mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s3/s4 - Adapt the IDL changes on various locations
This commit is contained in:
parent
c2685cdedb
commit
607ceff234
@ -5427,7 +5427,7 @@ NTSTATUS rpccli_samr_chgpasswd_user3(struct rpc_pipe_client *cli,
|
||||
const char *newpassword,
|
||||
const char *oldpassword,
|
||||
struct samr_DomInfo1 **dominfo1,
|
||||
struct samr_ChangeReject **reject);
|
||||
struct userPwdChangeFailureInformation **reject);
|
||||
void get_query_dispinfo_params(int loop_count, uint32 *max_entries,
|
||||
uint32 *max_size);
|
||||
NTSTATUS rpccli_try_samr_connects(struct rpc_pipe_client *cli,
|
||||
|
@ -187,7 +187,7 @@ NTSTATUS rpccli_samr_chgpasswd_user3(struct rpc_pipe_client *cli,
|
||||
const char *newpassword,
|
||||
const char *oldpassword,
|
||||
struct samr_DomInfo1 **dominfo1,
|
||||
struct samr_ChangeReject **reject)
|
||||
struct userPwdChangeFailureInformation **reject)
|
||||
{
|
||||
NTSTATUS status;
|
||||
|
||||
|
@ -2025,7 +2025,7 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
|
||||
const char *wks = NULL;
|
||||
uint32 reject_reason;
|
||||
struct samr_DomInfo1 *dominfo = NULL;
|
||||
struct samr_ChangeReject *reject = NULL;
|
||||
struct userPwdChangeFailureInformation *reject = NULL;
|
||||
uint32_t tmp;
|
||||
|
||||
DEBUG(5,("_samr_ChangePasswordUser3: %d\n", __LINE__));
|
||||
@ -2070,7 +2070,8 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
reject = TALLOC_ZERO_P(p->mem_ctx, struct samr_ChangeReject);
|
||||
reject = TALLOC_ZERO_P(p->mem_ctx,
|
||||
struct userPwdChangeFailureInformation);
|
||||
if (!reject) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
@ -2105,7 +2106,7 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
|
||||
dominfo->password_properties |= DOMAIN_PASSWORD_COMPLEX;
|
||||
}
|
||||
|
||||
reject->reason = reject_reason;
|
||||
reject->extendedFailureReason = reject_reason;
|
||||
|
||||
*r->out.dominfo = dominfo;
|
||||
*r->out.reject = reject;
|
||||
|
@ -2538,7 +2538,7 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
|
||||
const char *user, *oldpass, *newpass;
|
||||
uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
|
||||
struct samr_DomInfo1 *info = NULL;
|
||||
struct samr_ChangeReject *reject = NULL;
|
||||
struct userPwdChangeFailureInformation *reject = NULL;
|
||||
|
||||
if (argc < 3) {
|
||||
printf("Usage: %s username oldpass newpass\n", argv[0]);
|
||||
@ -2581,22 +2581,19 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
|
||||
|
||||
display_sam_dom_info_1(info);
|
||||
|
||||
switch (reject->reason) {
|
||||
case SAMR_REJECT_TOO_SHORT:
|
||||
d_printf("SAMR_REJECT_TOO_SHORT\n");
|
||||
switch (reject->extendedFailureReason) {
|
||||
case SAM_PWD_CHANGE_PASSWORD_TOO_SHORT:
|
||||
d_printf("SAM_PWD_CHANGE_PASSWORD_TOO_SHORT\n");
|
||||
break;
|
||||
case SAMR_REJECT_IN_HISTORY:
|
||||
d_printf("SAMR_REJECT_IN_HISTORY\n");
|
||||
case SAM_PWD_CHANGE_PWD_IN_HISTORY:
|
||||
d_printf("SAM_PWD_CHANGE_PWD_IN_HISTORY\n");
|
||||
break;
|
||||
case SAMR_REJECT_COMPLEXITY:
|
||||
d_printf("SAMR_REJECT_COMPLEXITY\n");
|
||||
break;
|
||||
case SAMR_REJECT_OTHER:
|
||||
d_printf("SAMR_REJECT_OTHER\n");
|
||||
case SAM_PWD_CHANGE_NOT_COMPLEX:
|
||||
d_printf("SAM_PWD_CHANGE_NOT_COMPLEX\n");
|
||||
break;
|
||||
default:
|
||||
d_printf("unknown reject reason: %d\n",
|
||||
reject->reason);
|
||||
reject->extendedFailureReason);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -778,7 +778,7 @@ NTSTATUS pass_oem_change(char *user,
|
||||
const uchar old_lm_hash_encrypted[16],
|
||||
uchar password_encrypted_with_nt_hash[516],
|
||||
const uchar old_nt_hash_encrypted[16],
|
||||
uint32 *reject_reason)
|
||||
enum samPwdChangeReason *reject_reason)
|
||||
{
|
||||
char *new_passwd = NULL;
|
||||
struct samu *sampass = NULL;
|
||||
@ -1081,7 +1081,7 @@ static bool check_passwd_history(struct samu *sampass, const char *plaintext)
|
||||
is correct before calling. JRA.
