sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

s3/s4 - Adapt the IDL changes on various locations

Browse Source
This commit is contained in:
Matthias Dieter Wallnöfer 2009-09-25 22:44:00 +02:00
parent c2685cdedb
commit 607ceff234
10 changed files with 95 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
source3/include/proto.h
View File

@ -5427,7 +5427,7 @@ NTSTATUS rpccli_samr_chgpasswd_user3(struct rpc_pipe_client *cli,
const char *newpassword,
const char *oldpassword,
struct samr_DomInfo1 **dominfo1,
struct samr_ChangeReject **reject);
struct userPwdChangeFailureInformation **reject);
void get_query_dispinfo_params(int loop_count, uint32 *max_entries,
uint32 *max_size);
NTSTATUS rpccli_try_samr_connects(struct rpc_pipe_client *cli,

2
source3/rpc_client/cli_samr.c
View File

@ -187,7 +187,7 @@ NTSTATUS rpccli_samr_chgpasswd_user3(struct rpc_pipe_client *cli,
const char *newpassword,
const char *oldpassword,
struct samr_DomInfo1 **dominfo1,
struct samr_ChangeReject **reject)
struct userPwdChangeFailureInformation **reject)
{
NTSTATUS status;

7
source3/rpc_server/srv_samr_nt.c
View File

@ -2025,7 +2025,7 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
const char *wks = NULL;
uint32 reject_reason;
struct samr_DomInfo1 *dominfo = NULL;
struct samr_ChangeReject *reject = NULL;
struct userPwdChangeFailureInformation *reject = NULL;
uint32_t tmp;
DEBUG(5,("_samr_ChangePasswordUser3: %d\n", __LINE__));
@ -2070,7 +2070,8 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
return NT_STATUS_NO_MEMORY;
}
reject = TALLOC_ZERO_P(p->mem_ctx, struct samr_ChangeReject);
reject = TALLOC_ZERO_P(p->mem_ctx,
struct userPwdChangeFailureInformation);
if (!reject) {
return NT_STATUS_NO_MEMORY;
}
@ -2105,7 +2106,7 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
dominfo->password_properties |= DOMAIN_PASSWORD_COMPLEX;
}
reject->reason = reject_reason;
reject->extendedFailureReason = reject_reason;
*r->out.dominfo = dominfo;
*r->out.reject = reject;

21
source3/rpcclient/cmd_samr.c
View File

@ -2538,7 +2538,7 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
const char *user, *oldpass, *newpass;
uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
struct samr_DomInfo1 *info = NULL;
struct samr_ChangeReject *reject = NULL;
struct userPwdChangeFailureInformation *reject = NULL;
if (argc < 3) {
printf("Usage: %s username oldpass newpass\n", argv[0]);
@ -2581,22 +2581,19 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
display_sam_dom_info_1(info);
switch (reject->reason) {
case SAMR_REJECT_TOO_SHORT:
d_printf("SAMR_REJECT_TOO_SHORT\n");
switch (reject->extendedFailureReason) {
case SAM_PWD_CHANGE_PASSWORD_TOO_SHORT:
d_printf("SAM_PWD_CHANGE_PASSWORD_TOO_SHORT\n");
break;
case SAMR_REJECT_IN_HISTORY:
d_printf("SAMR_REJECT_IN_HISTORY\n");
case SAM_PWD_CHANGE_PWD_IN_HISTORY:
d_printf("SAM_PWD_CHANGE_PWD_IN_HISTORY\n");
break;
case SAMR_REJECT_COMPLEXITY:
d_printf("SAMR_REJECT_COMPLEXITY\n");
break;
case SAMR_REJECT_OTHER:
d_printf("SAMR_REJECT_OTHER\n");
case SAM_PWD_CHANGE_NOT_COMPLEX:
d_printf("SAM_PWD_CHANGE_NOT_COMPLEX\n");
break;
default:
d_printf("unknown reject reason: %d\n",
reject->reason);
reject->extendedFailureReason);
break;
}
}

