mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
Finally enable pidl generated SAMR & NETLOGON headers and clients.
Guenther
This commit is contained in:
parent
0230284cfa
commit
f7100156a7
@ -273,6 +273,8 @@ LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \
|
||||
librpc/gen_ndr/ndr_srvsvc.o \
|
||||
librpc/gen_ndr/ndr_svcctl.o \
|
||||
librpc/gen_ndr/ndr_eventlog.o \
|
||||
librpc/gen_ndr/ndr_netlogon.o \
|
||||
librpc/gen_ndr/ndr_samr.o \
|
||||
librpc/gen_ndr/ndr_notify.o \
|
||||
librpc/gen_ndr/ndr_libnet_join.o
|
||||
|
||||
@ -403,6 +405,8 @@ LIBMSRPC_GEN_OBJ = librpc/gen_ndr/cli_lsa.o \
|
||||
librpc/gen_ndr/cli_initshutdown.o \
|
||||
librpc/gen_ndr/cli_eventlog.o \
|
||||
librpc/gen_ndr/cli_wkssvc.o \
|
||||
librpc/gen_ndr/cli_netlogon.o \
|
||||
librpc/gen_ndr/cli_samr.o \
|
||||
$(LIBNDR_GEN_OBJ) \
|
||||
$(RPCCLIENT_NDR_OBJ)
|
||||
|
||||
|
@ -98,11 +98,6 @@ enum RPC_PKT_TYPE {
|
||||
#define RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN 0x20
|
||||
#define RPC_AUTH_SCHANNEL_SIGN_ONLY_CHK_LEN 0x18
|
||||
|
||||
|
||||
#define NETLOGON_NEG_ARCFOUR 0x00000004
|
||||
#define NETLOGON_NEG_128BIT 0x00004000
|
||||
#define NETLOGON_NEG_SCHANNEL 0x40000000
|
||||
|
||||
/* The 7 here seems to be required to get Win2k not to downgrade us
|
||||
to NT4. Actually, anything other than 1ff would seem to do... */
|
||||
#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
|
||||
|
@ -45,11 +45,6 @@
|
||||
#define NET_DSR_GETDCNAMEEX2 0x22
|
||||
#define NET_SAMLOGON_EX 0x27
|
||||
|
||||
/* Secure Channel types. used in NetrServerAuthenticate negotiation */
|
||||
#define SEC_CHAN_WKSTA 2
|
||||
#define SEC_CHAN_DOMAIN 4
|
||||
#define SEC_CHAN_BDC 6
|
||||
|
||||
/* Returned delta types */
|
||||
#define SAM_DELTA_DOMAIN_INFO 0x01
|
||||
#define SAM_DELTA_GROUP_INFO 0x02
|
||||
@ -89,32 +84,15 @@
|
||||
#define NL_CTRL_REPL_IN_PROGRESS 0x0002
|
||||
#define NL_CTRL_FULL_SYNC 0x0004
|
||||
|
||||
#define LOGON_GUEST 0x00000001
|
||||
#define LOGON_NOENCRYPTION 0x00000002
|
||||
#define LOGON_CACHED_ACCOUNT 0x00000004
|
||||
#define LOGON_USED_LM_PASSWORD 0x00000008
|
||||
#define LOGON_EXTRA_SIDS 0x00000020
|
||||
#define LOGON_SUBAUTH_SESSION_KEY 0x00000040
|
||||
#define LOGON_SERVER_TRUST_ACCOUNT 0x00000080
|
||||
#define LOGON_NTLMV2_ENABLED 0x00000100
|
||||
#define LOGON_RESOURCE_GROUPS 0x00000200
|
||||
#define LOGON_PROFILE_PATH_RETURNED 0x00000400
|
||||
#define LOGON_GRACE_LOGON 0x01000000
|
||||
#define LOGON_KRB5_FAIL_CLOCK_SKEW 0x02000000
|
||||
|
||||
#define SE_GROUP_MANDATORY 0x00000001
|
||||
#define SE_GROUP_ENABLED_BY_DEFAULT 0x00000002
|
||||
#define SE_GROUP_ENABLED 0x00000004
|
||||
#define SE_GROUP_OWNER 0x00000008
|
||||
#define SE_GROUP_USE_FOR_DENY_ONLY 0x00000010
|
||||
#define SE_GROUP_LOGON_ID 0xC0000000
|
||||
#define SE_GROUP_RESOURCE 0x20000000 /* Domain Local Group */
|
||||
|
||||
/* Flags for controlling the behaviour of a particular logon */
