sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

s3/s4 - Adapt the IDL changes on various locations

Browse Source
This commit is contained in:
Matthias Dieter Wallnöfer 2009-09-25 22:44:00 +02:00
parent c2685cdedb
commit 607ceff234
10 changed files with 95 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
source3/include/proto.h
View File

@ -5427,7 +5427,7 @@ NTSTATUS rpccli_samr_chgpasswd_user3(struct rpc_pipe_client *cli,
const char *newpassword, const char *newpassword,
const char *oldpassword, const char *oldpassword,
struct samr_DomInfo1 **dominfo1, struct samr_DomInfo1 **dominfo1,
struct samr_ChangeReject **reject); struct userPwdChangeFailureInformation **reject);
void get_query_dispinfo_params(int loop_count, uint32 *max_entries, void get_query_dispinfo_params(int loop_count, uint32 *max_entries,
uint32 *max_size); uint32 *max_size);
NTSTATUS rpccli_try_samr_connects(struct rpc_pipe_client *cli, NTSTATUS rpccli_try_samr_connects(struct rpc_pipe_client *cli,

2
source3/rpc_client/cli_samr.c
View File

@ -187,7 +187,7 @@ NTSTATUS rpccli_samr_chgpasswd_user3(struct rpc_pipe_client *cli,
const char *newpassword, const char *newpassword,
const char *oldpassword, const char *oldpassword,
struct samr_DomInfo1 **dominfo1, struct samr_DomInfo1 **dominfo1,
struct samr_ChangeReject **reject) struct userPwdChangeFailureInformation **reject)
{ {
NTSTATUS status; NTSTATUS status;

7
source3/rpc_server/srv_samr_nt.c
View File

@ -2025,7 +2025,7 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
const char *wks = NULL; const char *wks = NULL;
uint32 reject_reason; uint32 reject_reason;
struct samr_DomInfo1 *dominfo = NULL; struct samr_DomInfo1 *dominfo = NULL;
struct samr_ChangeReject *reject = NULL; struct userPwdChangeFailureInformation *reject = NULL;
uint32_t tmp; uint32_t tmp;
DEBUG(5,("_samr_ChangePasswordUser3: %d\n", __LINE__)); DEBUG(5,("_samr_ChangePasswordUser3: %d\n", __LINE__));
@ -2070,7 +2070,8 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
return NT_STATUS_NO_MEMORY; return NT_STATUS_NO_MEMORY;
} }
reject = TALLOC_ZERO_P(p->mem_ctx, struct samr_ChangeReject); reject = TALLOC_ZERO_P(p->mem_ctx,
struct userPwdChangeFailureInformation);
if (!reject) { if (!reject) {
return NT_STATUS_NO_MEMORY; return NT_STATUS_NO_MEMORY;
} }
@ -2105,7 +2106,7 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
dominfo->password_properties |= DOMAIN_PASSWORD_COMPLEX; dominfo->password_properties |= DOMAIN_PASSWORD_COMPLEX;
} }
reject->reason = reject_reason; reject->extendedFailureReason = reject_reason;
*r->out.dominfo = dominfo; *r->out.dominfo = dominfo;
*r->out.reject = reject; *r->out.reject = reject;

