r897: - user/group creation needs to create unique names across both the

Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
author: Andrew Tridgell <tridge@samba.org> 2004-05-26 04:20:17 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 12:56:18 -0500
commit: 406f345d889d7e804c5d861223fa66abb213bb23 (patch)
tree: 9810ef5e929273582205f8e886fbaea035cb984d /source4/rpc_server/samr
parent: 36c4cf24f03475ded231ebb382f72f28f47f95e0 (diff)
download: samba-406f345d889d7e804c5d861223fa66abb213bb23.tar.gz
samba-406f345d889d7e804c5d861223fa66abb213bb23.tar.bz2
samba-406f345d889d7e804c5d861223fa66abb213bb23.zip
2 files changed, 126 insertions, 2 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 1ffda9795b..da89688d8f 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -427,7 +427,7 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO
 	}
 
 	/* check if the group already exists */
-	name = samdb_search_string(d_state->sam_ctx, mem_ctx, d_state->domain_dn, 
+	name = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL, 
 				   "sAMAccountName",
 				   "(&(sAMAccountName=%s)(objectclass=group))",
 				   groupname);
@@ -573,7 +573,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX
 	}
 
 	/* check if the user already exists */
-	name = samdb_search_string(d_state->sam_ctx, mem_ctx, d_state->domain_dn, 
+	name = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL, 
 				   "sAMAccountName", 
 				   "(&(sAMAccountName=%s)(objectclass=user))", username);
 	if (name != NULL) {
@@ -1711,6 +1711,40 @@ static NTSTATUS samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
 			SET_UINT  (msg, info21.country_code,      "countryCode");
 		IFSET(SAMR_FIELD_CODE_PAGE)    
 			SET_UINT  (msg, info21.code_page,         "codePage");
+#undef IFSET
+		break;
+
+	case 23:
+#define IFSET(bit) if (bit & r->in.info->info23.info.fields_present)
+		IFSET(SAMR_FIELD_NAME)         
+			SET_STRING(msg, info23.info.full_name.name,    "displayName");
+		IFSET(SAMR_FIELD_DESCRIPTION)  
+			SET_STRING(msg, info23.info.description.name,  "description");
+		IFSET(SAMR_FIELD_COMMENT)      
+			SET_STRING(msg, info23.info.comment.name,      "comment");
+		IFSET(SAMR_FIELD_LOGON_SCRIPT) 
+			SET_STRING(msg, info23.info.logon_script.name, "scriptPath");
+		IFSET(SAMR_FIELD_PROFILE)      
+			SET_STRING(msg, info23.info.profile.name,      "profilePath");
+		IFSET(SAMR_FIELD_WORKSTATION)  
+			SET_STRING(msg, info23.info.workstations.name, "userWorkstations");
+		IFSET(SAMR_FIELD_LOGON_HOURS)  
+			SET_LHOURS(msg, info23.info.logon_hours,       "logonHours");
+		IFSET(SAMR_FIELD_CALLBACK)     
+			SET_STRING(msg, info23.info.callback.name,     "userParameters");
+		IFSET(SAMR_FIELD_COUNTRY_CODE) 
+			SET_UINT  (msg, info23.info.country_code,      "countryCode");
+		IFSET(SAMR_FIELD_CODE_PAGE)    
+			SET_UINT  (msg, info23.info.code_page,         "codePage");
+		IFSET(SAMR_FIELD_PASSWORD) {
+			status = samr_set_password(dce_call,
+						   a_state->sam_ctx,
+						   a_state->account_dn,
+						   a_state->domain_state->domain_dn,
+						   mem_ctx, msg, 
+						   &r->in.info->info23.password);
+		}
+#undef IFSET
 		break;
 
