summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-05-25 13:40:52 +1000
committerAndrew Tridgell <tridge@samba.org>2009-05-25 13:40:52 +1000
commit4dcc058ea1d98e40f59f2726c4dd37a98401b258 (patch)
treeea9d854d1edc1778bf30197bc2aac76e23148d48
parent2bf1e8b5e104520a49583be0822f5b8542f5ef1a (diff)
downloadsamba-4dcc058ea1d98e40f59f2726c4dd37a98401b258.tar.gz
samba-4dcc058ea1d98e40f59f2726c4dd37a98401b258.tar.bz2
samba-4dcc058ea1d98e40f59f2726c4dd37a98401b258.zip
fixed the client side password change code
The client side code was not falling back to older routines correctly as it didn't check for the operation range error appropriately. It also used the old rpc semantics.
-rw-r--r--source4/libnet/libnet_passwd.c86
1 files changed, 25 insertions, 61 deletions
diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
index c2db219a06..2c96916937 100644
--- a/source4/libnet/libnet_passwd.c
+++ b/source4/libnet/libnet_passwd.c
@@ -99,30 +99,19 @@ static NTSTATUS libnet_ChangePassword_samr(struct libnet_context *ctx, TALLOC_CT
/* 2. try samr_ChangePasswordUser3 */
status = dcerpc_samr_ChangePasswordUser3(c.out.dcerpc_pipe, mem_ctx, &pw3);
- if (!NT_STATUS_IS_OK(status)) {
- r->samr.out.error_string = talloc_asprintf(mem_ctx,
- "samr_ChangePasswordUser3 failed: %s",
- nt_errstr(status));
- goto ChangePasswordUser2;
- }
-
- /* check result of samr_ChangePasswordUser3 */
- if (!NT_STATUS_IS_OK(pw3.out.result)) {
- r->samr.out.error_string = talloc_asprintf(mem_ctx,
- "samr_ChangePasswordUser3 for '%s\\%s' failed: %s",
- r->samr.in.domain_name, r->samr.in.account_name,
- nt_errstr(pw3.out.result));
- /* TODO: give the reason of the reject */
- if (NT_STATUS_EQUAL(pw3.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
- status = pw3.out.result;
- goto disconnect;
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+ if (!NT_STATUS_IS_OK(status)) {
+ r->samr.out.error_string = talloc_asprintf(mem_ctx,
+ "samr_ChangePasswordUser3 failed: %s",
+ nt_errstr(status));
+ r->samr.out.error_string = talloc_asprintf(mem_ctx,
+ "samr_ChangePasswordUser3 for '%s\\%s' failed: %s",
+ r->samr.in.domain_name, r->samr.in.account_name,
+ nt_errstr(status));
}
- goto ChangePasswordUser2;
- }
-
- goto disconnect;
+ goto disconnect;
+ }
-ChangePasswordUser2:
/* prepare samr_ChangePasswordUser2 */
encode_pw_buffer(lm_pass.data, r->samr.in.newpassword, STR_ASCII|STR_TERMINATE);
arcfour_crypt(lm_pass.data, old_lm_hash, 516);
@@ -142,29 +131,17 @@ ChangePasswordUser2:
/* 3. try samr_ChangePasswordUser2 */
status = dcerpc_samr_ChangePasswordUser2(c.out.dcerpc_pipe, mem_ctx, &pw2);
- if (!NT_STATUS_IS_OK(status)) {
- r->samr.out.error_string = talloc_asprintf(mem_ctx,
- "samr_ChangePasswordUser2 failed: %s",
- nt_errstr(status));
- goto OemChangePasswordUser2;
- }
-
- /* check result of samr_ChangePasswordUser2 */
- if (!NT_STATUS_IS_OK(pw2.out.result)) {
- r->samr.out.error_string = talloc_asprintf(mem_ctx,
- "samr_ChangePasswordUser2 for '%s\\%s' failed: %s",
- r->samr.in.domain_name, r->samr.in.account_name,
- nt_errstr(pw2.out.result));
- if (NT_STATUS_EQUAL(pw2.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
- status = pw2.out.result;
- goto disconnect;
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+ if (!NT_STATUS_IS_OK(status)) {
+ r->samr.out.error_string = talloc_asprintf(mem_ctx,
+ "samr_ChangePasswordUser2 for '%s\\%s' failed: %s",
+ r->samr.in.domain_name, r->samr.in.account_name,
+ nt_errstr(status));
}
- goto OemChangePasswordUser2;
+ goto disconnect;
}
- goto disconnect;
-OemChangePasswordUser2:
/* prepare samr_OemChangePasswordUser2 */
a_server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(c.out.dcerpc_pipe));
a_account.string = r->samr.in.account_name;
@@ -180,29 +157,16 @@ OemChangePasswordUser2:
/* 4. try samr_OemChangePasswordUser2 */
status = dcerpc_samr_OemChangePasswordUser2(c.out.dcerpc_pipe, mem_ctx, &oe2);
- if (!NT_STATUS_IS_OK(status)) {
- r->samr.out.error_string = talloc_asprintf(mem_ctx,
- "samr_OemChangePasswordUser2 failed: %s",
- nt_errstr(status));
- goto ChangePasswordUser;
- }
-
- /* check result of samr_OemChangePasswordUser2 */
- if (!NT_STATUS_IS_OK(oe2.out.result)) {
- r->samr.out.error_string = talloc_asprintf(mem_ctx,
- "samr_OemChangePasswordUser2 for '%s\\%s' failed: %s",
- r->samr.in.domain_name, r->samr.in.account_name,
- nt_errstr(oe2.out.result));
- if (NT_STATUS_EQUAL(oe2.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
- status = oe2.out.result;
- goto disconnect;
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+ if (!NT_STATUS_IS_OK(oe2.out.result)) {
+ r->samr.out.error_string = talloc_asprintf(mem_ctx,
+ "samr_OemChangePasswordUser2 for '%s\\%s' failed: %s",
+ r->samr.in.domain_name, r->samr.in.account_name,
+ nt_errstr(status));
}
- goto ChangePasswordUser;
+ goto disconnect;
}
- goto disconnect;
-
-ChangePasswordUser:
#if 0
/* prepare samr_ChangePasswordUser */
E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);