21
source3/rpcclient/cmd_samr.c
View File

@ -2538,7 +2538,7 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
const char *user, *oldpass, *newpass; const char *user, *oldpass, *newpass;
uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
struct samr_DomInfo1 *info = NULL; struct samr_DomInfo1 *info = NULL;
struct samr_ChangeReject *reject = NULL; struct userPwdChangeFailureInformation *reject = NULL;
if (argc < 3) { if (argc < 3) {
printf("Usage: %s username oldpass newpass\n", argv[0]); printf("Usage: %s username oldpass newpass\n", argv[0]);
@ -2581,22 +2581,19 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
display_sam_dom_info_1(info); display_sam_dom_info_1(info);
switch (reject->reason) { switch (reject->extendedFailureReason) {
case SAMR_REJECT_TOO_SHORT: case SAM_PWD_CHANGE_PASSWORD_TOO_SHORT:
d_printf("SAMR_REJECT_TOO_SHORT\n"); d_printf("SAM_PWD_CHANGE_PASSWORD_TOO_SHORT\n");
break; break;
case SAMR_REJECT_IN_HISTORY: case SAM_PWD_CHANGE_PWD_IN_HISTORY:
d_printf("SAMR_REJECT_IN_HISTORY\n"); d_printf("SAM_PWD_CHANGE_PWD_IN_HISTORY\n");
break; break;
case SAMR_REJECT_COMPLEXITY: case SAM_PWD_CHANGE_NOT_COMPLEX:
d_printf("SAMR_REJECT_COMPLEXITY\n"); d_printf("SAM_PWD_CHANGE_NOT_COMPLEX\n");
break;
case SAMR_REJECT_OTHER:
d_printf("SAMR_REJECT_OTHER\n");
break; break;
default: default:
d_printf("unknown reject reason: %d\n", d_printf("unknown reject reason: %d\n",
reject->reason); reject->extendedFailureReason);
break; break;
} }
} }

18
source3/smbd/chgpasswd.c
View File

@ -778,7 +778,7 @@ NTSTATUS pass_oem_change(char *user,
const uchar old_lm_hash_encrypted[16], const uchar old_lm_hash_encrypted[16],
uchar password_encrypted_with_nt_hash[516], uchar password_encrypted_with_nt_hash[516],
const uchar old_nt_hash_encrypted[16], const uchar old_nt_hash_encrypted[16],
uint32 *reject_reason) enum samPwdChangeReason *reject_reason)
{ {
char *new_passwd = NULL; char *new_passwd = NULL;
struct samu *sampass = NULL; struct samu *sampass = NULL;
@ -1081,7 +1081,7 @@ static bool check_passwd_history(struct samu *sampass, const char *plaintext)
is correct before calling. JRA. is correct before calling. JRA.
************************************************************/ ************************************************************/
NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passwd, bool as_root, uint32 *samr_reject_reason) NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passwd, bool as_root, enum samPwdChangeReason *samr_reject_reason)
{ {
uint32 min_len; uint32 min_len;
uint32 refuse; uint32 refuse;
@ -1091,14 +1091,14 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
time_t can_change_time = pdb_get_pass_can_change_time(hnd); time_t can_change_time = pdb_get_pass_can_change_time(hnd);
if (samr_reject_reason) { if (samr_reject_reason) {
*samr_reject_reason = Undefined; *samr_reject_reason = SAM_PWD_CHANGE_NO_ERROR;
} }
