summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2008-04-04 12:00:26 +0200
committerGünther Deschner <gd@samba.org>2008-04-04 23:41:56 +0200
commit833729125093b884a528057b0aa03891efb9e9b5 (patch)
treea644be71d00e4eac10ab93e609ff4527e8eb3c1b
parent8c9d6322dea2243e9bc15032af399264c6678c1b (diff)
downloadsamba-833729125093b884a528057b0aa03891efb9e9b5.tar.gz
samba-833729125093b884a528057b0aa03891efb9e9b5.tar.bz2
samba-833729125093b884a528057b0aa03891efb9e9b5.zip
Fix _samr_GetUserPwInfo() (to return more then just zeros).
Guenther (This used to be commit 624371ce32a7c0816963745059e743e5b3e92e2a)
-rw-r--r--source3/rpc_server/srv_samr_nt.c53
1 files changed, 45 insertions, 8 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index bcb4acbf15..0d9dd554c6 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -627,22 +627,59 @@ NTSTATUS _samr_GetUserPwInfo(pipes_struct *p,
struct samr_GetUserPwInfo *r)
{
struct samr_info *info = NULL;
+ enum lsa_SidType sid_type;
+ uint32_t min_password_length = 0;
+ uint32_t password_properties = 0;
+ bool ret = false;
+ NTSTATUS status;
+
+ DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__));
/* find the policy handle. open a policy on it. */
- if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info)) {
return NT_STATUS_INVALID_HANDLE;
+ }
- if (!sid_check_is_in_our_domain(&info->sid))
+ status = access_check_samr_function(info->acc_granted,
+ SAMR_USER_ACCESS_GET_ATTRIBUTES,
+ "_samr_GetUserPwInfo" );
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (!sid_check_is_in_our_domain(&info->sid)) {
return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ }
+
+ become_root();
+ ret = lookup_sid(p->mem_ctx, &info->sid, NULL, NULL, &sid_type);
+ unbecome_root();
+ if (ret == false) {
+ return NT_STATUS_NO_SUCH_USER;
+ }
- ZERO_STRUCTP(r->out.info);
+ switch (sid_type) {
+ case SID_NAME_USER:
+ become_root();
+ pdb_get_account_policy(AP_MIN_PASSWORD_LEN,
+ &min_password_length);
+ pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+ &password_properties);
+ unbecome_root();
- DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__));
+ if (lp_check_password_script() && *lp_check_password_script()) {
+ password_properties |= DOMAIN_PASSWORD_COMPLEX;
+ }
- /*
- * NT sometimes return NT_STATUS_ACCESS_DENIED
- * I don't know yet why.
- */
+ break;
+ default:
+ break;
+ }
+
+ r->out.info->min_password_length = min_password_length;
+ r->out.info->password_properties = password_properties;
+
+ DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__));
return NT_STATUS_OK;
}