buf, sampass, size_only); } /********************************************************************** @@ -505,6 +736,9 @@ static BOOL tdbsam_convert(int32 from) case 2: ret = init_sam_from_buffer_v2(user, (uint8 *)data.dptr, data.dsize); break; + case 3: + ret = init_sam_from_buffer_v3(user, (uint8 *)data.dptr, data.dsize); + break; default: /* unknown tdbsam version */ ret = False; @@ -677,7 +911,7 @@ static int tdbsam_traverse_setpwent(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, Save a list of user keys for iteration. ****************************************************************/ -static NTSTATUS tdbsam_setsampwent(struct pdb_methods *my_methods, BOOL update, uint16 acb_mask) +static NTSTATUS tdbsam_setsampwent(struct pdb_methods *my_methods, BOOL update, uint32 acb_mask) { if ( !tdbsam_open( tdbsam_filename ) ) { DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename)); diff --git a/source/python/py_samr.c b/source/python/py_samr.c index fc9f2a83ebe..a26cd8d132e 100644 --- a/source/python/py_samr.c +++ b/source/python/py_samr.c @@ -467,7 +467,7 @@ static PyObject *samr_create_dom_user(PyObject *self, PyObject *args, uint32 user_rid; PyObject *result = NULL; TALLOC_CTX *mem_ctx; - uint16 acb_info = ACB_NORMAL; + uint32 acb_info = ACB_NORMAL; POLICY_HND user_pol; if (!PyArg_ParseTupleAndKeywords( diff --git a/source/rpc_client/cli_samr.c b/source/rpc_client/cli_samr.c index dd9a4ce67e5..adb61a48bb5 100644 --- a/source/rpc_client/cli_samr.c +++ b/source/rpc_client/cli_samr.c @@ -640,7 +640,7 @@ NTSTATUS rpccli_samr_query_groupmem(struct rpc_pipe_client *cli, **/ NTSTATUS rpccli_samr_enum_dom_users(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *start_idx, uint16 acb_mask, + POLICY_HND *pol, uint32 *start_idx, uint32 acb_mask, uint32 size, char ***dom_users, uint32 **rids, uint32 *num_dom_users) { @@ -661,7 +661,7 @@ NTSTATUS rpccli_samr_enum_dom_users(struct rpc_pipe_client *cli, TALLOC_CTX *mem /* Fill query structure with parameters */ - init_samr_q_enum_dom_users(&q, pol, *start_idx, acb_mask, 0, size); + init_samr_q_enum_dom_users(&q, pol, *start_idx, acb_mask, size); CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ENUM_DOM_USERS, q, r, diff --git a/source/rpc_parse/parse_net.c b/source/rpc_parse/parse_net.c index 3734ce26a69..745cf24b0fd 100644 --- a/source/rpc_parse/parse_net.c +++ b/source/rpc_parse/parse_net.c @@ -1424,7 +1424,8 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr, uint16 logon_count, uint16 bad_pw_count, uint32 num_groups, const DOM_GID *gids, - uint32 user_flgs, uchar user_session_key[16], + uint32 user_flgs, uint32 acct_flags, + uchar user_session_key[16], uchar lm_session_key[16], const char *logon_srv, const char *logon_dom, const DOM_SID *dom_sid) @@ -1466,6 +1467,7 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr, usr->buffer_groups = 1; /* indicates fill in groups, below, even if there are none */ usr->user_flgs = user_flgs; + usr->acct_flags = acct_flags; if (user_session_key != NULL) memcpy(usr->user_sess_key, user_session_key, sizeof(usr->user_sess_key)); @@ -1475,7 +1477,6 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr, usr->buffer_dom_id = dom_sid ? 1 : 0; /* yes, we're bothering to put a domain SID in */ memset((char *)usr->lm_sess_key, '\0', sizeof(usr->lm_sess_key)); - memset(&usr->acct_flags, '\0', sizeof(usr->acct_flags)); for (i=0; i<7; i++) { memset(&usr->unknown[i], '\0', sizeof(usr->unknown)); @@ -1526,19 +1527,22 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr, int lvl = 10; DEBUG(lvl,("dump_acct_flags\n")); if (acct_flags & ACB_NORMAL) { - DEBUGADD(lvl,("\taccount has UF_NORMAL_ACCOUNT\n")); + DEBUGADD(lvl,("\taccount has ACB_NORMAL\n")); } if (acct_flags & ACB_PWNOEXP) { - DEBUGADD(lvl,("\taccount has UF_DONT_EXPIRE_PASSWD\n")); + DEBUGADD(lvl,("\taccount has ACB_PWNOEXP\n")); } if (acct_flags & ACB_ENC_TXT_PWD_ALLOWED) { - DEBUGADD(lvl,("\taccount has UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED\n")); + DEBUGADD(lvl,("\taccount has ACB_ENC_TXT_PWD_ALLOWED\n")); } if (acct_flags & ACB_NOT_DELEGATED) { - DEBUGADD(lvl,("\taccount has UF_NOT_DELEGATED\n")); + DEBUGADD(lvl,("\taccount has ACB_NOT_DELEGATED\n")); } if (acct_flags & ACB_USE_DES_KEY_ONLY) { - DEBUGADD(lvl,("\taccount has UF_USE_DES_KEY_ONLY set, sig verify wont work\n")); + DEBUGADD(lvl,("\taccount has ACB_USE_DES_KEY_ONLY set, sig verify wont work\n")); + } + if (acct_flags & ACB_NO_AUTH_DATA_REQD) { + DEBUGADD(lvl,("\taccount has ACB_NO_AUTH_DATA_REQD set\n")); } } diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c index fc4d7a3ab36..49d0fb7d720 100644 --- a/source/rpc_parse/parse_samr.c +++ b/source/rpc_parse/parse_samr.c @@ -1004,7 +1004,7 @@ inits a SAM_ENTRY1 structure. static void init_sam_entry1(SAM_ENTRY1 *sam, uint32 user_idx, UNISTR2 *sam_name, UNISTR2 *sam_full, UNISTR2 *sam_desc, uint32 rid_user, - uint16 acb_info) + uint32 acb_info) { DEBUG(5, ("init_sam_entry1\n")); @@ -1040,10 +1040,7 @@ static BOOL sam_io_sam_entry1(const char *desc, SAM_ENTRY1 * sam, if(!prs_uint32("rid_user ", ps, depth, &sam->rid_user)) return False; - if(!prs_uint16("acb_info ", ps, depth, &sam->acb_info)) - return False; - - if(!prs_align(ps)) + if(!prs_uint32("acb_info ", ps, depth, &sam->acb_info)) return False; if (!smb_io_unihdr("hdr_acct_name", &sam->hdr_acct_name, ps, depth)) @@ -1085,7 +1082,7 @@ inits a SAM_ENTRY2 structure. ********************************************************************/ static void init_sam_entry2(SAM_ENTRY2 * sam, uint32 user_idx, UNISTR2 *sam_name, UNISTR2 *sam_desc, - uint32 rid_user, uint16 acb_info) + uint32 rid_user, uint32 acb_info) { DEBUG(5, ("init_sam_entry2\n")); @@ -1118,10 +1115,7 @@ static BOOL sam_io_sam_entry2(const char *desc, SAM_ENTRY2 * sam, if(!prs_uint32("rid_user ", ps, depth, &sam->rid_user)) return False; - if(!prs_uint16("acb_info ", ps, depth, &sam->acb_info)) - return False; - - if(!prs_align(ps)) + if(!prs_uint32("acb_info ", ps, depth, &sam->acb_info)) return False; if(!smb_io_unihdr("unihdr", &sam->hdr_srv_name, ps, depth)) /* account name unicode string header */ @@ -1322,7 +1316,7 @@ inits a SAMR_Q_ENUM_DOM_USERS structure. void init_samr_q_enum_dom_users(SAMR_Q_ENUM_DOM_USERS * q_e, POLICY_HND *pol, uint32 start_idx, - uint16 acb_mask, uint16 unk_1, uint32 size) + uint32 acb_mask, uint32 size) { DEBUG(5, ("init_samr_q_enum_dom_users\n")); @@ -1330,7 +1324,6 @@ void init_samr_q_enum_dom_users(SAMR_Q_ENUM_DOM_USERS * q_e, POLICY_HND *pol, q_e->start_idx = start_idx; /* zero indicates lots */ q_e->acb_mask = acb_mask; - q_e->unknown_1 = unk_1; q_e->max_size = size; } @@ -1355,9 +1348,7 @@ BOOL samr_io_q_enum_dom_users(const char *desc, SAMR_Q_ENUM_DOM_USERS * q_e, if(!prs_uint32("start_idx", ps, depth, &q_e->start_idx)) return False; - if(!prs_uint16("acb_mask ", ps, depth, &q_e->acb_mask)) - return False; - if(!prs_uint16("unknown_1", ps, depth, &q_e->unknown_1)) + if(!prs_uint32("acb_mask ", ps, depth, &q_e->acb_mask)) return False; if(!prs_uint32("max_size ", ps, depth, &q_e->max_size)) diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c index a71d97ada78..8dbd4ff33f3 100644 --- a/source/rpc_server/srv_netlog_nt.c +++ b/source/rpc_server/srv_netlog_nt.c @@ -1016,12 +1016,12 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p, pdb_get_pass_last_set_time(sampw), pdb_get_pass_can_change_time(sampw), pdb_get_pass_must_change_time(sampw), - 0, /* logon_count */ 0, /* bad_pw_count */ num_gids, /* uint32 num_groups */ gids , /* DOM_GID *gids */ - 0x20 , /* uint32 user_flgs (?) */ + LOGON_EXTRA_SIDS, /* uint32 user_flgs (?) */ + pdb_get_acct_ctrl(sampw), server_info->user_session_key.length ? user_session_key : NULL, server_info->lm_session_key.length ? lm_session_key : NULL, my_name , /* char *logon_srv */ diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index 47e1a31535e..fa5b0806344 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -482,7 +482,7 @@ static void samr_clear_sam_passwd(struct samu *sam_pass) pdb_set_nt_passwd(sam_pass, NULL, PDB_DEFAULT); } -static uint32 count_sam_users(struct disp_info *info, uint16 acct_flags) +static uint32 count_sam_users(struct disp_info *info, uint32 acct_flags) { struct samr_displayentry *entry; @@ -3218,7 +3218,7 @@ static BOOL set_user_info_pw(uint8 *pass, struct samu *pwd) { uint32 len; pstring plaintext_buf; - uint16 acct_ctrl; + uint32 acct_ctrl; DEBUG(5, ("Attempting administrator password change for user %s\n", pdb_get_username(pwd))); diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c index 13da71a7fd9..82194c84c73 100644 --- a/source/rpcclient/cmd_samr.c +++ b/source/rpcclient/cmd_samr.c @@ -100,7 +100,7 @@ static void display_sam_user_info_21(SAM_USER_INFO_21 *usr) printf("\tuser_rid :\t0x%x\n" , usr->user_rid ); /* User ID */ printf("\tgroup_rid:\t0x%x\n" , usr->group_rid); /* Group ID */ - printf("\tacb_info :\t0x%04x\n", usr->acb_info ); /* Account Control Info */ + printf("\tacb_info :\t0x%08x\n", usr->acb_info ); /* Account Control Info */ printf("\tfields_present:\t0x%08x\n", usr->fields_present); /* 0x00ff ffff */ printf("\tlogon_divs:\t%d\n", usr->logon_divs); /* 0x0000 00a8 which is 168 which is num hrs in a week */ @@ -776,7 +776,7 @@ static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli, char **dom_users; uint32 *dom_rids; uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; - uint16 acb_mask = ACB_NORMAL; + uint32 acb_mask = ACB_NORMAL; BOOL got_connect_pol = False, got_domain_pol = False; if ((argc < 1) || (argc > 3)) { @@ -788,7 +788,7 @@ static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli, sscanf(argv[1], "%x", &access_mask); if (argc > 2) - sscanf(argv[2], "%hx", &acb_mask); + sscanf(argv[2], "%x", &acb_mask); /* Get sam policy handle */ @@ -1367,7 +1367,7 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli, POLICY_HND connect_pol, domain_pol, user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; const char *acct_name; - uint16 acb_info; + uint32 acb_info; uint32 unknown, user_rid; uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; diff --git a/source/smbd/chgpasswd.c b/source/smbd/chgpasswd.c index 8df824a323e..224ae3d763e 100644 --- a/source/smbd/chgpasswd.c +++ b/source/smbd/chgpasswd.c @@ -575,7 +575,7 @@ BOOL check_lanman_password(char *user, uchar * pass1, uchar unenc_new_pw[16]; uchar unenc_old_pw[16]; struct samu *sampass = NULL; - uint16 acct_ctrl; + uint32 acct_ctrl; const uint8 *lanman_pw; BOOL ret; @@ -641,7 +641,7 @@ BOOL change_lanman_password(struct samu *sampass, uchar *pass2) static uchar null_pw[16]; uchar unenc_new_pw[16]; BOOL ret; - uint16 acct_ctrl; + uint32 acct_ctrl; const uint8 *pwd; if (sampass == NULL) { @@ -755,7 +755,7 @@ static NTSTATUS check_oem_password(const char *user, uint8 *password_encrypted; const uint8 *encryption_key; const uint8 *lanman_pw, *nt_pw; - uint16 acct_ctrl; + uint32 acct_ctrl; uint32 new_pw_len; uchar new_nt_hash[16]; uchar new_lm_hash[16]; diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c index 85b09f9e07c..0cedbd78abc 100644 --- a/source/utils/net_rpc.c +++ b/source/utils/net_rpc.c @@ -566,7 +566,7 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, POLICY_HND connect_pol, domain_pol, user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; const char *acct_name; - uint16 acb_info; + uint32 acb_info; uint32 unknown, user_rid; if (argc != 1) { @@ -5230,7 +5230,7 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, POLICY_HND connect_pol, domain_pol, user_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; char *acct_name; - uint16 acb_info; + uint32 acb_info; uint32 unknown, user_rid; if (argc != 2) {