18
source3/smbd/chgpasswd.c
View File

@ -778,7 +778,7 @@ NTSTATUS pass_oem_change(char *user,
const uchar old_lm_hash_encrypted[16],
uchar password_encrypted_with_nt_hash[516],
const uchar old_nt_hash_encrypted[16],
uint32 *reject_reason)
enum samPwdChangeReason *reject_reason)
{
char *new_passwd = NULL;
struct samu *sampass = NULL;
@ -1081,7 +1081,7 @@ static bool check_passwd_history(struct samu *sampass, const char *plaintext)
is correct before calling. JRA.
************************************************************/
NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passwd, bool as_root, uint32 *samr_reject_reason)
NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passwd, bool as_root, enum samPwdChangeReason *samr_reject_reason)
{
uint32 min_len;
uint32 refuse;
@ -1091,14 +1091,14 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
time_t can_change_time = pdb_get_pass_can_change_time(hnd);
if (samr_reject_reason) {
*samr_reject_reason = Undefined;
*samr_reject_reason = SAM_PWD_CHANGE_NO_ERROR;
}
/* check to see if the secdesc has previously been set to disallow */
if (!pdb_get_pass_can_change(hnd)) {
DEBUG(1, ("user %s does not have permissions to change password\n", username));
if (samr_reject_reason) {
*samr_reject_reason = SAMR_REJECT_OTHER;
*samr_reject_reason = SAM_PWD_CHANGE_NO_ERROR;
}
return NT_STATUS_ACCOUNT_RESTRICTION;
}
@ -1112,7 +1112,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
"denied by Refuse Machine Password Change policy\n",
username));
if (samr_reject_reason) {
*samr_reject_reason = SAMR_REJECT_OTHER;
*samr_reject_reason = SAM_PWD_CHANGE_NO_ERROR;
}
return NT_STATUS_ACCOUNT_RESTRICTION;
}
@ -1125,7 +1125,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
"wait until %s\n", username,
http_timestring(tosctx, can_change_time)));
if (samr_reject_reason) {
*samr_reject_reason = SAMR_REJECT_OTHER;
*samr_reject_reason = SAM_PWD_CHANGE_NO_ERROR;
}
return NT_STATUS_ACCOUNT_RESTRICTION;
}
@ -1135,7 +1135,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
username));
DEBUGADD(1, (" account policy min password len = %d\n", min_len));
if (samr_reject_reason) {
*samr_reject_reason = SAMR_REJECT_TOO_SHORT;
*samr_reject_reason = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT;
}
return NT_STATUS_PASSWORD_RESTRICTION;
/* return NT_STATUS_PWD_TOO_SHORT; */
@ -1143,7 +1143,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
if (check_passwd_history(hnd,new_passwd)) {
if (samr_reject_reason) {
*samr_reject_reason = SAMR_REJECT_IN_HISTORY;
*samr_reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@ -1171,7 +1171,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
if (check_ret != 0) {
DEBUG(1, ("change_oem_password: check password script said new password is not good enough!\n"));
if (samr_reject_reason) {
*samr_reject_reason = SAMR_REJECT_COMPLEXITY;
*samr_reject_reason = SAM_PWD_CHANGE_NOT_COMPLEX;
}
TALLOC_FREE(pass);
return NT_STATUS_PASSWORD_RESTRICTION;

4
source3/winbindd/winbindd_pam.c
View File

@ -2060,7 +2060,7 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact
struct rpc_pipe_client *cli;
bool got_info = false;
struct samr_DomInfo1 *info = NULL;
struct samr_ChangeReject *reject = NULL;
struct userPwdChangeFailureInformation *reject = NULL;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
fstring domain, user;
@ -2102,7 +2102,7 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact
fill_in_password_policy(state->response, info);
state->response->data.auth.reject_reason =
reject->reason;
reject->extendedFailureReason;
got_info = true;
}

