sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-04 08:23:50 +03:00
Code Activity

r903: used samdb_result_passwords() in samr_ChangePasswordUser2() and fix the error handling on a bad change.

Browse Source 
With this change WinXP can now successfully change the password on a
Samba4 server via SAMR. After the change you can't login because the
handling of much_change_time seems to be broken in the auth code, but
that should be easy to fix.
This commit is contained in:
Andrew Tridgell
2004-05-26 07:34:49 +00:00
committed by Gerald (Jerry) Carter
parent 0009660997
commit 8feeecf303
1 changed files with 14 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
source/rpc_server/samr/samr_password.c
View File

@@ -238,12 +238,12 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
const char *user_dn, *domain_dn = NULL; const char *user_dn, *domain_dn = NULL;
int ret; int ret;
struct ldb_message **res, mod; struct ldb_message **res, mod;
const char * const attrs[] = { "objectSid", "ntPwdHash", NULL }; const char * const attrs[] = { "objectSid", "ntPwdHash", "unicodePwd", NULL };
const char * const dom_attrs[] = { "minPwdLength", "pwdHistoryLength", const char * const dom_attrs[] = { "minPwdLength", "pwdHistoryLength",
"pwdProperties", "minPwdAge", "maxPwdAge", "pwdProperties", "minPwdAge", "maxPwdAge",
NULL }; NULL };
const char *domain_sid; const char *domain_sid;
struct samr_Hash *ntPwdHash; uint8 *nt_pwd;
struct samr_DomInfo1 *dominfo; struct samr_DomInfo1 *dominfo;
struct samr_ChangeReject *reject; struct samr_ChangeReject *reject;
uint32_t reason = 0; uint32_t reason = 0;
@@ -278,14 +278,13 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
user_dn = res[0]->dn; user_dn = res[0]->dn;
ret = samdb_result_hashes(mem_ctx, res[0], "ntPwdHash", &ntPwdHash); status = samdb_result_passwords(mem_ctx, res[0], NULL, &nt_pwd);
if (ret != 1) { if (!NT_STATUS_IS_OK(status)) {
status = NT_STATUS_WRONG_PASSWORD;
goto failed; goto failed;
} }
/* decrypt the password we have been given */ /* decrypt the password we have been given */
SamOEMhash(r->in.nt_password->data, ntPwdHash->hash, 516); SamOEMhash(r->in.nt_password->data, nt_pwd, 516);
if (!decode_pw_buffer(r->in.nt_password->data, new_pass, sizeof(new_pass), if (!decode_pw_buffer(r->in.nt_password->data, new_pass, sizeof(new_pass),
&new_pass_len, STR_UNICODE)) { &new_pass_len, STR_UNICODE)) {
@@ -338,18 +337,25 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
return NT_STATUS_OK; return NT_STATUS_OK;
failed: failed:
ret = samdb_search(sam_ctx,
mem_ctx, NULL, &res, dom_attrs,
"dn=%s", domain_dn);
if (sam_ctx) { if (sam_ctx) {
samdb_close(sam_ctx); samdb_close(sam_ctx);
} }
if (ret != 1) {
return status;
}
/* on failure we need to fill in the reject reasons */ /* on failure we need to fill in the reject reasons */
dominfo = talloc_p(mem_ctx, struct samr_DomInfo1); dominfo = talloc_p(mem_ctx, struct samr_DomInfo1);
if (dominfo == NULL) { if (dominfo == NULL) {
return NT_STATUS_NO_MEMORY; return status;
} }
reject = talloc_p(mem_ctx, struct samr_ChangeReject); reject = talloc_p(mem_ctx, struct samr_ChangeReject);
if (reject == NULL) { if (reject == NULL) {
return NT_STATUS_NO_MEMORY; return status;
} }
ZERO_STRUCTP(dominfo); ZERO_STRUCTP(dominfo);
@@ -364,14 +370,6 @@ failed:
return status; return status;
} }
ret = samdb_search(sam_ctx,
mem_ctx, NULL, &res, dom_attrs,
"dn=%s", domain_dn);
if (ret != 1) {
status = NT_STATUS_NO_SUCH_USER;
goto failed;
}
dominfo->min_pwd_len = samdb_result_uint (res[0], "minPwdLength", 0); dominfo->min_pwd_len = samdb_result_uint (res[0], "minPwdLength", 0);
dominfo->password_properties = samdb_result_uint (res[0], "pwdProperties", 0); dominfo->password_properties = samdb_result_uint (res[0], "pwdProperties", 0);
dominfo->password_history = samdb_result_uint (res[0], "pwdHistoryLength", 0); dominfo->password_history = samdb_result_uint (res[0], "pwdHistoryLength", 0);