|
||||
|
||||
/* sets LOGON_SERVER_TRUST_ACCOUNT user_flag */
|
||||
/* sets NETLOGON_SERVER_TRUST_ACCOUNT user_flag */
|
||||
#if 0
|
||||
#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x00000020
|
||||
#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x00000800
|
||||
#endif
|
||||
|
||||
/* updates the "logon time" on network logon */
|
||||
#define MSV1_0_UPDATE_LOGON_STATISTICS 0x00000004
|
||||
@ -1054,31 +1032,6 @@ typedef struct net_r_sam_deltas_info {
|
||||
NTSTATUS status;
|
||||
} NET_R_SAM_DELTAS;
|
||||
|
||||
#define DS_FORCE_REDISCOVERY 0x00000001
|
||||
#define DS_DIRECTORY_SERVICE_REQUIRED 0x00000010
|
||||
#define DS_DIRECTORY_SERVICE_PREFERRED 0x00000020
|
||||
#define DS_GC_SERVER_REQUIRED 0x00000040
|
||||
#define DS_PDC_REQUIRED 0x00000080
|
||||
#define DS_BACKGROUND_ONLY 0x00000100
|
||||
#define DS_IP_REQUIRED 0x00000200
|
||||
#define DS_KDC_REQUIRED 0x00000400
|
||||
#define DS_TIMESERV_REQUIRED 0x00000800
|
||||
#define DS_WRITABLE_REQUIRED 0x00001000
|
||||
#define DS_GOOD_TIMESERV_PREFERRED 0x00002000
|
||||
#define DS_AVOID_SELF 0x00004000
|
||||
#define DS_ONLY_LDAP_NEEDED 0x00008000
|
||||
|
||||
#define DS_IS_FLAT_NAME 0x00010000
|
||||
#define DS_IS_DNS_NAME 0x00020000
|
||||
|
||||
#define DS_RETURN_DNS_NAME 0x40000000
|
||||
#define DS_RETURN_FLAT_NAME 0x80000000
|
||||
|
||||
#if 0 /* unknown yet */
|
||||
#define DS_IP_VERSION_AGNOSTIC
|
||||
#define DS_TRY_NEXTCLOSEST_SITE
|
||||
#endif
|
||||
|
||||
#define DSGETDC_VALID_FLAGS ( \
|
||||
DS_FORCE_REDISCOVERY | \
|
||||
DS_DIRECTORY_SERVICE_REQUIRED | \
|
||||
|
@ -1832,13 +1832,6 @@ typedef struct q_samr_get_dom_pwinfo
|
||||
|
||||
} SAMR_Q_GET_DOM_PWINFO;
|
||||
|
||||
#define DOMAIN_PASSWORD_COMPLEX 0x00000001
|
||||
#define DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002
|
||||
#define DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004
|
||||
#define DOMAIN_LOCKOUT_ADMINS 0x00000008
|
||||
#define DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010
|
||||
#define DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020
|
||||
|
||||
/* SAMR_R_GET_DOM_PWINFO */
|
||||
typedef struct r_samr_get_dom_pwinfo
|
||||
{
|
||||
@ -1915,11 +1908,6 @@ typedef struct q_samr_chgpasswd_user3
|
||||
|
||||
} SAMR_Q_CHGPASSWD_USER3;
|
||||
|
||||
#define REJECT_REASON_OTHER 0x00000000
|
||||
#define REJECT_REASON_TOO_SHORT 0x00000001
|
||||
#define REJECT_REASON_IN_HISTORY 0x00000002
|
||||
#define REJECT_REASON_NOT_COMPLEX 0x00000005
|
||||
|
||||
/* SAMR_CHANGE_REJECT */
|
||||
typedef struct samr_change_reject
|
||||
{
|
||||
|
@ -211,30 +211,6 @@ typedef uint32 codepoint_t;
|
||||
/* 64 bit time (100usec) since ????? - cifs6.txt, section 3.5, page 30 */
|
||||
typedef uint64_t NTTIME;
|
||||
|
||||
|
||||
/* Allowable account control bits */
|
||||
#define ACB_DISABLED 0x00000001 /* 1 = User account disabled */
|
||||
#define ACB_HOMDIRREQ 0x00000002 /* 1 = Home directory required */