/* check to see if the secdesc has previously been set to disallow */ /* check to see if the secdesc has previously been set to disallow */
if (!pdb_get_pass_can_change(hnd)) { if (!pdb_get_pass_can_change(hnd)) {
DEBUG(1, ("user %s does not have permissions to change password\n", username)); DEBUG(1, ("user %s does not have permissions to change password\n", username));
if (samr_reject_reason) { if (samr_reject_reason) {
*samr_reject_reason = SAMR_REJECT_OTHER; *samr_reject_reason = SAM_PWD_CHANGE_NO_ERROR;
} }
return NT_STATUS_ACCOUNT_RESTRICTION; return NT_STATUS_ACCOUNT_RESTRICTION;
} }
@ -1112,7 +1112,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
"denied by Refuse Machine Password Change policy\n", "denied by Refuse Machine Password Change policy\n",
username)); username));
if (samr_reject_reason) { if (samr_reject_reason) {
*samr_reject_reason = SAMR_REJECT_OTHER; *samr_reject_reason = SAM_PWD_CHANGE_NO_ERROR;
} }
return NT_STATUS_ACCOUNT_RESTRICTION; return NT_STATUS_ACCOUNT_RESTRICTION;
} }
@ -1125,7 +1125,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
"wait until %s\n", username, "wait until %s\n", username,
http_timestring(tosctx, can_change_time))); http_timestring(tosctx, can_change_time)));
if (samr_reject_reason) { if (samr_reject_reason) {
*samr_reject_reason = SAMR_REJECT_OTHER; *samr_reject_reason = SAM_PWD_CHANGE_NO_ERROR;
} }
return NT_STATUS_ACCOUNT_RESTRICTION; return NT_STATUS_ACCOUNT_RESTRICTION;
} }
@ -1135,7 +1135,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
username)); username));
DEBUGADD(1, (" account policy min password len = %d\n", min_len)); DEBUGADD(1, (" account policy min password len = %d\n", min_len));
if (samr_reject_reason) { if (samr_reject_reason) {
*samr_reject_reason = SAMR_REJECT_TOO_SHORT; *samr_reject_reason = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT;
} }
return NT_STATUS_PASSWORD_RESTRICTION; return NT_STATUS_PASSWORD_RESTRICTION;
/* return NT_STATUS_PWD_TOO_SHORT; */ /* return NT_STATUS_PWD_TOO_SHORT; */
@ -1143,7 +1143,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
if (check_passwd_history(hnd,new_passwd)) { if (check_passwd_history(hnd,new_passwd)) {
if (samr_reject_reason) { if (samr_reject_reason) {
*samr_reject_reason = SAMR_REJECT_IN_HISTORY; *samr_reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
} }
return NT_STATUS_PASSWORD_RESTRICTION; return NT_STATUS_PASSWORD_RESTRICTION;
} }
@ -1171,7 +1171,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
if (check_ret != 0) { if (check_ret != 0) {
DEBUG(1, ("change_oem_password: check password script said new password is not good enough!\n")); DEBUG(1, ("change_oem_password: check password script said new password is not good enough!\n"));
if (samr_reject_reason) { if (samr_reject_reason) {
*samr_reject_reason = SAMR_REJECT_COMPLEXITY; *samr_reject_reason = SAM_PWD_CHANGE_NOT_COMPLEX;
} }
TALLOC_FREE(pass); TALLOC_FREE(pass);
return NT_STATUS_PASSWORD_RESTRICTION; return NT_STATUS_PASSWORD_RESTRICTION;