25
source4/dsdb/common/util.c
View File

@ -1583,7 +1583,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
struct samr_Password *param_lmNewHash,
struct samr_Password *param_ntNewHash,
bool user_change,
enum samr_RejectReason *reject_reason,
enum samPwdChangeReason *reject_reason,
struct samr_DomInfo1 **_dominfo)
{
const char * const user_attrs[] = { "userAccountControl",
@ -1702,7 +1702,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
&& (minPwdLength > utf16_len_n(
new_password->data, new_password->length)/2)) {
if (reject_reason) {
*reject_reason = SAMR_REJECT_TOO_SHORT;
*reject_reason = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@ -1726,7 +1726,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
& DOMAIN_PASSWORD_COMPLEX) != 0)
&& (!check_password_quality(new_pass))) {
if (reject_reason) {
*reject_reason = SAMR_REJECT_COMPLEXITY;
*reject_reason = SAM_PWD_CHANGE_NOT_COMPLEX;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@ -1742,7 +1742,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
/* are all password changes disallowed? */
if ((pwdProperties & DOMAIN_REFUSE_PASSWORD_CHANGE) != 0) {
if (reject_reason) {
*reject_reason = SAMR_REJECT_OTHER;
*reject_reason = SAM_PWD_CHANGE_NO_ERROR;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@ -1750,7 +1750,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
/* can this user change the password? */
if ((userAccountControl & UF_PASSWD_CANT_CHANGE) != 0) {
if (reject_reason) {
*reject_reason = SAMR_REJECT_OTHER;
*reject_reason = SAM_PWD_CHANGE_NO_ERROR;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@ -1758,7 +1758,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
/* Password minimum age: yes, this is a minus. The ages are in negative 100nsec units! */
if (pwdLastSet - minPwdAge > now_nt) {
if (reject_reason) {
*reject_reason = SAMR_REJECT_OTHER;
*reject_reason = SAM_PWD_CHANGE_NO_ERROR;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@ -1768,14 +1768,14 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
if (lmNewHash && lmPwdHash && memcmp(lmNewHash->hash,
lmPwdHash->hash, 16) == 0) {
if (reject_reason) {
*reject_reason = SAMR_REJECT_IN_HISTORY;
*reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
if (ntNewHash && ntPwdHash && memcmp(ntNewHash->hash,
ntPwdHash->hash, 16) == 0) {
if (reject_reason) {
*reject_reason = SAMR_REJECT_IN_HISTORY;
*reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@ -1791,7 +1791,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
if (memcmp(lmNewHash->hash, sambaLMPwdHistory[i].hash,
16) == 0) {
if (reject_reason) {
*reject_reason = SAMR_REJECT_IN_HISTORY;
*reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@ -1800,7 +1800,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
if (memcmp(ntNewHash->hash, sambaNTPwdHistory[i].hash,
16) == 0) {
if (reject_reason) {
*reject_reason = SAMR_REJECT_IN_HISTORY;
*reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@ -1833,6 +1833,9 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
}
}
if (reject_reason) {
*reject_reason = SAM_PWD_CHANGE_NO_ERROR;
}
return NT_STATUS_OK;
}
@ -1851,7 +1854,7 @@ NTSTATUS samdb_set_password_sid(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
struct samr_Password *lmNewHash,
struct samr_Password *ntNewHash,
bool user_change,
enum samr_RejectReason *reject_reason,
enum samPwdChangeReason *reject_reason,
struct samr_DomInfo1 **_dominfo)
{
NTSTATUS nt_status;

17
source4/kdc/kpasswdd.c
View File

@ -113,7 +113,7 @@ static bool kpasswdd_make_unauth_error_reply(struct kdc_server *kdc,
static bool kpasswd_make_pwchange_reply(struct kdc_server *kdc,
TALLOC_CTX *mem_ctx,
NTSTATUS status,
enum samr_RejectReason reject_reason,
enum samPwdChangeReason reject_reason,
struct samr_DomInfo1 *dominfo,
DATA_BLOB *error_blob)
{
@ -132,17 +132,16 @@ static bool kpasswd_make_pwchange_reply(struct kdc_server *kdc,
if (dominfo && NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
const char *reject_string;
switch (reject_reason) {
case SAMR_REJECT_TOO_SHORT:
case SAM_PWD_CHANGE_PASSWORD_TOO_SHORT:
reject_string = talloc_asprintf(mem_ctx, "Password too short, password must be at least %d characters long",
dominfo->min_password_length);
break;
case SAMR_REJECT_COMPLEXITY:
case SAM_PWD_CHANGE_NOT_COMPLEX:
reject_string = "Password does not meet complexity requirements";
break;
case SAMR_REJECT_IN_HISTORY:
case SAM_PWD_CHANGE_PWD_IN_HISTORY:
reject_string = "Password is already in password history";
break;
case SAMR_REJECT_OTHER:
default:
reject_string = talloc_asprintf(mem_ctx, "Password must be at least %d characters long, and cannot match any of your %d previous passwords",
dominfo->min_password_length, dominfo->password_history_length);
@ -178,7 +177,7 @@ static bool kpasswdd_change_password(struct kdc_server *kdc,
DATA_BLOB *reply)
{
NTSTATUS status;
enum samr_RejectReason reject_reason;
enum samPwdChangeReason reject_reason;
struct samr_DomInfo1 *dominfo;
struct ldb_context *samdb;
@ -248,7 +247,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
case KRB5_KPASSWD_VERS_SETPW:
{
NTSTATUS status;
enum samr_RejectReason reject_reason = SAMR_REJECT_OTHER;
enum samPwdChangeReason reject_reason = SAM_PWD_CHANGE_NO_ERROR;
struct samr_DomInfo1 *dominfo = NULL;
struct ldb_context *samdb;
struct ldb_message *msg;
@ -349,7 +348,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
status = NT_STATUS_TRANSACTION_ABORTED;
return kpasswd_make_pwchange_reply(kdc, mem_ctx,
status,
SAMR_REJECT_OTHER,
SAM_PWD_CHANGE_NO_ERROR,
NULL,
reply);
}
@ -362,7 +361,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
ldb_transaction_cancel(samdb);
return kpasswd_make_pwchange_reply(kdc, mem_ctx,
status,
SAMR_REJECT_OTHER,
SAM_PWD_CHANGE_NO_ERROR,
NULL,
reply);
}