|
||||
#define ACB_PWNOTREQ 0x00000004 /* 1 = User password not required */
|
||||
#define ACB_TEMPDUP 0x00000008 /* 1 = Temporary duplicate account */
|
||||
#define ACB_NORMAL 0x00000010 /* 1 = Normal user account */
|
||||
#define ACB_MNS 0x00000020 /* 1 = MNS logon user account */
|
||||
#define ACB_DOMTRUST 0x00000040 /* 1 = Interdomain trust account */
|
||||
#define ACB_WSTRUST 0x00000080 /* 1 = Workstation trust account */
|
||||
#define ACB_SVRTRUST 0x00000100 /* 1 = Server trust account (BDC) */
|
||||
#define ACB_PWNOEXP 0x00000200 /* 1 = User password does not expire */
|
||||
#define ACB_AUTOLOCK 0x00000400 /* 1 = Account auto locked */
|
||||
|
||||
/* only valid for > Windows 2000 */
|
||||
#define ACB_ENC_TXT_PWD_ALLOWED 0x00000800 /* 1 = Text password encryped */
|
||||
#define ACB_SMARTCARD_REQUIRED 0x00001000 /* 1 = Smart Card required */
|
||||
#define ACB_TRUSTED_FOR_DELEGATION 0x00002000 /* 1 = Trusted for Delegation */
|
||||
#define ACB_NOT_DELEGATED 0x00004000 /* 1 = Not delegated */
|
||||
#define ACB_USE_DES_KEY_ONLY 0x00008000 /* 1 = Use DES key only */
|
||||
#define ACB_DONT_REQUIRE_PREAUTH 0x00010000 /* 1 = Preauth not required */
|
||||
#define ACB_PWEXPIRED 0x00020000 /* 1 = Password is expired */
|
||||
#define ACB_NO_AUTH_DATA_REQD 0x00080000 /* 1 = No authorization data required */
|
||||
|
||||
#define MAX_HOURS_LEN 32
|
||||
|
||||
#ifndef MAXSUBAUTHS
|
||||
@ -331,9 +307,10 @@ extern const DATA_BLOB data_blob_null;
|
||||
#include "librpc/gen_ndr/wkssvc.h"
|
||||
#include "librpc/gen_ndr/echo.h"
|
||||
#include "librpc/gen_ndr/svcctl.h"
|
||||
#include "librpc/gen_ndr/netlogon.h"
|
||||
#include "librpc/gen_ndr/samr.h"
|
||||
#include "librpc/gen_ndr/libnet_join.h"
|
||||
|
||||
|
||||
struct lsa_dom_info {
|
||||
bool valid;
|
||||
DOM_SID sid;
|
||||
|
@ -429,8 +429,8 @@ static bool pac_io_pac_logon_info(const char *desc, PAC_LOGON_INFO *info,
|
||||
|
||||
if (info->info3.ptr_res_groups) {
|
||||
|
||||
if (!(info->info3.user_flgs & LOGON_RESOURCE_GROUPS)) {
|
||||
DEBUG(0,("user_flgs attribute does not have LOGON_RESOURCE_GROUPS\n"));
|
||||
if (!(info->info3.user_flgs & NETLOGON_RESOURCE_GROUPS)) {
|
||||
DEBUG(0,("user_flgs attribute does not have NETLOGON_RESOURCE_GROUPS\n"));
|
||||
/* return False; */
|
||||
}
|
||||
|
||||
@ -738,10 +738,10 @@ void dump_pac_logon_info(int lvl, PAC_LOGON_INFO *logon_info)
|
||||
DEBUG(lvl,("The PAC:\n"));
|
||||
|
||||
DEBUGADD(lvl,("\tUser Flags: 0x%x (%d)\n", user_flgs, user_flgs));
|
||||
if (user_flgs & LOGON_EXTRA_SIDS)
|
||||
DEBUGADD(lvl,("\tUser Flags: LOGON_EXTRA_SIDS 0x%x (%d)\n", LOGON_EXTRA_SIDS, LOGON_EXTRA_SIDS));
|
||||
if (user_flgs & LOGON_RESOURCE_GROUPS)
|
||||
DEBUGADD(lvl,("\tUser Flags: LOGON_RESOURCE_GROUPS 0x%x (%d)\n", LOGON_RESOURCE_GROUPS, LOGON_RESOURCE_GROUPS));
|
||||
if (user_flgs & NETLOGON_EXTRA_SIDS)
|
||||
DEBUGADD(lvl,("\tUser Flags: NETLOGON_EXTRA_SIDS 0x%x (%d)\n", NETLOGON_EXTRA_SIDS, NETLOGON_EXTRA_SIDS));