4
source3/winbindd/winbindd_pam.c
View File

@ -2060,7 +2060,7 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact
struct rpc_pipe_client *cli; struct rpc_pipe_client *cli;
bool got_info = false; bool got_info = false;
struct samr_DomInfo1 *info = NULL; struct samr_DomInfo1 *info = NULL;
struct samr_ChangeReject *reject = NULL; struct userPwdChangeFailureInformation *reject = NULL;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL; NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
fstring domain, user; fstring domain, user;
@ -2102,7 +2102,7 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact
fill_in_password_policy(state->response, info); fill_in_password_policy(state->response, info);
state->response->data.auth.reject_reason = state->response->data.auth.reject_reason =
reject->reason; reject->extendedFailureReason;
got_info = true; got_info = true;
} }

25
source4/dsdb/common/util.c
View File

@ -1583,7 +1583,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
struct samr_Password *param_lmNewHash, struct samr_Password *param_lmNewHash,
struct samr_Password *param_ntNewHash, struct samr_Password *param_ntNewHash,
bool user_change, bool user_change,
enum samr_RejectReason *reject_reason, enum samPwdChangeReason *reject_reason,
struct samr_DomInfo1 **_dominfo) struct samr_DomInfo1 **_dominfo)
{ {
const char * const user_attrs[] = { "userAccountControl", const char * const user_attrs[] = { "userAccountControl",
@ -1702,7 +1702,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
&& (minPwdLength > utf16_len_n( && (minPwdLength > utf16_len_n(
new_password->data, new_password->length)/2)) { new_password->data, new_password->length)/2)) {
if (reject_reason) { if (reject_reason) {
*reject_reason = SAMR_REJECT_TOO_SHORT; *reject_reason = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT;
} }
return NT_STATUS_PASSWORD_RESTRICTION; return NT_STATUS_PASSWORD_RESTRICTION;
} }
@ -1726,7 +1726,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
& DOMAIN_PASSWORD_COMPLEX) != 0) & DOMAIN_PASSWORD_COMPLEX) != 0)
&& (!check_password_quality(new_pass))) { && (!check_password_quality(new_pass))) {
if (reject_reason) { if (reject_reason) {
*reject_reason = SAMR_REJECT_COMPLEXITY; *reject_reason = SAM_PWD_CHANGE_NOT_COMPLEX;
} }
return NT_STATUS_PASSWORD_RESTRICTION; return NT_STATUS_PASSWORD_RESTRICTION;
} }
@ -1742,7 +1742,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
/* are all password changes disallowed? */ /* are all password changes disallowed? */
if ((pwdProperties & DOMAIN_REFUSE_PASSWORD_CHANGE) != 0) { if ((pwdProperties & DOMAIN_REFUSE_PASSWORD_CHANGE) != 0) {
if (reject_reason) { if (reject_reason) {
*reject_reason = SAMR_REJECT_OTHER; *reject_reason = SAM_PWD_CHANGE_NO_ERROR;
} }
return NT_STATUS_PASSWORD_RESTRICTION; return NT_STATUS_PASSWORD_RESTRICTION;
} }
@ -1750,7 +1750,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
/* can this user change the password? */ /* can this user change the password? */
if ((userAccountControl & UF_PASSWD_CANT_CHANGE) != 0) { if ((userAccountControl & UF_PASSWD_CANT_CHANGE) != 0) {
