diff options
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 130 | ||||
-rw-r--r-- | source3/winbindd/winbindd_passdb.c | 30 |
2 files changed, 59 insertions, 101 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index cb92c6e28e..3322c6a136 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1959,9 +1959,7 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p, if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) || NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_RESTRICTION)) { - uint32 min_pass_len,pass_hist,password_properties; time_t u_expire, u_min_age; - NTTIME nt_expire, nt_min_age; uint32 account_policy_temp; dominfo = TALLOC_ZERO_P(p->mem_ctx, struct samr_DomInfo1); @@ -1978,14 +1976,14 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p, /* AS ROOT !!! */ - pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp); - min_pass_len = account_policy_temp; + pdb_get_account_policy(AP_MIN_PASSWORD_LEN, + (uint32_t *)&dominfo->min_password_length); - pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp); - pass_hist = account_policy_temp; + pdb_get_account_policy(AP_PASSWORD_HISTORY, + (uint32_t *)&dominfo->password_history_length); - pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp); - password_properties = account_policy_temp; + pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, + &dominfo->password_properties); pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp); u_expire = account_policy_temp; @@ -1997,20 +1995,13 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p, unbecome_root(); - unix_to_nt_time_abs(&nt_expire, u_expire); - unix_to_nt_time_abs(&nt_min_age, u_min_age); + unix_to_nt_time_abs((NTTIME *)&dominfo->max_password_age, u_expire); + unix_to_nt_time_abs((NTTIME *)&dominfo->min_password_age, u_min_age); if (lp_check_password_script() && *lp_check_password_script()) { - password_properties |= DOMAIN_PASSWORD_COMPLEX; + dominfo->password_properties |= DOMAIN_PASSWORD_COMPLEX; } - init_samr_DomInfo1(dominfo, - min_pass_len, - pass_hist, - password_properties, - u_expire, - u_min_age); - reject->reason = reject_reason; *r->out.dominfo = dominfo; @@ -2814,23 +2805,16 @@ NTSTATUS _samr_QueryDomainInfo(pipes_struct *p, NTSTATUS status = NT_STATUS_OK; struct samr_info *info = NULL; union samr_DomainInfo *dom_info; - uint32 min_pass_len,pass_hist,password_properties; time_t u_expire, u_min_age; - NTTIME nt_expire, nt_min_age; time_t u_lock_duration, u_reset_time; - NTTIME nt_lock_duration, nt_reset_time; - uint32 lockout; - time_t u_logout; - NTTIME nt_logout; + uint32_t u_logout; uint32 account_policy_temp; time_t seq_num; uint32 server_role; - uint32 num_users=0, num_groups=0, num_aliases=0; - DEBUG(5,("_samr_QueryDomainInfo: %d\n", __LINE__)); dom_info = TALLOC_ZERO_P(p->mem_ctx, union samr_DomainInfo); @@ -2857,14 +2841,14 @@ NTSTATUS _samr_QueryDomainInfo(pipes_struct *p, /* AS ROOT !!! */ - pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp); - min_pass_len = account_policy_temp; + pdb_get_account_policy(AP_MIN_PASSWORD_LEN, + (uint32_t *)&dom_info->info1.min_password_length); - pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp); - pass_hist = account_policy_temp; + pdb_get_account_policy(AP_PASSWORD_HISTORY, + (uint32_t *)&dom_info->info1.password_history_length); - pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp); - password_properties = account_policy_temp; + pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, + &dom_info->info1.password_properties); pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp); u_expire = account_policy_temp; @@ -2876,19 +2860,13 @@ NTSTATUS _samr_QueryDomainInfo(pipes_struct *p, unbecome_root(); - unix_to_nt_time_abs(&nt_expire, u_expire); - unix_to_nt_time_abs(&nt_min_age, u_min_age); + unix_to_nt_time_abs((NTTIME *)&dom_info->info1.max_password_age, u_expire); + unix_to_nt_time_abs((NTTIME *)&dom_info->info1.min_password_age, u_min_age); if (lp_check_password_script() && *lp_check_password_script()) { - password_properties |= DOMAIN_PASSWORD_COMPLEX; + dom_info->info1.password_properties |= DOMAIN_PASSWORD_COMPLEX; } - init_samr_DomInfo1(&dom_info->info1, - (uint16)min_pass_len, - (uint16)pass_hist, - password_properties, - nt_expire, - nt_min_age); break; case 0x02: @@ -2896,14 +2874,13 @@ NTSTATUS _samr_QueryDomainInfo(pipes_struct *p, /* AS ROOT !!! */ - num_users = count_sam_users(info->disp_info, ACB_NORMAL); - num_groups = count_sam_groups(info->disp_info); - num_aliases = count_sam_aliases(info->disp_info); + dom_info->general.num_users = count_sam_users(info->disp_info, ACB_NORMAL); + dom_info->general.num_groups = count_sam_groups(info->disp_info); + dom_info->general.num_aliases = count_sam_aliases(info->disp_info); - pdb_get_account_policy(AP_TIME_TO_LOGOUT, &account_policy_temp); - u_logout = account_policy_temp; + pdb_get_account_policy(AP_TIME_TO_LOGOUT, &u_logout); - unix_to_nt_time_abs(&nt_logout, u_logout); + unix_to_nt_time_abs(&dom_info->general.force_logoff_time, u_logout); if (!pdb_get_seq_num(&seq_num)) seq_num = time(NULL); @@ -2916,18 +2893,14 @@ NTSTATUS _samr_QueryDomainInfo(pipes_struct *p, if (lp_server_role() == ROLE_DOMAIN_BDC) server_role = ROLE_DOMAIN_BDC; - init_samr_DomGeneralInformation(&dom_info->general, - nt_logout, - lp_serverstring(), - lp_workgroup(), - global_myname(), - seq_num, - DOMAIN_SERVER_ENABLED, - server_role, - 1, - num_users, - num_groups, - num_aliases); + dom_info->general.oem_information.string = lp_serverstring(); + dom_info->general.domain_name.string = lp_workgroup(); + dom_info->general.primary.string = global_myname(); + dom_info->general.sequence_num = seq_num; + dom_info->general.domain_server_state = DOMAIN_SERVER_ENABLED; + dom_info->general.role = server_role; + dom_info->general.unknown3 = 1; + break; case 0x03: @@ -2945,34 +2918,27 @@ NTSTATUS _samr_QueryDomainInfo(pipes_struct *p, unbecome_root(); - unix_to_nt_time_abs(&nt_logout, u_logout); - - init_samr_DomInfo3(&dom_info->info3, - nt_logout); + unix_to_nt_time_abs(&dom_info->info3.force_logoff_time, u_logout); break; case 0x04: - init_samr_DomOEMInformation(&dom_info->oem, - lp_serverstring()); + dom_info->oem.oem_information.string = lp_serverstring(); break; case 0x05: - init_samr_DomInfo5(&dom_info->info5, - get_global_sam_name()); + dom_info->info5.domain_name.string = get_global_sam_name(); break; case 0x06: /* NT returns its own name when a PDC. win2k and later * only the name of the PDC if itself is a BDC (samba4 * idl) */ - init_samr_DomInfo6(&dom_info->info6, - global_myname()); + dom_info->info6.primary.string = global_myname(); break; case 0x07: server_role = ROLE_DOMAIN_PDC; if (lp_server_role() == ROLE_DOMAIN_BDC) server_role = ROLE_DOMAIN_BDC; - init_samr_DomInfo7(&dom_info->info7, - server_role); + dom_info->info7.role = server_role; break; case 0x08: @@ -2988,9 +2954,9 @@ NTSTATUS _samr_QueryDomainInfo(pipes_struct *p, unbecome_root(); - init_samr_DomInfo8(&dom_info->info8, - seq_num, - 0); + dom_info->info8.sequence_num = seq_num; + dom_info->info8.domain_create_time = 0; + break; case 0x0c: @@ -3007,21 +2973,19 @@ NTSTATUS _samr_QueryDomainInfo(pipes_struct *p, pdb_get_account_policy(AP_RESET_COUNT_TIME, &account_policy_temp); u_reset_time = account_policy_temp * 60; - pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp); - lockout = account_policy_temp; + pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, + (uint32_t *)&dom_info->info12.lockout_threshold); /* !AS ROOT */ unbecome_root(); - unix_to_nt_time_abs(&nt_lock_duration, u_lock_duration); - unix_to_nt_time_abs(&nt_reset_time, u_reset_time); + unix_to_nt_time_abs(&dom_info->info12.lockout_duration, + u_lock_duration); + unix_to_nt_time_abs(&dom_info->info12.lockout_window, + u_reset_time); - init_samr_DomInfo12(&dom_info->info12, - nt_lock_duration, - nt_reset_time, - (uint16)lockout); - break; + break; default: return NT_STATUS_INVALID_INFO_CLASS; } diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c index 101854ae94..d754373216 100644 --- a/source3/winbindd/winbindd_passdb.c +++ b/source3/winbindd/winbindd_passdb.c @@ -324,30 +324,29 @@ static NTSTATUS password_policy(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, struct samr_DomInfo1 *policy) { - uint32 min_pass_len,pass_hist,password_properties; + struct samr_DomInfo1 *p; time_t u_expire, u_min_age; - NTTIME nt_expire, nt_min_age; uint32 account_policy_temp; - if ((policy = TALLOC_ZERO_P(mem_ctx, struct samr_DomInfo1)) == NULL) { + if ((p = TALLOC_ZERO_P(mem_ctx, struct samr_DomInfo1)) == NULL) { return NT_STATUS_NO_MEMORY; } - if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp)) { + if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN, + (uint32_t *)&p->min_password_length)) { return NT_STATUS_ACCESS_DENIED; } - min_pass_len = account_policy_temp; - if (!pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp)) { + if (!pdb_get_account_policy(AP_PASSWORD_HISTORY, + (uint32_t *)&p->password_history_length)) { return NT_STATUS_ACCESS_DENIED; } - pass_hist = account_policy_temp; - if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp)) { + if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, + &p->password_properties)) { return NT_STATUS_ACCESS_DENIED; } - password_properties = account_policy_temp; - + if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp)) { return NT_STATUS_ACCESS_DENIED; } @@ -358,15 +357,10 @@ static NTSTATUS password_policy(struct winbindd_domain *domain, } u_min_age = account_policy_temp; - unix_to_nt_time_abs(&nt_expire, u_expire); - unix_to_nt_time_abs(&nt_min_age, u_min_age); + unix_to_nt_time_abs((NTTIME *)&p->max_password_age, u_expire); + unix_to_nt_time_abs((NTTIME *)&p->min_password_age, u_min_age); - init_samr_DomInfo1(policy, - (uint16)min_pass_len, - (uint16)pass_hist, - password_properties, - nt_expire, - nt_min_age); + policy = p; return NT_STATUS_OK; } |