|
||||
if (user_flgs & NETLOGON_RESOURCE_GROUPS)
|
||||
DEBUGADD(lvl,("\tUser Flags: NETLOGON_RESOURCE_GROUPS 0x%x (%d)\n", NETLOGON_RESOURCE_GROUPS, NETLOGON_RESOURCE_GROUPS));
|
||||
DEBUGADD(lvl,("\tUser SID: %s-%d\n", sid_string_dbg(&dom_sid),
|
||||
logon_info->info3.user_rid));
|
||||
DEBUGADD(lvl,("\tGroup SID: %s-%d\n", sid_string_dbg(&dom_sid),
|
||||
|
@ -1431,22 +1431,22 @@ static int winbind_chauthtok_request(pam_handle_t * pamh,
|
||||
switch (reject_reason) {
|
||||
case -1:
|
||||
break;
|
||||
case REJECT_REASON_OTHER:
|
||||
case SAMR_REJECT_OTHER:
|
||||
if ((min_pwd_age > 0) &&
|
||||
(pwd_last_set + min_pwd_age > time(NULL))) {
|
||||
PAM_WB_REMARK_DIRECT(pamh, ctrl,
|
||||
"NT_STATUS_PWD_TOO_RECENT");
|
||||
}
|
||||
break;
|
||||
case REJECT_REASON_TOO_SHORT:
|
||||
case SAMR_REJECT_TOO_SHORT:
|
||||
PAM_WB_REMARK_DIRECT(pamh, ctrl,
|
||||
"NT_STATUS_PWD_TOO_SHORT");
|
||||
break;
|
||||
case REJECT_REASON_IN_HISTORY:
|
||||
case SAMR_REJECT_IN_HISTORY:
|
||||
PAM_WB_REMARK_DIRECT(pamh, ctrl,
|
||||
"NT_STATUS_PWD_HISTORY_CONFLICT");
|
||||
break;
|
||||
case REJECT_REASON_NOT_COMPLEX:
|
||||
case SAMR_REJECT_COMPLEXITY:
|
||||
_make_remark(pamh, ctrl, PAM_ERROR_MSG,
|
||||
"Password does not meet "
|
||||
"complexity requirements");
|
||||
|
@ -179,22 +179,23 @@ do { \
|
||||
};\
|
||||
};
|
||||
|
||||
/* from include/rpc_samr.h */
|
||||
#define DOMAIN_PASSWORD_COMPLEX 0x00000001
|
||||
/* from samr.idl */
|
||||
#define DOMAIN_PASSWORD_COMPLEX 0x00000001
|
||||
|
||||
#define REJECT_REASON_OTHER 0x00000000
|
||||
#define REJECT_REASON_TOO_SHORT 0x00000001
|
||||
#define REJECT_REASON_IN_HISTORY 0x00000002
|
||||
#define REJECT_REASON_NOT_COMPLEX 0x00000005
|
||||
#define SAMR_REJECT_OTHER 0x00000000
|
||||
#define SAMR_REJECT_TOO_SHORT 0x00000001
|
||||
#define SAMR_REJECT_IN_HISTORY 0x00000002
|
||||
#define SAMR_REJECT_COMPLEXITY 0x00000005
|
||||
|
||||
/* from include/smb.h */
|
||||
#define ACB_PWNOEXP 0x00000200
|
||||
|
||||
/* from netlogon.idl */
|
||||
#define NETLOGON_CACHED_ACCOUNT 0x00000004
|
||||
#define NETLOGON_GRACE_LOGON 0x01000000
|
||||
|
||||
/* from include/rpc_netlogon.h */
|
||||
#define LOGON_CACHED_ACCOUNT 0x00000004
|
||||
#define LOGON_GRACE_LOGON 0x01000000
|
||||
#define LOGON_KRB5_FAIL_CLOCK_SKEW 0x02000000
|
||||
|
||||
#define PAM_WB_CACHED_LOGON(x) (x & LOGON_CACHED_ACCOUNT)
|
||||
#define PAM_WB_CACHED_LOGON(x) (x & NETLOGON_CACHED_ACCOUNT)
|
||||
#define PAM_WB_KRB5_CLOCK_SKEW(x) (x & LOGON_KRB5_FAIL_CLOCK_SKEW)
|
||||
#define PAM_WB_GRACE_LOGON(x) ((LOGON_CACHED_ACCOUNT|LOGON_GRACE_LOGON) == ( x & (LOGON_CACHED_ACCOUNT|LOGON_GRACE_LOGON)))
|
||||
#define PAM_WB_GRACE_LOGON(x) ((NETLOGON_CACHED_ACCOUNT|NETLOGON_GRACE_LOGON) == ( x & (NETLOGON_CACHED_ACCOUNT|NETLOGON_GRACE_LOGON)))
|
||||
|
@ -843,8 +843,8 @@ static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
|
||||