39
source4/rpc_server/samr/samr_password.c
View File

@ -177,8 +177,9 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
/*
samr_OemChangePasswordUser2
*/
NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_OemChangePasswordUser2 *r)
NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct samr_OemChangePasswordUser2 *r)
{
NTSTATUS status;
DATA_BLOB new_password, new_unicode_password;
@ -335,8 +336,8 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
samr_ChangePasswordUser3
*/
NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct samr_ChangePasswordUser3 *r)
TALLOC_CTX *mem_ctx,
struct samr_ChangePasswordUser3 *r)
{
NTSTATUS status;
DATA_BLOB new_password;
@ -348,8 +349,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
struct samr_Password *nt_pwd, *lm_pwd;
DATA_BLOB nt_pwd_blob;
struct samr_DomInfo1 *dominfo = NULL;
struct samr_ChangeReject *reject = NULL;
enum samr_RejectReason reason = SAMR_REJECT_OTHER;
struct userPwdChangeFailureInformation *reject = NULL;
enum samPwdChangeReason reason = SAM_PWD_CHANGE_NO_ERROR;
uint8_t new_nt_hash[16], new_lm_hash[16];
struct samr_Password nt_verifier, lm_verifier;
@ -465,6 +466,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
true, /* this is a user password change */
&reason,
&dominfo);
if (!NT_STATUS_IS_OK(status)) {
goto failed;
}
@ -494,18 +496,16 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
failed:
ldb_transaction_cancel(sam_ctx);
talloc_free(sam_ctx);
reject = talloc(mem_ctx, struct samr_ChangeReject);
*r->out.dominfo = dominfo;
*r->out.reject = reject;
reject = talloc(mem_ctx, struct userPwdChangeFailureInformation);
if (reject != NULL) {
ZERO_STRUCTP(reject);
reject->extendedFailureReason = reason;
if (reject == NULL) {
return status;
*r->out.reject = reject;
}
ZERO_STRUCTP(reject);
reject->reason = reason;
*r->out.dominfo = dominfo;
return status;
}
@ -516,12 +516,13 @@ failed:
easy - just a subset of samr_ChangePasswordUser3
*/
NTSTATUS dcesrv_samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_ChangePasswordUser2 *r)
NTSTATUS dcesrv_samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct samr_ChangePasswordUser2 *r)
{
struct samr_ChangePasswordUser3 r2;
struct samr_DomInfo1 *dominfo = NULL;
struct samr_ChangeReject *reject = NULL;
struct userPwdChangeFailureInformation *reject = NULL;
r2.in.server = r->in.server;
r2.in.account = r->in.account;
@ -584,7 +585,8 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
*/
NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
struct ldb_context *sam_ctx,
struct ldb_dn *account_dn, struct ldb_dn *domain_dn,
struct ldb_dn *account_dn,
struct ldb_dn *domain_dn,
TALLOC_CTX *mem_ctx,
struct ldb_message *msg,
struct samr_CryptPasswordEx *pwbuf)
@ -627,4 +629,3 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
NULL, NULL);
}