if (reject_reason) { if (reject_reason) {
*reject_reason = SAMR_REJECT_OTHER; *reject_reason = SAM_PWD_CHANGE_NO_ERROR;
} }
return NT_STATUS_PASSWORD_RESTRICTION; return NT_STATUS_PASSWORD_RESTRICTION;
} }
@ -1758,7 +1758,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
/* Password minimum age: yes, this is a minus. The ages are in negative 100nsec units! */ /* Password minimum age: yes, this is a minus. The ages are in negative 100nsec units! */
if (pwdLastSet - minPwdAge > now_nt) { if (pwdLastSet - minPwdAge > now_nt) {
if (reject_reason) { if (reject_reason) {
*reject_reason = SAMR_REJECT_OTHER; *reject_reason = SAM_PWD_CHANGE_NO_ERROR;
} }
return NT_STATUS_PASSWORD_RESTRICTION; return NT_STATUS_PASSWORD_RESTRICTION;
} }
@ -1768,14 +1768,14 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
if (lmNewHash && lmPwdHash && memcmp(lmNewHash->hash, if (lmNewHash && lmPwdHash && memcmp(lmNewHash->hash,
lmPwdHash->hash, 16) == 0) { lmPwdHash->hash, 16) == 0) {
if (reject_reason) { if (reject_reason) {
*reject_reason = SAMR_REJECT_IN_HISTORY; *reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
} }
return NT_STATUS_PASSWORD_RESTRICTION; return NT_STATUS_PASSWORD_RESTRICTION;
} }
if (ntNewHash && ntPwdHash && memcmp(ntNewHash->hash, if (ntNewHash && ntPwdHash && memcmp(ntNewHash->hash,
ntPwdHash->hash, 16) == 0) { ntPwdHash->hash, 16) == 0) {
if (reject_reason) { if (reject_reason) {
*reject_reason = SAMR_REJECT_IN_HISTORY; *reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
} }
return NT_STATUS_PASSWORD_RESTRICTION; return NT_STATUS_PASSWORD_RESTRICTION;
} }
@ -1791,7 +1791,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
if (memcmp(lmNewHash->hash, sambaLMPwdHistory[i].hash, if (memcmp(lmNewHash->hash, sambaLMPwdHistory[i].hash,
16) == 0) { 16) == 0) {
if (reject_reason) { if (reject_reason) {
*reject_reason = SAMR_REJECT_IN_HISTORY; *reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
} }
return NT_STATUS_PASSWORD_RESTRICTION; return NT_STATUS_PASSWORD_RESTRICTION;
} }
@ -1800,7 +1800,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
if (memcmp(ntNewHash->hash, sambaNTPwdHistory[i].hash, if (memcmp(ntNewHash->hash, sambaNTPwdHistory[i].hash,
16) == 0) { 16) == 0) {
if (reject_reason) { if (reject_reason) {
*reject_reason = SAMR_REJECT_IN_HISTORY; *reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
} }
return NT_STATUS_PASSWORD_RESTRICTION; return NT_STATUS_PASSWORD_RESTRICTION;
} }
@ -1833,6 +1833,9 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
} }
} }
if (reject_reason) {
*reject_reason = SAM_PWD_CHANGE_NO_ERROR;
}
return NT_STATUS_OK; return NT_STATUS_OK;
} }
@ -1851,7 +1854,7 @@ NTSTATUS samdb_set_password_sid(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
struct samr_Password *lmNewHash, struct samr_Password *lmNewHash,
struct samr_Password *ntNewHash, struct samr_Password *ntNewHash,
bool user_change, bool user_change,
enum samr_RejectReason *reject_reason, enum samPwdChangeReason *reject_reason,
struct samr_DomInfo1 **_dominfo) struct samr_DomInfo1 **_dominfo)
{ {
NTSTATUS nt_status; NTSTATUS nt_status;

