summaryrefslogtreecommitdiff
path: root/source4/rpc_server/samr
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-05-26 07:34:49 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:56:19 -0500
commit0eb7588cc4d1fa423430e61ccbef19ec2453e164 (patch)
tree002247c0c6f3e90e2c631963230c0585874483a9 /source4/rpc_server/samr
parentefc29ecc21a57e83ac43b875f612e4f6fd20117d (diff)
downloadsamba-0eb7588cc4d1fa423430e61ccbef19ec2453e164.tar.gz
samba-0eb7588cc4d1fa423430e61ccbef19ec2453e164.tar.bz2
samba-0eb7588cc4d1fa423430e61ccbef19ec2453e164.zip
r903: used samdb_result_passwords() in samr_ChangePasswordUser2() and fix the error handling on a bad change.
With this change WinXP can now successfully change the password on a Samba4 server via SAMR. After the change you can't login because the handling of much_change_time seems to be broken in the auth code, but that should be easy to fix. (This used to be commit 8feeecf30377e4699df26d1c5c02d24a8ab021be)
Diffstat (limited to 'source4/rpc_server/samr')
-rw-r--r--source4/rpc_server/samr/samr_password.c30
1 files changed, 14 insertions, 16 deletions
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 46c2a41fb2..89deaa2f09 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -238,12 +238,12 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
const char *user_dn, *domain_dn = NULL;
int ret;
struct ldb_message **res, mod;
- const char * const attrs[] = { "objectSid", "ntPwdHash", NULL };
+ const char * const attrs[] = { "objectSid", "ntPwdHash", "unicodePwd", NULL };
const char * const dom_attrs[] = { "minPwdLength", "pwdHistoryLength",
"pwdProperties", "minPwdAge", "maxPwdAge",
NULL };
const char *domain_sid;
- struct samr_Hash *ntPwdHash;
+ uint8 *nt_pwd;
struct samr_DomInfo1 *dominfo;
struct samr_ChangeReject *reject;
uint32_t reason = 0;
@@ -278,14 +278,13 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
user_dn = res[0]->dn;
- ret = samdb_result_hashes(mem_ctx, res[0], "ntPwdHash", &ntPwdHash);
- if (ret != 1) {
- status = NT_STATUS_WRONG_PASSWORD;
+ status = samdb_result_passwords(mem_ctx, res[0], NULL, &nt_pwd);
+ if (!NT_STATUS_IS_OK(status)) {
goto failed;
}
/* decrypt the password we have been given */
- SamOEMhash(r->in.nt_password->data, ntPwdHash->hash, 516);
+ SamOEMhash(r->in.nt_password->data, nt_pwd, 516);
if (!decode_pw_buffer(r->in.nt_password->data, new_pass, sizeof(new_pass),
&new_pass_len, STR_UNICODE)) {
@@ -338,18 +337,25 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
return NT_STATUS_OK;
failed:
+ ret = samdb_search(sam_ctx,
+ mem_ctx, NULL, &res, dom_attrs,
+ "dn=%s", domain_dn);
if (sam_ctx) {
samdb_close(sam_ctx);
}
+ if (ret != 1) {
+ return status;
+ }
+
/* on failure we need to fill in the reject reasons */
dominfo = talloc_p(mem_ctx, struct samr_DomInfo1);
if (dominfo == NULL) {
- return NT_STATUS_NO_MEMORY;
+ return status;
}
reject = talloc_p(mem_ctx, struct samr_ChangeReject);
if (reject == NULL) {
- return NT_STATUS_NO_MEMORY;
+ return status;
}
ZERO_STRUCTP(dominfo);
@@ -364,14 +370,6 @@ failed:
return status;
}
- ret = samdb_search(sam_ctx,
- mem_ctx, NULL, &res, dom_attrs,
- "dn=%s", domain_dn);
- if (ret != 1) {
- status = NT_STATUS_NO_SUCH_USER;
- goto failed;
- }
-
dominfo->min_pwd_len = samdb_result_uint (res[0], "minPwdLength", 0);
dominfo->password_properties = samdb_result_uint (res[0], "pwdProperties", 0);
dominfo->password_history = samdb_result_uint (res[0], "pwdHistoryLength", 0);