54
source4/torture/rpc/samr.c
View File

@ -2132,7 +2132,7 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
uint8_t old_lm_hash[16], new_lm_hash[16];
NTTIME t;
struct samr_DomInfo1 *dominfo = NULL;
struct samr_ChangeReject *reject = NULL;
struct userPwdChangeFailureInformation *reject = NULL;
torture_comment(tctx, "Testing ChangePasswordUser3\n");
@ -2269,9 +2269,9 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
&& (!null_nttime(last_password_change) || !dominfo->min_password_age)) {
if (dominfo->password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE ) {
if (reject && (reject->reason != SAMR_REJECT_OTHER)) {
torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
SAMR_REJECT_OTHER, reject->reason);
if (reject && (reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR)) {
torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false;
}
}
@ -2288,40 +2288,40 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
if ((dominfo->min_password_age > 0) && !null_nttime(last_password_change) &&
(last_password_change + dominfo->min_password_age > t)) {
if (reject->reason != SAMR_REJECT_OTHER) {
torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
SAMR_REJECT_OTHER, reject->reason);
if (reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false;
}
} else if ((dominfo->min_password_length > 0) &&
(strlen(newpass) < dominfo->min_password_length)) {
if (reject->reason != SAMR_REJECT_TOO_SHORT) {
torture_warning(tctx, "expected SAMR_REJECT_TOO_SHORT (%d), got %d\n",
SAMR_REJECT_TOO_SHORT, reject->reason);
if (reject->extendedFailureReason != SAM_PWD_CHANGE_PASSWORD_TOO_SHORT) {
torture_warning(tctx, "expected SAM_PWD_CHANGE_PASSWORD_TOO_SHORT (%d), got %d\n",
SAM_PWD_CHANGE_PASSWORD_TOO_SHORT, reject->extendedFailureReason);
return false;
}
} else if ((dominfo->password_history_length > 0) &&
strequal(oldpass, newpass)) {
if (reject->reason != SAMR_REJECT_IN_HISTORY) {
torture_warning(tctx, "expected SAMR_REJECT_IN_HISTORY (%d), got %d\n",
SAMR_REJECT_IN_HISTORY, reject->reason);
if (reject->extendedFailureReason != SAM_PWD_CHANGE_PWD_IN_HISTORY) {
torture_warning(tctx, "expected SAM_PWD_CHANGE_PWD_IN_HISTORY (%d), got %d\n",
SAM_PWD_CHANGE_PWD_IN_HISTORY, reject->extendedFailureReason);
return false;
}
} else if (dominfo->password_properties & DOMAIN_PASSWORD_COMPLEX) {
if (reject->reason != SAMR_REJECT_COMPLEXITY) {
torture_warning(tctx, "expected SAMR_REJECT_COMPLEXITY (%d), got %d\n",
SAMR_REJECT_COMPLEXITY, reject->reason);
if (reject->extendedFailureReason != SAM_PWD_CHANGE_NOT_COMPLEX) {
torture_warning(tctx, "expected SAM_PWD_CHANGE_NOT_COMPLEX (%d), got %d\n",
SAM_PWD_CHANGE_NOT_COMPLEX, reject->extendedFailureReason);
return false;
}
}
if (reject->reason == SAMR_REJECT_TOO_SHORT) {
if (reject->extendedFailureReason == SAM_PWD_CHANGE_PASSWORD_TOO_SHORT) {
/* retry with adjusted size */
return test_ChangePasswordUser3(p, tctx, account_string,
dominfo->min_password_length,
@ -2330,9 +2330,9 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
}
} else if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
if (reject && reject->reason != SAMR_REJECT_OTHER) {
torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
SAMR_REJECT_OTHER, reject->reason);
if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false;
}
/* Perhaps the server has a 'min password age' set? */
@ -2369,7 +2369,7 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
uint8_t old_nt_hash[16], new_nt_hash[16];
NTTIME t;
struct samr_DomInfo1 *dominfo = NULL;
struct samr_ChangeReject *reject = NULL;
struct userPwdChangeFailureInformation *reject = NULL;
new_random_pass = samr_very_rand_pass(tctx, 128);
@ -2444,9 +2444,9 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
if (reject && reject->reason != SAMR_REJECT_OTHER) {
torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
SAMR_REJECT_OTHER, reject->reason);
if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false;
}
/* Perhaps the server has a 'min password age' set? */
@ -2482,9 +2482,9 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
if (reject && reject->reason != SAMR_REJECT_OTHER) {
torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
SAMR_REJECT_OTHER, reject->reason);
if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false;
}
/* Perhaps the server has a 'min password age' set? */