17
source4/kdc/kpasswdd.c
View File

@ -113,7 +113,7 @@ static bool kpasswdd_make_unauth_error_reply(struct kdc_server *kdc,
static bool kpasswd_make_pwchange_reply(struct kdc_server *kdc, static bool kpasswd_make_pwchange_reply(struct kdc_server *kdc,
TALLOC_CTX *mem_ctx, TALLOC_CTX *mem_ctx,
NTSTATUS status, NTSTATUS status,
enum samr_RejectReason reject_reason, enum samPwdChangeReason reject_reason,
struct samr_DomInfo1 *dominfo, struct samr_DomInfo1 *dominfo,
DATA_BLOB *error_blob) DATA_BLOB *error_blob)
{ {
@ -132,17 +132,16 @@ static bool kpasswd_make_pwchange_reply(struct kdc_server *kdc,
if (dominfo && NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) { if (dominfo && NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
const char *reject_string; const char *reject_string;
switch (reject_reason) { switch (reject_reason) {
case SAMR_REJECT_TOO_SHORT: case SAM_PWD_CHANGE_PASSWORD_TOO_SHORT:
reject_string = talloc_asprintf(mem_ctx, "Password too short, password must be at least %d characters long", reject_string = talloc_asprintf(mem_ctx, "Password too short, password must be at least %d characters long",
dominfo->min_password_length); dominfo->min_password_length);
break; break;
case SAMR_REJECT_COMPLEXITY: case SAM_PWD_CHANGE_NOT_COMPLEX:
reject_string = "Password does not meet complexity requirements"; reject_string = "Password does not meet complexity requirements";
break; break;
case SAMR_REJECT_IN_HISTORY: case SAM_PWD_CHANGE_PWD_IN_HISTORY:
reject_string = "Password is already in password history"; reject_string = "Password is already in password history";
break; break;
case SAMR_REJECT_OTHER:
default: default:
reject_string = talloc_asprintf(mem_ctx, "Password must be at least %d characters long, and cannot match any of your %d previous passwords", reject_string = talloc_asprintf(mem_ctx, "Password must be at least %d characters long, and cannot match any of your %d previous passwords",
dominfo->min_password_length, dominfo->password_history_length); dominfo->min_password_length, dominfo->password_history_length);
@ -178,7 +177,7 @@ static bool kpasswdd_change_password(struct kdc_server *kdc,
DATA_BLOB *reply) DATA_BLOB *reply)
{ {
NTSTATUS status; NTSTATUS status;
enum samr_RejectReason reject_reason; enum samPwdChangeReason reject_reason;
struct samr_DomInfo1 *dominfo; struct samr_DomInfo1 *dominfo;
struct ldb_context *samdb; struct ldb_context *samdb;
@ -248,7 +247,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
case KRB5_KPASSWD_VERS_SETPW: case KRB5_KPASSWD_VERS_SETPW:
{ {
NTSTATUS status; NTSTATUS status;
enum samr_RejectReason reject_reason = SAMR_REJECT_OTHER; enum samPwdChangeReason reject_reason = SAM_PWD_CHANGE_NO_ERROR;
struct samr_DomInfo1 *dominfo = NULL; struct samr_DomInfo1 *dominfo = NULL;
struct ldb_context *samdb; struct ldb_context *samdb;
struct ldb_message *msg; struct ldb_message *msg;
@ -349,7 +348,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
status = NT_STATUS_TRANSACTION_ABORTED; status = NT_STATUS_TRANSACTION_ABORTED;
return kpasswd_make_pwchange_reply(kdc, mem_ctx, return kpasswd_make_pwchange_reply(kdc, mem_ctx,
status, status,
SAMR_REJECT_OTHER, SAM_PWD_CHANGE_NO_ERROR,
NULL, NULL,
reply); reply);
} }
@ -362,7 +361,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
ldb_transaction_cancel(samdb); ldb_transaction_cancel(samdb);
return kpasswd_make_pwchange_reply(kdc, mem_ctx, return kpasswd_make_pwchange_reply(kdc, mem_ctx,
status, status,
SAMR_REJECT_OTHER, SAM_PWD_CHANGE_NO_ERROR,
NULL, NULL,
reply); reply);
} }