if (result == NSS_STATUS_SUCCESS) {
|
||||
|
||||
if (request.flags & WBFLAG_PAM_INFO3_TEXT) {
|
||||
if (response.data.auth.info3.user_flgs & LOGON_CACHED_ACCOUNT) {
|
||||
d_printf("user_flgs: LOGON_CACHED_ACCOUNT\n");
|
||||
if (response.data.auth.info3.user_flgs & NETLOGON_CACHED_ACCOUNT) {
|
||||
d_printf("user_flgs: NETLOGON_CACHED_ACCOUNT\n");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1656,8 +1656,8 @@ static void dump_acct_flags(uint32 acct_flags) {
|
||||
if (acct_flags & ACB_NO_AUTH_DATA_REQD) {
|
||||
DEBUGADD(lvl,("\taccount has ACB_NO_AUTH_DATA_REQD set\n"));
|
||||
}
|
||||
if (acct_flags & ACB_PWEXPIRED) {
|
||||
DEBUGADD(lvl,("\taccount has ACB_PWEXPIRED set\n"));
|
||||
if (acct_flags & ACB_PW_EXPIRED) {
|
||||
DEBUGADD(lvl,("\taccount has ACB_PW_EXPIRED set\n"));
|
||||
}
|
||||
}
|
||||
|
||||
@ -1665,23 +1665,23 @@ static void dump_user_flgs(uint32 user_flags) {
|
||||
|
||||
int lvl = 10;
|
||||
DEBUG(lvl,("dump_user_flgs\n"));
|
||||
if (user_flags & LOGON_EXTRA_SIDS) {
|
||||
DEBUGADD(lvl,("\taccount has LOGON_EXTRA_SIDS\n"));
|
||||
if (user_flags & NETLOGON_EXTRA_SIDS) {
|
||||
DEBUGADD(lvl,("\taccount has NETLOGON_EXTRA_SIDS\n"));
|
||||
}
|
||||
if (user_flags & LOGON_RESOURCE_GROUPS) {
|
||||
DEBUGADD(lvl,("\taccount has LOGON_RESOURCE_GROUPS\n"));
|
||||
if (user_flags & NETLOGON_RESOURCE_GROUPS) {
|
||||
DEBUGADD(lvl,("\taccount has NETLOGON_RESOURCE_GROUPS\n"));
|
||||
}
|
||||
if (user_flags & LOGON_NTLMV2_ENABLED) {
|
||||
DEBUGADD(lvl,("\taccount has LOGON_NTLMV2_ENABLED\n"));
|
||||
if (user_flags & NETLOGON_NTLMV2_ENABLED) {
|
||||
DEBUGADD(lvl,("\taccount has NETLOGON_NTLMV2_ENABLED\n"));
|
||||
}
|
||||
if (user_flags & LOGON_CACHED_ACCOUNT) {
|
||||
DEBUGADD(lvl,("\taccount has LOGON_CACHED_ACCOUNT\n"));
|
||||
if (user_flags & NETLOGON_CACHED_ACCOUNT) {
|
||||
DEBUGADD(lvl,("\taccount has NETLOGON_CACHED_ACCOUNT\n"));
|
||||
}
|
||||
if (user_flags & LOGON_PROFILE_PATH_RETURNED) {
|
||||
DEBUGADD(lvl,("\taccount has LOGON_PROFILE_PATH_RETURNED\n"));
|
||||
if (user_flags & NETLOGON_PROFILE_PATH_RETURNED) {
|
||||
DEBUGADD(lvl,("\taccount has NETLOGON_PROFILE_PATH_RETURNED\n"));
|
||||
}
|
||||
if (user_flags & LOGON_SERVER_TRUST_ACCOUNT) {
|
||||
DEBUGADD(lvl,("\taccount has LOGON_SERVER_TRUST_ACCOUNT\n"));
|
||||
if (user_flags & NETLOGON_SERVER_TRUST_ACCOUNT) {
|
||||
DEBUGADD(lvl,("\taccount has NETLOGON_SERVER_TRUST_ACCOUNT\n"));
|
||||
}
|
||||
|
||||
|
||||
@ -1859,8 +1859,8 @@ bool net_io_user_info3(const char *desc, NET_USER_INFO_3 *usr, prs_struct *ps,
|
||||
|
||||
uint32 num_other_sids = usr->num_other_sids;
|
||||
|
||||
if (!(usr->user_flgs & LOGON_EXTRA_SIDS)) {
|
||||
DEBUG(10,("net_io_user_info3: user_flgs attribute does not have LOGON_EXTRA_SIDS\n"));
|
||||
if (!(usr->user_flgs & NETLOGON_EXTRA_SIDS)) {
|
||||
DEBUG(10,("net_io_user_info3: user_flgs attribute does not have NETLOGON_EXTRA_SIDS\n"));
|
||||
/* return False; */
|
||||
}
|
||||
|