|
||||
************************************************************/
|
||||
|
||||
NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passwd, bool as_root, uint32 *samr_reject_reason)
|
||||
NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passwd, bool as_root, enum samPwdChangeReason *samr_reject_reason)
|
||||
{
|
||||
uint32 min_len;
|
||||
uint32 refuse;
|
||||
@ -1091,14 +1091,14 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
|
||||
time_t can_change_time = pdb_get_pass_can_change_time(hnd);
|
||||
|
||||
if (samr_reject_reason) {
|
||||
*samr_reject_reason = Undefined;
|
||||
*samr_reject_reason = SAM_PWD_CHANGE_NO_ERROR;
|
||||
}
|
||||
|
||||
/* check to see if the secdesc has previously been set to disallow */
|
||||
if (!pdb_get_pass_can_change(hnd)) {
|
||||
DEBUG(1, ("user %s does not have permissions to change password\n", username));
|
||||
if (samr_reject_reason) {
|
||||
*samr_reject_reason = SAMR_REJECT_OTHER;
|
||||
*samr_reject_reason = SAM_PWD_CHANGE_NO_ERROR;
|
||||
}
|
||||
return NT_STATUS_ACCOUNT_RESTRICTION;
|
||||
}
|
||||
@ -1112,7 +1112,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
|
||||
"denied by Refuse Machine Password Change policy\n",
|
||||
username));
|
||||
if (samr_reject_reason) {
|
||||
*samr_reject_reason = SAMR_REJECT_OTHER;
|
||||
*samr_reject_reason = SAM_PWD_CHANGE_NO_ERROR;
|
||||
}
|
||||
return NT_STATUS_ACCOUNT_RESTRICTION;
|
||||
}
|
||||
@ -1125,7 +1125,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
|
||||
"wait until %s\n", username,
|
||||
http_timestring(tosctx, can_change_time)));
|
||||
if (samr_reject_reason) {
|
||||
*samr_reject_reason = SAMR_REJECT_OTHER;
|
||||
*samr_reject_reason = SAM_PWD_CHANGE_NO_ERROR;
|
||||
}
|
||||
return NT_STATUS_ACCOUNT_RESTRICTION;
|
||||
}
|
||||
@ -1135,7 +1135,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
|
||||
username));
|
||||
DEBUGADD(1, (" account policy min password len = %d\n", min_len));
|
||||
if (samr_reject_reason) {
|
||||
*samr_reject_reason = SAMR_REJECT_TOO_SHORT;
|
||||
*samr_reject_reason = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT;
|
||||
}
|
||||
return NT_STATUS_PASSWORD_RESTRICTION;
|
||||
/* return NT_STATUS_PWD_TOO_SHORT; */
|
||||
@ -1143,7 +1143,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
|
||||
|
||||
if (check_passwd_history(hnd,new_passwd)) {
|
||||
if (samr_reject_reason) {
|
||||
*samr_reject_reason = SAMR_REJECT_IN_HISTORY;
|
||||
*samr_reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
|
||||
}
|
||||
return NT_STATUS_PASSWORD_RESTRICTION;
|
||||
}
|
||||
@ -1171,7 +1171,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
|
||||
if (check_ret != 0) {
|
||||
DEBUG(1, ("change_oem_password: check password script said new password is not good enough!\n"));
|
||||
if (samr_reject_reason) {
|
||||
*samr_reject_reason = SAMR_REJECT_COMPLEXITY;
|
||||
*samr_reject_reason = SAM_PWD_CHANGE_NOT_COMPLEX;
|
||||
}
|
||||
TALLOC_FREE(pass);
|
||||
return NT_STATUS_PASSWORD_RESTRICTION;
|
||||
|
@ -2060,7 +2060,7 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact
|
||||
struct rpc_pipe_client *cli;
|
||||
bool got_info = false;
|
||||
struct samr_DomInfo1 *info = NULL;
|
||||
struct samr_ChangeReject *reject = NULL;
|
||||