39
source4/rpc_server/samr/samr_password.c
View File

@ -177,8 +177,9 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
/* /*
samr_OemChangePasswordUser2 samr_OemChangePasswordUser2
*/ */
NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
struct samr_OemChangePasswordUser2 *r) TALLOC_CTX *mem_ctx,
struct samr_OemChangePasswordUser2 *r)
{ {
NTSTATUS status; NTSTATUS status;
DATA_BLOB new_password, new_unicode_password; DATA_BLOB new_password, new_unicode_password;
@ -335,8 +336,8 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
samr_ChangePasswordUser3 samr_ChangePasswordUser3
*/ */
NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx, TALLOC_CTX *mem_ctx,
struct samr_ChangePasswordUser3 *r) struct samr_ChangePasswordUser3 *r)
{ {
NTSTATUS status; NTSTATUS status;
DATA_BLOB new_password; DATA_BLOB new_password;
@ -348,8 +349,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
struct samr_Password *nt_pwd, *lm_pwd; struct samr_Password *nt_pwd, *lm_pwd;
DATA_BLOB nt_pwd_blob; DATA_BLOB nt_pwd_blob;
struct samr_DomInfo1 *dominfo = NULL; struct samr_DomInfo1 *dominfo = NULL;
struct samr_ChangeReject *reject = NULL; struct userPwdChangeFailureInformation *reject = NULL;
enum samr_RejectReason reason = SAMR_REJECT_OTHER; enum samPwdChangeReason reason = SAM_PWD_CHANGE_NO_ERROR;
uint8_t new_nt_hash[16], new_lm_hash[16]; uint8_t new_nt_hash[16], new_lm_hash[16];
struct samr_Password nt_verifier, lm_verifier; struct samr_Password nt_verifier, lm_verifier;
@ -465,6 +466,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
true, /* this is a user password change */ true, /* this is a user password change */
&reason, &reason,
&dominfo); &dominfo);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
goto failed; goto failed;
} }
@ -494,18 +496,16 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
failed: failed:
ldb_transaction_cancel(sam_ctx); ldb_transaction_cancel(sam_ctx);
talloc_free(sam_ctx);
reject = talloc(mem_ctx, struct samr_ChangeReject); reject = talloc(mem_ctx, struct userPwdChangeFailureInformation);
*r->out.dominfo = dominfo; if (reject != NULL) {
*r->out.reject = reject; ZERO_STRUCTP(reject);
reject->extendedFailureReason = reason;
if (reject == NULL) { *r->out.reject = reject;
return status;
} }
ZERO_STRUCTP(reject);
reject->reason = reason; *r->out.dominfo = dominfo;
return status; return status;
} }
@ -516,12 +516,13 @@ failed:
easy - just a subset of samr_ChangePasswordUser3 easy - just a subset of samr_ChangePasswordUser3
*/ */
NTSTATUS dcesrv_samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, NTSTATUS dcesrv_samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call,
struct samr_ChangePasswordUser2 *r) TALLOC_CTX *mem_ctx,
struct samr_ChangePasswordUser2 *r)
{ {
struct samr_ChangePasswordUser3 r2; struct samr_ChangePasswordUser3 r2;
struct samr_DomInfo1 *dominfo = NULL; struct samr_DomInfo1 *dominfo = NULL;
struct samr_ChangeReject *reject = NULL; struct userPwdChangeFailureInformation *reject = NULL;
r2.in.server = r->in.server; r2.in.server = r->in.server;
r2.in.account = r->in.account; r2.in.account = r->in.account;
@ -584,7 +585,8 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
*/ */
NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call, NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
struct ldb_context *sam_ctx, struct ldb_context *sam_ctx,
struct ldb_dn *account_dn, struct ldb_dn *domain_dn, struct ldb_dn *account_dn,
struct ldb_dn *domain_dn,
TALLOC_CTX *mem_ctx, TALLOC_CTX *mem_ctx,
struct ldb_message *msg, struct ldb_message *msg,
struct samr_CryptPasswordEx *pwbuf) struct samr_CryptPasswordEx *pwbuf)
@ -627,4 +629,3 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
NULL, NULL); NULL, NULL);
} }