||||
|
@ -1062,7 +1062,7 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
|
||||
0, /* bad_pw_count */
|
||||
num_gids, /* uint32 num_groups */
|
||||
gids , /* DOM_GID *gids */
|
||||
LOGON_EXTRA_SIDS, /* uint32 user_flgs (?) */
|
||||
NETLOGON_EXTRA_SIDS, /* uint32 user_flgs (?) */
|
||||
pdb_get_acct_ctrl(sampw),
|
||||
server_info->user_session_key.length ? user_session_key : NULL,
|
||||
server_info->lm_session_key.length ? lm_session_key : NULL,
|
||||
|
@ -135,8 +135,8 @@ static void display_password_properties(uint32 password_properties)
|
||||
if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE)
|
||||
printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
|
||||
|
||||
if (password_properties & DOMAIN_LOCKOUT_ADMINS)
|
||||
printf("\tDOMAIN_LOCKOUT_ADMINS\n");
|
||||
if (password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS)
|
||||
printf("\tDOMAIN_PASSWORD_LOCKOUT_ADMINS\n");
|
||||
|
||||
if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT)
|
||||
printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
|
||||
@ -2228,17 +2228,17 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
|
||||
display_sam_unk_info_1(&info);
|
||||
|
||||
switch (reject.reject_reason) {
|
||||
case REJECT_REASON_TOO_SHORT:
|
||||
d_printf("REJECT_REASON_TOO_SHORT\n");
|
||||
case SAMR_REJECT_TOO_SHORT:
|
||||
d_printf("SAMR_REJECT_TOO_SHORT\n");
|
||||
break;
|
||||
case REJECT_REASON_IN_HISTORY:
|
||||
d_printf("REJECT_REASON_IN_HISTORY\n");
|
||||
case SAMR_REJECT_IN_HISTORY:
|
||||
d_printf("SAMR_REJECT_IN_HISTORY\n");
|
||||
break;
|
||||
case REJECT_REASON_NOT_COMPLEX:
|
||||
d_printf("REJECT_REASON_NOT_COMPLEX\n");
|
||||
case SAMR_REJECT_COMPLEXITY:
|
||||
d_printf("SAMR_REJECT_COMPLEXITY\n");
|
||||
break;
|
||||
case REJECT_REASON_OTHER:
|
||||
d_printf("REJECT_REASON_OTHER\n");
|
||||
case SAMR_REJECT_OTHER:
|
||||
d_printf("SAMR_REJECT_OTHER\n");
|
||||
break;
|
||||
default:
|
||||
d_printf("unknown reject reason: %d\n", reject.reject_reason);
|
||||
|
@ -1092,7 +1092,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
|
||||
if (!pdb_get_pass_can_change(hnd)) {
|
||||
DEBUG(1, ("user %s does not have permissions to change password\n", username));
|
||||
if (samr_reject_reason) {
|
||||
*samr_reject_reason = REJECT_REASON_OTHER;
|
||||
*samr_reject_reason = SAMR_REJECT_OTHER;
|
||||
}
|
||||
return NT_STATUS_ACCOUNT_RESTRICTION;
|
||||
}
|
||||
@ -1106,7 +1106,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
|
||||
"denied by Refuse Machine Password Change policy\n",
|
||||
username));
|
||||
if (samr_reject_reason) {
|
||||
*samr_reject_reason = REJECT_REASON_OTHER;
|
||||
*samr_reject_reason = SAMR_REJECT_OTHER;
|
||||
}
|
||||
return NT_STATUS_ACCOUNT_RESTRICTION;
|
||||
}
|
||||
@ -1119,7 +1119,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
|
||||
"wait until %s\n", username,
|
||||
http_timestring(can_change_time)));
|
||||
if (samr_reject_reason) {
