diff options
author | Günther Deschner <gd@samba.org> | 2009-05-07 23:56:22 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2009-05-08 00:46:54 +0200 |
commit | 227b61d7ea9895240e0e7f554fbb10d3e78feaae (patch) | |
tree | bd0538fed2d8ba8f97ff3bd0dae49915f4674747 /source3/rpc_server | |
parent | 5773d7d10253f6f53a9ae96e9979a87393b242a6 (diff) | |
download | samba-227b61d7ea9895240e0e7f554fbb10d3e78feaae.tar.gz samba-227b61d7ea9895240e0e7f554fbb10d3e78feaae.tar.bz2 samba-227b61d7ea9895240e0e7f554fbb10d3e78feaae.zip |
s3-samr: Do not leak information whether a user exist or not in pwd change calls.
Found by torture test.
Guenther
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 1a1b5e9a74..6bd5635f2d 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1914,6 +1914,10 @@ NTSTATUS _samr_ChangePasswordUser2(pipes_struct *p, DEBUG(5,("_samr_ChangePasswordUser2: %d\n", __LINE__)); + if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { + return NT_STATUS_WRONG_PASSWORD; + } + return status; } @@ -1960,6 +1964,10 @@ NTSTATUS _samr_OemChangePasswordUser2(pipes_struct *p, 0, NULL); + if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { + return NT_STATUS_WRONG_PASSWORD; + } + DEBUG(5,("_samr_OemChangePasswordUser2: %d\n", __LINE__)); return status; @@ -2007,6 +2015,9 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p, r->in.nt_password->data, r->in.nt_verifier->hash, &reject_reason); + if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { + return NT_STATUS_WRONG_PASSWORD; + } if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) || NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_RESTRICTION)) { |