54
source4/torture/rpc/samr.c
View File

@ -2132,7 +2132,7 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
uint8_t old_lm_hash[16], new_lm_hash[16]; uint8_t old_lm_hash[16], new_lm_hash[16];
NTTIME t; NTTIME t;
struct samr_DomInfo1 *dominfo = NULL; struct samr_DomInfo1 *dominfo = NULL;
struct samr_ChangeReject *reject = NULL; struct userPwdChangeFailureInformation *reject = NULL;
torture_comment(tctx, "Testing ChangePasswordUser3\n"); torture_comment(tctx, "Testing ChangePasswordUser3\n");
@ -2269,9 +2269,9 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
&& (!null_nttime(last_password_change) || !dominfo->min_password_age)) { && (!null_nttime(last_password_change) || !dominfo->min_password_age)) {
if (dominfo->password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE ) { if (dominfo->password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE ) {
if (reject && (reject->reason != SAMR_REJECT_OTHER)) { if (reject && (reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR)) {
torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n", torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
SAMR_REJECT_OTHER, reject->reason); SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false; return false;
} }
} }
@ -2288,40 +2288,40 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
if ((dominfo->min_password_age > 0) && !null_nttime(last_password_change) && if ((dominfo->min_password_age > 0) && !null_nttime(last_password_change) &&
(last_password_change + dominfo->min_password_age > t)) { (last_password_change + dominfo->min_password_age > t)) {
if (reject->reason != SAMR_REJECT_OTHER) { if (reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n", torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
SAMR_REJECT_OTHER, reject->reason); SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false; return false;
} }
} else if ((dominfo->min_password_length > 0) && } else if ((dominfo->min_password_length > 0) &&
(strlen(newpass) < dominfo->min_password_length)) { (strlen(newpass) < dominfo->min_password_length)) {
if (reject->reason != SAMR_REJECT_TOO_SHORT) { if (reject->extendedFailureReason != SAM_PWD_CHANGE_PASSWORD_TOO_SHORT) {
torture_warning(tctx, "expected SAMR_REJECT_TOO_SHORT (%d), got %d\n", torture_warning(tctx, "expected SAM_PWD_CHANGE_PASSWORD_TOO_SHORT (%d), got %d\n",
SAMR_REJECT_TOO_SHORT, reject->reason); SAM_PWD_CHANGE_PASSWORD_TOO_SHORT, reject->extendedFailureReason);
return false; return false;
} }
} else if ((dominfo->password_history_length > 0) && } else if ((dominfo->password_history_length > 0) &&
strequal(oldpass, newpass)) { strequal(oldpass, newpass)) {
if (reject->reason != SAMR_REJECT_IN_HISTORY) { if (reject->extendedFailureReason != SAM_PWD_CHANGE_PWD_IN_HISTORY) {
torture_warning(tctx, "expected SAMR_REJECT_IN_HISTORY (%d), got %d\n", torture_warning(tctx, "expected SAM_PWD_CHANGE_PWD_IN_HISTORY (%d), got %d\n",
SAMR_REJECT_IN_HISTORY, reject->reason); SAM_PWD_CHANGE_PWD_IN_HISTORY, reject->extendedFailureReason);
return false; return false;
} }
} else if (dominfo->password_properties & DOMAIN_PASSWORD_COMPLEX) { } else if (dominfo->password_properties & DOMAIN_PASSWORD_COMPLEX) {
if (reject->reason != SAMR_REJECT_COMPLEXITY) { if (reject->extendedFailureReason != SAM_PWD_CHANGE_NOT_COMPLEX) {
torture_warning(tctx, "expected SAMR_REJECT_COMPLEXITY (%d), got %d\n", torture_warning(tctx, "expected SAM_PWD_CHANGE_NOT_COMPLEX (%d), got %d\n",
SAMR_REJECT_COMPLEXITY, reject->reason); SAM_PWD_CHANGE_NOT_COMPLEX, reject->extendedFailureReason);
return false; return false;
} }
} }
if (reject->reason == SAMR_REJECT_TOO_SHORT) { if (reject->extendedFailureReason == SAM_PWD_CHANGE_PASSWORD_TOO_SHORT) {
/* retry with adjusted size */ /* retry with adjusted size */
return test_ChangePasswordUser3(p, tctx, account_string, return test_ChangePasswordUser3(p, tctx, account_string,
dominfo->min_password_length, dominfo->min_password_length,
@ -2330,9 +2330,9 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
} }
} else if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) { } else if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
if (reject && reject->reason != SAMR_REJECT_OTHER) { if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n", torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
SAMR_REJECT_OTHER, reject->reason); SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false; return false;
} }
/* Perhaps the server has a 'min password age' set? */ /* Perhaps the server has a 'min password age' set? */
@ -2369,7 +2369,7 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
uint8_t old_nt_hash[16], new_nt_hash[16]; uint8_t old_nt_hash[16], new_nt_hash[16];
NTTIME t; NTTIME t;
struct samr_DomInfo1 *dominfo = NULL; struct samr_DomInfo1 *dominfo = NULL;
struct samr_ChangeReject *reject = NULL; struct userPwdChangeFailureInformation *reject = NULL;
new_random_pass = samr_very_rand_pass(tctx, 128); new_random_pass = samr_very_rand_pass(tctx, 128);
@ -2444,9 +2444,9 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r); status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) { if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
if (reject && reject->reason != SAMR_REJECT_OTHER) { if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n", torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
SAMR_REJECT_OTHER, reject->reason); SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false; return false;
} }
/* Perhaps the server has a 'min password age' set? */ /* Perhaps the server has a 'min password age' set? */
@ -2482,9 +2482,9 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r); status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) { if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
if (reject && reject->reason != SAMR_REJECT_OTHER) { if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n", torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
SAMR_REJECT_OTHER, reject->reason); SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false; return false;
} }
/* Perhaps the server has a 'min password age' set? */ /* Perhaps the server has a 'min password age' set? */