|
||||
*samr_reject_reason = REJECT_REASON_OTHER;
|
||||
*samr_reject_reason = SAMR_REJECT_OTHER;
|
||||
}
|
||||
return NT_STATUS_ACCOUNT_RESTRICTION;
|
||||
}
|
||||
@ -1129,7 +1129,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
|
||||
username));
|
||||
DEBUGADD(1, (" account policy min password len = %d\n", min_len));
|
||||
if (samr_reject_reason) {
|
||||
*samr_reject_reason = REJECT_REASON_TOO_SHORT;
|
||||
*samr_reject_reason = SAMR_REJECT_TOO_SHORT;
|
||||
}
|
||||
return NT_STATUS_PASSWORD_RESTRICTION;
|
||||
/* return NT_STATUS_PWD_TOO_SHORT; */
|
||||
@ -1137,7 +1137,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
|
||||
|
||||
if (check_passwd_history(hnd,new_passwd)) {
|
||||
if (samr_reject_reason) {
|
||||
*samr_reject_reason = REJECT_REASON_IN_HISTORY;
|
||||
*samr_reject_reason = SAMR_REJECT_IN_HISTORY;
|
||||
}
|
||||
return NT_STATUS_PASSWORD_RESTRICTION;
|
||||
}
|
||||
@ -1158,7 +1158,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
|
||||
if (check_ret != 0) {
|
||||
DEBUG(1, ("change_oem_password: check password script said new password is not good enough!\n"));
|
||||
if (samr_reject_reason) {
|
||||
*samr_reject_reason = REJECT_REASON_NOT_COMPLEX;
|
||||
*samr_reject_reason = SAMR_REJECT_COMPLEXITY;
|
||||
}
|
||||
TALLOC_FREE(pass);
|
||||
return NT_STATUS_PASSWORD_RESTRICTION;
|
||||
|
@ -69,7 +69,7 @@ NTSTATUS winbindd_store_creds(struct winbindd_domain *domain,
|
||||
sid_copy(&sid, &(info3->dom_sid.sid));
|
||||
sid_append_rid(&sid, info3->user_rid);
|
||||
sid_copy(&cred_sid, &sid);
|
||||
info3->user_flgs |= LOGON_CACHED_ACCOUNT;
|
||||
info3->user_flgs |= NETLOGON_CACHED_ACCOUNT;
|
||||
|
||||
} else if (user_sid != NULL) {
|
||||
|
||||
|
@ -923,7 +923,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
|
||||
/* User *DOES* know the password, update logon_time and reset
|
||||
* bad_pw_count */
|
||||
|
||||
my_info3->user_flgs |= LOGON_CACHED_ACCOUNT;
|
||||
my_info3->user_flgs |= NETLOGON_CACHED_ACCOUNT;
|
||||
|
||||
if (my_info3->acct_flags & ACB_AUTOLOCK) {
|
||||
return NT_STATUS_ACCOUNT_LOCKED_OUT;
|
||||
@ -959,7 +959,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
|
||||
must_change_time = nt_time_to_unix(my_info3->pass_must_change_time);
|
||||
if (must_change_time != 0 && must_change_time < time(NULL)) {
|
||||
/* we allow grace logons when the password has expired */
|
||||
my_info3->user_flgs |= LOGON_GRACE_LOGON;
|
||||
my_info3->user_flgs |= NETLOGON_GRACE_LOGON;
|
||||
/* return NT_STATUS_PASSWORD_EXPIRED; */
|
||||
goto success;
|
||||
}
|
||||
@ -1075,7 +1075,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
|
||||
}
|
||||
|
||||
if ((my_info3->user_rid != DOMAIN_USER_RID_ADMIN) ||
|
||||
(password_properties & DOMAIN_LOCKOUT_ADMINS)) {
|
||||
(password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS)) {
|
||||
my_info3->acct_flags |= ACB_AUTOLOCK;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user