diff options
| author | Andrew Tridgell <tridge@samba.org> | 2004-05-26 07:34:49 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:19 -0500 |
| commit | 0eb7588cc4d1fa423430e61ccbef19ec2453e164 (patch) | |
| tree | 002247c0c6f3e90e2c631963230c0585874483a9 /source4/rpc_server/samr | |
| parent | efc29ecc21a57e83ac43b875f612e4f6fd20117d (diff) | |
| download | samba-0eb7588cc4d1fa423430e61ccbef19ec2453e164.tar.gz samba-0eb7588cc4d1fa423430e61ccbef19ec2453e164.tar.bz2 samba-0eb7588cc4d1fa423430e61ccbef19ec2453e164.zip | |
r903: used samdb_result_passwords() in samr_ChangePasswordUser2() and fix the error handling on a bad change.
With this change WinXP can now successfully change the password on a
Samba4 server via SAMR. After the change you can't login because the
handling of much_change_time seems to be broken in the auth code, but
that should be easy to fix.
(This used to be commit 8feeecf30377e4699df26d1c5c02d24a8ab021be)
Diffstat (limited to 'source4/rpc_server/samr')
| -rw-r--r-- | source4/rpc_server/samr/samr_password.c | 30 |
1 files changed, 14 insertions, 16 deletions
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index 46c2a41fb2..89deaa2f09 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -238,12 +238,12 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, const char *user_dn, *domain_dn = NULL; int ret; struct ldb_message **res, mod; - const char * const attrs[] = { "objectSid", "ntPwdHash", NULL }; + const char * const attrs[] = { "objectSid", "ntPwdHash", "unicodePwd", NULL }; const char * const dom_attrs[] = { "minPwdLength", "pwdHistoryLength", "pwdProperties", "minPwdAge", "maxPwdAge", NULL }; const char *domain_sid; - struct samr_Hash *ntPwdHash; + uint8 *nt_pwd; struct samr_DomInfo1 *dominfo; struct samr_ChangeReject *reject; uint32_t reason = 0; @@ -278,14 +278,13 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, user_dn = res[0]->dn; - ret = samdb_result_hashes(mem_ctx, res[0], "ntPwdHash", &ntPwdHash); - if (ret != 1) { - status = NT_STATUS_WRONG_PASSWORD; + status = samdb_result_passwords(mem_ctx, res[0], NULL, &nt_pwd); + if (!NT_STATUS_IS_OK(status)) { goto failed; } /* decrypt the password we have been given */ - SamOEMhash(r->in.nt_password->data, ntPwdHash->hash, 516); + SamOEMhash(r->in.nt_password->data, nt_pwd, 516); if (!decode_pw_buffer(r->in.nt_password->data, new_pass, sizeof(new_pass), &new_pass_len, STR_UNICODE)) { @@ -338,18 +337,25 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, return NT_STATUS_OK; failed: + ret = samdb_search(sam_ctx, + mem_ctx, NULL, &res, dom_attrs, + "dn=%s", domain_dn); if (sam_ctx) { samdb_close(sam_ctx); } + if (ret != 1) { + return status; + } + /* on failure we need to fill in the reject reasons */ dominfo = talloc_p(mem_ctx, struct samr_DomInfo1); if (dominfo == NULL) { - return NT_STATUS_NO_MEMORY; + return status; } reject = talloc_p(mem_ctx, struct samr_ChangeReject); if (reject == NULL) { - return NT_STATUS_NO_MEMORY; + return status; } ZERO_STRUCTP(dominfo); @@ -364,14 +370,6 @@ failed: return status; } - ret = samdb_search(sam_ctx, - mem_ctx, NULL, &res, dom_attrs, - "dn=%s", domain_dn); - if (ret != 1) { - status = NT_STATUS_NO_SUCH_USER; - goto failed; - } - dominfo->min_pwd_len = samdb_result_uint (res[0], "minPwdLength", 0); dominfo->password_properties = samdb_result_uint (res[0], "pwdProperties", 0); dominfo->password_history = samdb_result_uint (res[0], "pwdHistoryLength", 0); |