struct userPwdChangeFailureInformation *reject = NULL;
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
fstring domain, user;
|
||||
|
||||
@ -2102,7 +2102,7 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact
|
||||
fill_in_password_policy(state->response, info);
|
||||
|
||||
state->response->data.auth.reject_reason =
|
||||
reject->reason;
|
||||
reject->extendedFailureReason;
|
||||
|
||||
got_info = true;
|
||||
}
|
||||
|
@ -1583,7 +1583,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
|
||||
struct samr_Password *param_lmNewHash,
|
||||
struct samr_Password *param_ntNewHash,
|
||||
bool user_change,
|
||||
enum samr_RejectReason *reject_reason,
|
||||
enum samPwdChangeReason *reject_reason,
|
||||
struct samr_DomInfo1 **_dominfo)
|
||||
{
|
||||
const char * const user_attrs[] = { "userAccountControl",
|
||||
@ -1702,7 +1702,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
|
||||
&& (minPwdLength > utf16_len_n(
|
||||
new_password->data, new_password->length)/2)) {
|
||||
if (reject_reason) {
|
||||
*reject_reason = SAMR_REJECT_TOO_SHORT;
|
||||
*reject_reason = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT;
|
||||
}
|
||||
return NT_STATUS_PASSWORD_RESTRICTION;
|
||||
}
|
||||
@ -1726,7 +1726,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
|
||||
& DOMAIN_PASSWORD_COMPLEX) != 0)
|
||||
&& (!check_password_quality(new_pass))) {
|
||||
if (reject_reason) {
|
||||
*reject_reason = SAMR_REJECT_COMPLEXITY;
|
||||
*reject_reason = SAM_PWD_CHANGE_NOT_COMPLEX;
|
||||
}
|
||||
return NT_STATUS_PASSWORD_RESTRICTION;
|
||||
}
|
||||
@ -1742,7 +1742,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
|
||||
/* are all password changes disallowed? */
|
||||
if ((pwdProperties & DOMAIN_REFUSE_PASSWORD_CHANGE) != 0) {
|
||||
if (reject_reason) {
|
||||
*reject_reason = SAMR_REJECT_OTHER;
|
||||
*reject_reason = SAM_PWD_CHANGE_NO_ERROR;
|
||||
}
|
||||
return NT_STATUS_PASSWORD_RESTRICTION;
|
||||
}
|
||||
@ -1750,7 +1750,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
|
||||
/* can this user change the password? */
|
||||
if ((userAccountControl & UF_PASSWD_CANT_CHANGE) != 0) {
|
||||
if (reject_reason) {
|
||||
*reject_reason = SAMR_REJECT_OTHER;
|
||||
*reject_reason = SAM_PWD_CHANGE_NO_ERROR;
|
||||
}
|
||||
return NT_STATUS_PASSWORD_RESTRICTION;
|
||||
}
|
||||
@ -1758,7 +1758,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
|
||||
/* Password minimum age: yes, this is a minus. The ages are in negative 100nsec units! */
|
||||
if (pwdLastSet - minPwdAge > now_nt) {
|
||||
if (reject_reason) {
|
||||
*reject_reason = SAMR_REJECT_OTHER;
|
||||
*reject_reason = SAM_PWD_CHANGE_NO_ERROR;
|
||||
}
|
||||
return NT_STATUS_PASSWORD_RESTRICTION;
|
||||
}
|
||||
@ -1768,14 +1768,14 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
|
||||
if (lmNewHash && lmPwdHash && memcmp(lmNewHash->hash,
|
||||
lmPwdHash->hash, 16) == 0) {
|
||||
if (reject_reason) {
|
||||
*reject_reason = SAMR_REJECT_IN_HISTORY;
|
||||
*reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
|
||||
}
|
||||
return NT_STATUS_PASSWORD_RESTRICTION;
|
||||
}
|
||||
if (ntNewHash && ntPwdHash && memcmp(ntNewHash->hash,
|
||||
ntPwdHash->hash, 16) == 0) {
|
||||
if (reject_reason) {
|
||||
*reject_reason = SAMR_REJECT_IN_HISTORY;
