diff options
| author | Günther Deschner <gd@samba.org> | 2008-04-04 12:00:26 +0200 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2008-04-04 23:41:56 +0200 |
| commit | 833729125093b884a528057b0aa03891efb9e9b5 (patch) | |
| tree | a644be71d00e4eac10ab93e609ff4527e8eb3c1b | |
| parent | 8c9d6322dea2243e9bc15032af399264c6678c1b (diff) | |
| download | samba-833729125093b884a528057b0aa03891efb9e9b5.tar.gz samba-833729125093b884a528057b0aa03891efb9e9b5.tar.bz2 samba-833729125093b884a528057b0aa03891efb9e9b5.zip | |
Fix _samr_GetUserPwInfo() (to return more then just zeros).
Guenther
(This used to be commit 624371ce32a7c0816963745059e743e5b3e92e2a)
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 53 |
1 files changed, 45 insertions, 8 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index bcb4acbf15..0d9dd554c6 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -627,22 +627,59 @@ NTSTATUS _samr_GetUserPwInfo(pipes_struct *p, struct samr_GetUserPwInfo *r) { struct samr_info *info = NULL; + enum lsa_SidType sid_type; + uint32_t min_password_length = 0; + uint32_t password_properties = 0; + bool ret = false; + NTSTATUS status; + + DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__)); /* find the policy handle. open a policy on it. */ - if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info)) + if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info)) { return NT_STATUS_INVALID_HANDLE; + } - if (!sid_check_is_in_our_domain(&info->sid)) + status = access_check_samr_function(info->acc_granted, + SAMR_USER_ACCESS_GET_ATTRIBUTES, + "_samr_GetUserPwInfo" ); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (!sid_check_is_in_our_domain(&info->sid)) { return NT_STATUS_OBJECT_TYPE_MISMATCH; + } + + become_root(); + ret = lookup_sid(p->mem_ctx, &info->sid, NULL, NULL, &sid_type); + unbecome_root(); + if (ret == false) { + return NT_STATUS_NO_SUCH_USER; + } - ZERO_STRUCTP(r->out.info); + switch (sid_type) { + case SID_NAME_USER: + become_root(); + pdb_get_account_policy(AP_MIN_PASSWORD_LEN, + &min_password_length); + pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, + &password_properties); + unbecome_root(); - DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__)); + if (lp_check_password_script() && *lp_check_password_script()) { + password_properties |= DOMAIN_PASSWORD_COMPLEX; + } - /* - * NT sometimes return NT_STATUS_ACCESS_DENIED - * I don't know yet why. - */ + break; + default: + break; + } + + r->out.info->min_password_length = min_password_length; + r->out.info->password_properties = password_properties; + + DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__)); return NT_STATUS_OK; } |