summaryrefslogtreecommitdiff
path: root/source4/rpc_server
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-05-26 04:20:17 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:56:18 -0500
commit406f345d889d7e804c5d861223fa66abb213bb23 (patch)
tree9810ef5e929273582205f8e886fbaea035cb984d /source4/rpc_server
parent36c4cf24f03475ded231ebb382f72f28f47f95e0 (diff)
downloadsamba-406f345d889d7e804c5d861223fa66abb213bb23.tar.gz
samba-406f345d889d7e804c5d861223fa66abb213bb23.tar.bz2
samba-406f345d889d7e804c5d861223fa66abb213bb23.zip
r897: - user/group creation needs to create unique names across both the
Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
Diffstat (limited to 'source4/rpc_server')
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c81
-rw-r--r--source4/rpc_server/samr/samr_password.c47
2 files changed, 126 insertions, 2 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 1ffda9795b..da89688d8f 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -427,7 +427,7 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO
}
/* check if the group already exists */
- name = samdb_search_string(d_state->sam_ctx, mem_ctx, d_state->domain_dn,
+ name = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
"sAMAccountName",
"(&(sAMAccountName=%s)(objectclass=group))",
groupname);
@@ -573,7 +573,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX
}
/* check if the user already exists */
- name = samdb_search_string(d_state->sam_ctx, mem_ctx, d_state->domain_dn,
+ name = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
"sAMAccountName",
"(&(sAMAccountName=%s)(objectclass=user))", username);
if (name != NULL) {
@@ -1711,6 +1711,40 @@ static NTSTATUS samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
SET_UINT (msg, info21.country_code, "countryCode");
IFSET(SAMR_FIELD_CODE_PAGE)
SET_UINT (msg, info21.code_page, "codePage");
+#undef IFSET
+ break;
+
+ case 23:
+#define IFSET(bit) if (bit & r->in.info->info23.info.fields_present)
+ IFSET(SAMR_FIELD_NAME)
+ SET_STRING(msg, info23.info.full_name.name, "displayName");
+ IFSET(SAMR_FIELD_DESCRIPTION)
+ SET_STRING(msg, info23.info.description.name, "description");
+ IFSET(SAMR_FIELD_COMMENT)
+ SET_STRING(msg, info23.info.comment.name, "comment");
+ IFSET(SAMR_FIELD_LOGON_SCRIPT)
+ SET_STRING(msg, info23.info.logon_script.name, "scriptPath");
+ IFSET(SAMR_FIELD_PROFILE)
+ SET_STRING(msg, info23.info.profile.name, "profilePath");
+ IFSET(SAMR_FIELD_WORKSTATION)
+ SET_STRING(msg, info23.info.workstations.name, "userWorkstations");
+ IFSET(SAMR_FIELD_LOGON_HOURS)
+ SET_LHOURS(msg, info23.info.logon_hours, "logonHours");
+ IFSET(SAMR_FIELD_CALLBACK)
+ SET_STRING(msg, info23.info.callback.name, "userParameters");
+ IFSET(SAMR_FIELD_COUNTRY_CODE)
+ SET_UINT (msg, info23.info.country_code, "countryCode");
+ IFSET(SAMR_FIELD_CODE_PAGE)
+ SET_UINT (msg, info23.info.code_page, "codePage");
+ IFSET(SAMR_FIELD_PASSWORD) {
+ status = samr_set_password(dce_call,
+ a_state->sam_ctx,
+ a_state->account_dn,
+ a_state->domain_state->domain_dn,
+ mem_ctx, msg,
+ &r->in.info->info23.password);
+ }
+#undef IFSET
break;
/* the set password levels are handled separately */
@@ -1722,6 +1756,49 @@ static NTSTATUS samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
mem_ctx, msg,
&r->in.info->info24.password);
break;
+
+ case 25:
+#define IFSET(bit) if (bit & r->in.info->info25.info.fields_present)
+ IFSET(SAMR_FIELD_NAME)
+ SET_STRING(msg, info25.info.full_name.name, "displayName");
+ IFSET(SAMR_FIELD_DESCRIPTION)
+ SET_STRING(msg, info25.info.description.name, "description");
+ IFSET(SAMR_FIELD_COMMENT)
+ SET_STRING(msg, info25.info.comment.name, "comment");
+ IFSET(SAMR_FIELD_LOGON_SCRIPT)
+ SET_STRING(msg, info25.info.logon_script.name, "scriptPath");
+ IFSET(SAMR_FIELD_PROFILE)
+ SET_STRING(msg, info25.info.profile.name, "profilePath");
+ IFSET(SAMR_FIELD_WORKSTATION)
+ SET_STRING(msg, info25.info.workstations.name, "userWorkstations");
+ IFSET(SAMR_FIELD_LOGON_HOURS)
+ SET_LHOURS(msg, info25.info.logon_hours, "logonHours");
+ IFSET(SAMR_FIELD_CALLBACK)
+ SET_STRING(msg, info25.info.callback.name, "userParameters");
+ IFSET(SAMR_FIELD_COUNTRY_CODE)
+ SET_UINT (msg, info25.info.country_code, "countryCode");
+ IFSET(SAMR_FIELD_CODE_PAGE)
+ SET_UINT (msg, info25.info.code_page, "codePage");
+ IFSET(SAMR_FIELD_PASSWORD) {
+ status = samr_set_password_ex(dce_call,
+ a_state->sam_ctx,
+ a_state->account_dn,
+ a_state->domain_state->domain_dn,
+ mem_ctx, msg,
+ &r->in.info->info25.password);
+ }
+#undef IFSET
+ break;
+
+ /* the set password levels are handled separately */
+ case 26:
+ status = samr_set_password_ex(dce_call,
+ a_state->sam_ctx,
+ a_state->account_dn,
+ a_state->domain_state->domain_dn,
+ mem_ctx, msg,
+ &r->in.info->info26.password);
+ break;
default:
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index c912566d09..46c2a41fb2 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -704,3 +704,50 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
NULL);
}
+
+/*
+ set password via a samr_CryptPasswordEx buffer
+ this will in the 'msg' with modify operations that will update the user
+ password when applied
+*/
+NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
+ void *sam_ctx,
+ const char *account_dn, const char *domain_dn,
+ TALLOC_CTX *mem_ctx,
+ struct ldb_message *msg,
+ struct samr_CryptPasswordEx *pwbuf)
+{
+ char new_pass[512];
+ uint32_t new_pass_len;
+ DATA_BLOB co_session_key;
+ DATA_BLOB session_key = dce_call->conn->session_key;
+ struct MD5Context ctx;
+
+ co_session_key = data_blob_talloc(mem_ctx, NULL, 16);
+ if (!co_session_key.data) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ MD5Init(&ctx);
+ MD5Update(&ctx, &pwbuf->data[516], 16);
+ MD5Update(&ctx, session_key.data, session_key.length);
+ MD5Final(co_session_key.data, &ctx);
+
+ SamOEMhashBlob(pwbuf->data, 516, &co_session_key);
+
+ if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
+ &new_pass_len, STR_UNICODE)) {
+ DEBUG(3,("samr: failed to decode password buffer\n"));
+ return NT_STATUS_WRONG_PASSWORD;
+ }
+
+ /* set the password - samdb needs to know both the domain and user DNs,
+ so the domain password policy can be used */
+ return samdb_set_password(sam_ctx, mem_ctx,
+ account_dn, domain_dn,
+ msg, new_pass,
+ NULL, NULL,
+ False,
+ NULL);
+}
+