|
||||
*reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
|
||||
}
|
||||
return NT_STATUS_PASSWORD_RESTRICTION;
|
||||
}
|
||||
@ -1791,7 +1791,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
|
||||
if (memcmp(lmNewHash->hash, sambaLMPwdHistory[i].hash,
|
||||
16) == 0) {
|
||||
if (reject_reason) {
|
||||
*reject_reason = SAMR_REJECT_IN_HISTORY;
|
||||
*reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
|
||||
}
|
||||
return NT_STATUS_PASSWORD_RESTRICTION;
|
||||
}
|
||||
@ -1800,7 +1800,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
|
||||
if (memcmp(ntNewHash->hash, sambaNTPwdHistory[i].hash,
|
||||
16) == 0) {
|
||||
if (reject_reason) {
|
||||
*reject_reason = SAMR_REJECT_IN_HISTORY;
|
||||
*reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
|
||||
}
|
||||
return NT_STATUS_PASSWORD_RESTRICTION;
|
||||
}
|
||||
@ -1833,6 +1833,9 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
}
|
||||
|
||||
if (reject_reason) {
|
||||
*reject_reason = SAM_PWD_CHANGE_NO_ERROR;
|
||||
}
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
@ -1851,7 +1854,7 @@ NTSTATUS samdb_set_password_sid(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
|
||||
struct samr_Password *lmNewHash,
|
||||
struct samr_Password *ntNewHash,
|
||||
bool user_change,
|
||||
enum samr_RejectReason *reject_reason,
|
||||
enum samPwdChangeReason *reject_reason,
|
||||
struct samr_DomInfo1 **_dominfo)
|
||||
{
|
||||
NTSTATUS nt_status;
|
||||
|
@ -113,7 +113,7 @@ static bool kpasswdd_make_unauth_error_reply(struct kdc_server *kdc,
|
||||
static bool kpasswd_make_pwchange_reply(struct kdc_server *kdc,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
NTSTATUS status,
|
||||
enum samr_RejectReason reject_reason,
|
||||
enum samPwdChangeReason reject_reason,
|
||||
struct samr_DomInfo1 *dominfo,
|
||||
DATA_BLOB *error_blob)
|
||||
{
|
||||
@ -132,17 +132,16 @@ static bool kpasswd_make_pwchange_reply(struct kdc_server *kdc,
|
||||
if (dominfo && NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
|
||||
const char *reject_string;
|
||||
switch (reject_reason) {
|
||||
case SAMR_REJECT_TOO_SHORT:
|
||||
case SAM_PWD_CHANGE_PASSWORD_TOO_SHORT:
|
||||
reject_string = talloc_asprintf(mem_ctx, "Password too short, password must be at least %d characters long",
|
||||
dominfo->min_password_length);
|
||||
break;
|
||||
case SAMR_REJECT_COMPLEXITY:
|
||||
case SAM_PWD_CHANGE_NOT_COMPLEX:
|
||||
reject_string = "Password does not meet complexity requirements";
|
||||
break;
|
||||
case SAMR_REJECT_IN_HISTORY:
|
||||
case SAM_PWD_CHANGE_PWD_IN_HISTORY:
|
||||
reject_string = "Password is already in password history";
|
||||
break;
|
||||
case SAMR_REJECT_OTHER:
|
||||
default:
|
||||
reject_string = talloc_asprintf(mem_ctx, "Password must be at least %d characters long, and cannot match any of your %d previous passwords",
|
||||
dominfo->min_password_length, dominfo->password_history_length);
|
||||
@ -178,7 +177,7 @@ static bool kpasswdd_change_password(struct kdc_server *kdc,
|
||||
DATA_BLOB *reply)
|
||||
{
|
||||
NTSTATUS status;
|
||||
enum samr_RejectReason reject_reason;
|
||||
enum samPwdChangeReason reject_reason;
|
||||
struct samr_DomInfo1 *dominfo;
|
||||
struct ldb_context *samdb;
|
||||
|
||||