 		/* the set password levels are handled separately */
@@ -1722,6 +1756,49 @@ static NTSTATUS samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
 					   mem_ctx, msg, 
 					   &r->in.info->info24.password);
 		break;
+
+	case 25:
+#define IFSET(bit) if (bit & r->in.info->info25.info.fields_present)
+		IFSET(SAMR_FIELD_NAME)         
+			SET_STRING(msg, info25.info.full_name.name,    "displayName");
+		IFSET(SAMR_FIELD_DESCRIPTION)  
+			SET_STRING(msg, info25.info.description.name,  "description");
+		IFSET(SAMR_FIELD_COMMENT)      
+			SET_STRING(msg, info25.info.comment.name,      "comment");
+		IFSET(SAMR_FIELD_LOGON_SCRIPT) 
+			SET_STRING(msg, info25.info.logon_script.name, "scriptPath");
+		IFSET(SAMR_FIELD_PROFILE)      
+			SET_STRING(msg, info25.info.profile.name,      "profilePath");
+		IFSET(SAMR_FIELD_WORKSTATION)  
+			SET_STRING(msg, info25.info.workstations.name, "userWorkstations");
+		IFSET(SAMR_FIELD_LOGON_HOURS)  
+			SET_LHOURS(msg, info25.info.logon_hours,       "logonHours");
+		IFSET(SAMR_FIELD_CALLBACK)     
+			SET_STRING(msg, info25.info.callback.name,     "userParameters");
+		IFSET(SAMR_FIELD_COUNTRY_CODE) 
+			SET_UINT  (msg, info25.info.country_code,      "countryCode");
+		IFSET(SAMR_FIELD_CODE_PAGE)    
+			SET_UINT  (msg, info25.info.code_page,         "codePage");
+		IFSET(SAMR_FIELD_PASSWORD) {
+			status = samr_set_password_ex(dce_call,
+						      a_state->sam_ctx,
+						      a_state->account_dn,
+						      a_state->domain_state->domain_dn,
+						      mem_ctx, msg, 
+						      &r->in.info->info25.password);
+		}
+#undef IFSET
+		break;
+
+		/* the set password levels are handled separately */
+	case 26:
+		status = samr_set_password_ex(dce_call,
+					      a_state->sam_ctx,
+					      a_state->account_dn,
+					      a_state->domain_state->domain_dn,
+					      mem_ctx, msg, 
+					      &r->in.info->info26.password);
+		break;
 		
 
 	default:
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index c912566d09..46c2a41fb2 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -704,3 +704,50 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
 				  NULL);
 }
 
+
+/*
+  set password via a samr_CryptPasswordEx buffer
+  this will in the 'msg' with modify operations that will update the user
+  password when applied
+*/
+NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
+			      void *sam_ctx,
+			      const char *account_dn, const char *domain_dn,
+			      TALLOC_CTX *mem_ctx,
+			      struct ldb_message *msg, 
+			      struct samr_CryptPasswordEx *pwbuf)
+{
+	char new_pass[512];
+	uint32_t new_pass_len;
+	DATA_BLOB co_session_key;
+	DATA_BLOB session_key = dce_call->conn->session_key;
+	struct MD5Context ctx;
+
+	co_session_key = data_blob_talloc(mem_ctx, NULL, 16);
+	if (!co_session_key.data) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	MD5Init(&ctx);
+	MD5Update(&ctx, &pwbuf->data[516], 16);
+	MD5Update(&ctx, session_key.data, session_key.length);
+	MD5Final(co_session_key.data, &ctx);
+	
+	SamOEMhashBlob(pwbuf->data, 516, &co_session_key);
+
+	if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
+			      &new_pass_len, STR_UNICODE)) {
+		DEBUG(3,("samr: failed to decode password buffer\n"));
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+
+	/* set the password - samdb needs to know both the domain and user DNs,
+	   so the domain password policy can be used */
+	return samdb_set_password(sam_ctx, mem_ctx,
+				  account_dn, domain_dn, 
+				  msg, new_pass, 
+				  NULL, NULL,
+				  False,
+				  NULL);
+}
+
author	Andrew Tridgell <tridge@samba.org>	2004-05-26 04:20:17 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 12:56:18 -0500
commit	406f345d889d7e804c5d861223fa66abb213bb23 (patch)
tree	9810ef5e929273582205f8e886fbaea035cb984d /source4/rpc_server/samr
parent	36c4cf24f03475ded231ebb382f72f28f47f95e0 (diff)
download	samba-406f345d889d7e804c5d861223fa66abb213bb23.tar.gz samba-406f345d889d7e804c5d861223fa66abb213bb23.tar.bz2 samba-406f345d889d7e804c5d861223fa66abb213bb23.zip