@ -248,7 +247,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
|
||||
case KRB5_KPASSWD_VERS_SETPW:
|
||||
{
|
||||
NTSTATUS status;
|
||||
enum samr_RejectReason reject_reason = SAMR_REJECT_OTHER;
|
||||
enum samPwdChangeReason reject_reason = SAM_PWD_CHANGE_NO_ERROR;
|
||||
struct samr_DomInfo1 *dominfo = NULL;
|
||||
struct ldb_context *samdb;
|
||||
struct ldb_message *msg;
|
||||
@ -349,7 +348,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
|
||||
status = NT_STATUS_TRANSACTION_ABORTED;
|
||||
return kpasswd_make_pwchange_reply(kdc, mem_ctx,
|
||||
status,
|
||||
SAMR_REJECT_OTHER,
|
||||
SAM_PWD_CHANGE_NO_ERROR,
|
||||
NULL,
|
||||
reply);
|
||||
}
|
||||
@ -362,7 +361,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
|
||||
ldb_transaction_cancel(samdb);
|
||||
return kpasswd_make_pwchange_reply(kdc, mem_ctx,
|
||||
status,
|
||||
SAMR_REJECT_OTHER,
|
||||
SAM_PWD_CHANGE_NO_ERROR,
|
||||
NULL,
|
||||
reply);
|
||||
}
|
||||
|
@ -177,7 +177,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
|
||||
/*
|
||||
samr_OemChangePasswordUser2
|
||||
*/
|
||||
NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
|
||||
NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct samr_OemChangePasswordUser2 *r)
|
||||
{
|
||||
NTSTATUS status;
|
||||
@ -348,8 +349,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
|
||||
struct samr_Password *nt_pwd, *lm_pwd;
|
||||
DATA_BLOB nt_pwd_blob;
|
||||
struct samr_DomInfo1 *dominfo = NULL;
|
||||
struct samr_ChangeReject *reject = NULL;
|
||||
enum samr_RejectReason reason = SAMR_REJECT_OTHER;
|
||||
struct userPwdChangeFailureInformation *reject = NULL;
|
||||
enum samPwdChangeReason reason = SAM_PWD_CHANGE_NO_ERROR;
|
||||
uint8_t new_nt_hash[16], new_lm_hash[16];
|
||||
struct samr_Password nt_verifier, lm_verifier;
|
||||
|
||||
@ -465,6 +466,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
|
||||
true, /* this is a user password change */
|
||||
&reason,
|
||||
&dominfo);
|
||||
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
goto failed;
|
||||
}
|
||||
@ -494,18 +496,16 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
|
||||
|
||||
failed:
|
||||
ldb_transaction_cancel(sam_ctx);
|
||||
talloc_free(sam_ctx);
|
||||
|
||||
reject = talloc(mem_ctx, struct samr_ChangeReject);
|
||||
*r->out.dominfo = dominfo;
|
||||
*r->out.reject = reject;
|
||||
|
||||
if (reject == NULL) {
|
||||
return status;
|
||||
}
|
||||
reject = talloc(mem_ctx, struct userPwdChangeFailureInformation);
|
||||
if (reject != NULL) {
|
||||
ZERO_STRUCTP(reject);
|
||||
reject->extendedFailureReason = reason;
|
||||
|
||||
reject->reason = reason;
|
||||
*r->out.reject = reject;
|
||||
}
|
||||
|
||||
*r->out.dominfo = dominfo;
|
||||
|
||||
return status;
|
||||
}
|
||||
@ -516,12 +516,13 @@ failed:
|
||||
|
||||
easy - just a subset of samr_ChangePasswordUser3
|
||||
*/
|
||||
NTSTATUS dcesrv_samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
|
||||
NTSTATUS dcesrv_samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct samr_ChangePasswordUser2 *r)
|
||||
{
|
||||
struct samr_ChangePasswordUser3 r2;
|
||||
struct samr_DomInfo1 *dominfo = NULL;
|
||||
struct samr_ChangeReject *reject = NULL;
|
||||
struct userPwdChangeFailureInformation *reject = NULL;
|
||||
|
||||
r2.in.server = r->in.server;
|
||||
r2.in.account = r->in.account;
|
||||
@ -584,7 +585,8 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
|
||||
*/
|
||||
NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
|
||||
struct ldb_context *sam_ctx,
|
||||
struct ldb_dn *account_dn, struct ldb_dn *domain_dn,
|
||||
struct ldb_dn *account_dn,
|
||||
struct ldb_dn *domain_dn,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct ldb_message *msg,
|
||||
struct samr_CryptPasswordEx *pwbuf)
|
||||
@ -627,4 +629,3 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
|
||||
NULL, NULL);
|
||||
}
|
||||
|
||||
|
||||
|
@ -2132,7 +2132,7 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
|
||||
uint8_t old_lm_hash[16], new_lm_hash[16];
|
||||
NTTIME t;
|
||||
struct samr_DomInfo1 *dominfo = NULL;
|
||||
struct samr_ChangeReject *reject = NULL;
|
||||
struct userPwdChangeFailureInformation *reject = NULL;
|
||||
|
||||
torture_comment(tctx, "Testing ChangePasswordUser3\n");
|
||||
|
||||
@ -2269,9 +2269,9 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
|
||||
&& (!null_nttime(last_password_change) || !dominfo->min_password_age)) {
|
||||
if (dominfo->password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE ) {
|
||||
|
||||
if (reject && (reject->reason != SAMR_REJECT_OTHER)) {
|
||||
torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
|
||||
SAMR_REJECT_OTHER, reject->reason);
|
||||
if (reject && (reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR)) {
|
||||
torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
|
||||
SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@ -2288,40 +2288,40 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
|
||||
if ((dominfo->min_password_age > 0) && !null_nttime(last_password_change) &&
|
||||
(last_password_change + dominfo->min_password_age > t)) {
|
||||
|
||||
if (reject->reason != SAMR_REJECT_OTHER) {
|
||||
torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
|
||||
SAMR_REJECT_OTHER, reject->reason);
|
||||
if (reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
|
||||
torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
|
||||
SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
|
||||
return false;
|
||||
}
|
||||
|
||||
} else if ((dominfo->min_password_length > 0) &&
|
||||
(strlen(newpass) < dominfo->min_password_length)) {
|
||||
|
||||
if (reject->reason != SAMR_REJECT_TOO_SHORT) {
|
||||
torture_warning(tctx, "expected SAMR_REJECT_TOO_SHORT (%d), got %d\n",
|
||||
SAMR_REJECT_TOO_SHORT, reject->reason);
|
||||
if (reject->extendedFailureReason != SAM_PWD_CHANGE_PASSWORD_TOO_SHORT) {
|
||||
torture_warning(tctx, "expected SAM_PWD_CHANGE_PASSWORD_TOO_SHORT (%d), got %d\n",
|
||||
SAM_PWD_CHANGE_PASSWORD_TOO_SHORT, reject->extendedFailureReason);
|
||||
return false;
|
||||
}
|
||||
|
||||
} else if ((dominfo->password_history_length > 0) &&
|
||||
strequal(oldpass, newpass)) {
|
||||
|
||||
if (reject->reason != SAMR_REJECT_IN_HISTORY) {
|
||||
torture_warning(tctx, "expected SAMR_REJECT_IN_HISTORY (%d), got %d\n",
|
||||
SAMR_REJECT_IN_HISTORY, reject->reason);
|
||||
if (reject->extendedFailureReason != SAM_PWD_CHANGE_PWD_IN_HISTORY) {
|
||||
torture_warning(tctx, "expected SAM_PWD_CHANGE_PWD_IN_HISTORY (%d), got %d\n",
|
||||
SAM_PWD_CHANGE_PWD_IN_HISTORY, reject->extendedFailureReason);
|
||||
return false;
|
||||
}
|
||||
} else if (dominfo->password_properties & DOMAIN_PASSWORD_COMPLEX) {
|
||||
|
||||
if (reject->reason != SAMR_REJECT_COMPLEXITY) {
|
||||
torture_warning(tctx, "expected SAMR_REJECT_COMPLEXITY (%d), got %d\n",
|
||||
SAMR_REJECT_COMPLEXITY, reject->reason);
|
||||
if (reject->extendedFailureReason != SAM_PWD_CHANGE_NOT_COMPLEX) {
|
||||
torture_warning(tctx, "expected SAM_PWD_CHANGE_NOT_COMPLEX (%d), got %d\n",
|
||||
SAM_PWD_CHANGE_NOT_COMPLEX, reject->extendedFailureReason);
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if (reject->reason == SAMR_REJECT_TOO_SHORT) {
|
||||
if (reject->extendedFailureReason == SAM_PWD_CHANGE_PASSWORD_TOO_SHORT) {
|
||||
/* retry with adjusted size */
|
||||
return test_ChangePasswordUser3(p, tctx, account_string,
|
||||
dominfo->min_password_length,
|
||||
@ -2330,9 +2330,9 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
|
||||
}
|
||||
|
||||
} else if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
|
||||
if (reject && reject->reason != SAMR_REJECT_OTHER) {
|
||||
torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
|
||||
SAMR_REJECT_OTHER, reject->reason);
|
||||
if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
|
||||
torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
|
||||
SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
|
||||
return false;
|
||||
}
|
||||
/* Perhaps the server has a 'min password age' set? */
|
||||
@ -2369,7 +2369,7 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
|
||||
uint8_t old_nt_hash[16], new_nt_hash[16];
|
||||
NTTIME t;
|
||||
struct samr_DomInfo1 *dominfo = NULL;
|
||||
struct samr_ChangeReject *reject = NULL;
|
||||
struct userPwdChangeFailureInformation *reject = NULL;
|
||||
|
||||
new_random_pass = samr_very_rand_pass(tctx, 128);
|
||||
|
||||
@ -2444,9 +2444,9 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
|
||||
status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
|
||||
|
||||
if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
|
||||
if (reject && reject->reason != SAMR_REJECT_OTHER) {
|
||||
torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
|
||||
SAMR_REJECT_OTHER, reject->reason);
|
||||
if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
|
||||
torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
|
||||
SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
|
||||
return false;
|
||||
}
|
||||
/* Perhaps the server has a 'min password age' set? */
|
||||
@ -2482,9 +2482,9 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
|
||||
status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
|
||||
|
||||
if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
|
||||
if (reject && reject->reason != SAMR_REJECT_OTHER) {
|
||||
torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
|
||||
SAMR_REJECT_OTHER, reject->reason);
|
||||
if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
|
||||
torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
|
||||
SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
|
||||
return false;
|
||||
}
|
||||
/* Perhaps the server has a 'min password age' set? */
|
||||
|
Loading…
Reference in New Issue
Block a user