summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h2
-rw-r--r--source3/rpc_client/cli_samr.c2
-rw-r--r--source3/rpc_server/srv_samr_nt.c7
-rw-r--r--source3/rpcclient/cmd_samr.c21
-rw-r--r--source3/smbd/chgpasswd.c18
-rw-r--r--source3/winbindd/winbindd_pam.c4
-rw-r--r--source4/dsdb/common/util.c25
-rw-r--r--source4/kdc/kpasswdd.c17
-rw-r--r--source4/rpc_server/samr/samr_password.c39
-rw-r--r--source4/torture/rpc/samr.c54
10 files changed, 95 insertions, 94 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index d31483a02e..dd46bdda83 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -5427,7 +5427,7 @@ NTSTATUS rpccli_samr_chgpasswd_user3(struct rpc_pipe_client *cli,
const char *newpassword,
const char *oldpassword,
struct samr_DomInfo1 **dominfo1,
- struct samr_ChangeReject **reject);
+ struct userPwdChangeFailureInformation **reject);
void get_query_dispinfo_params(int loop_count, uint32 *max_entries,
uint32 *max_size);
NTSTATUS rpccli_try_samr_connects(struct rpc_pipe_client *cli,
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index 5a0dff2965..df22ecb284 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -187,7 +187,7 @@ NTSTATUS rpccli_samr_chgpasswd_user3(struct rpc_pipe_client *cli,
const char *newpassword,
const char *oldpassword,
struct samr_DomInfo1 **dominfo1,
- struct samr_ChangeReject **reject)
+ struct userPwdChangeFailureInformation **reject)
{
NTSTATUS status;
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 9e95c48033..d3a3372107 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2025,7 +2025,7 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
const char *wks = NULL;
uint32 reject_reason;
struct samr_DomInfo1 *dominfo = NULL;
- struct samr_ChangeReject *reject = NULL;
+ struct userPwdChangeFailureInformation *reject = NULL;
uint32_t tmp;
DEBUG(5,("_samr_ChangePasswordUser3: %d\n", __LINE__));
@@ -2070,7 +2070,8 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
return NT_STATUS_NO_MEMORY;
}
- reject = TALLOC_ZERO_P(p->mem_ctx, struct samr_ChangeReject);
+ reject = TALLOC_ZERO_P(p->mem_ctx,
+ struct userPwdChangeFailureInformation);
if (!reject) {
return NT_STATUS_NO_MEMORY;
}
@@ -2105,7 +2106,7 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
dominfo->password_properties |= DOMAIN_PASSWORD_COMPLEX;
}
- reject->reason = reject_reason;
+ reject->extendedFailureReason = reject_reason;
*r->out.dominfo = dominfo;
*r->out.reject = reject;
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 699b54d364..e52411f8f7 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -2538,7 +2538,7 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
const char *user, *oldpass, *newpass;
uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
struct samr_DomInfo1 *info = NULL;
- struct samr_ChangeReject *reject = NULL;
+ struct userPwdChangeFailureInformation *reject = NULL;
if (argc < 3) {
printf("Usage: %s username oldpass newpass\n", argv[0]);
@@ -2581,22 +2581,19 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
display_sam_dom_info_1(info);
- switch (reject->reason) {
- case SAMR_REJECT_TOO_SHORT:
- d_printf("SAMR_REJECT_TOO_SHORT\n");
+ switch (reject->extendedFailureReason) {
+ case SAM_PWD_CHANGE_PASSWORD_TOO_SHORT:
+ d_printf("SAM_PWD_CHANGE_PASSWORD_TOO_SHORT\n");
break;
- case SAMR_REJECT_IN_HISTORY:
- d_printf("SAMR_REJECT_IN_HISTORY\n");
+ case SAM_PWD_CHANGE_PWD_IN_HISTORY:
+ d_printf("SAM_PWD_CHANGE_PWD_IN_HISTORY\n");
break;
- case SAMR_REJECT_COMPLEXITY:
- d_printf("SAMR_REJECT_COMPLEXITY\n");
- break;
- case SAMR_REJECT_OTHER:
- d_printf("SAMR_REJECT_OTHER\n");
+ case SAM_PWD_CHANGE_NOT_COMPLEX:
+ d_printf("SAM_PWD_CHANGE_NOT_COMPLEX\n");
break;
default:
d_printf("unknown reject reason: %d\n",
- reject->reason);
+ reject->extendedFailureReason);
break;
}
}
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index eaee3d8509..e2069060aa 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -778,7 +778,7 @@ NTSTATUS pass_oem_change(char *user,
const uchar old_lm_hash_encrypted[16],
uchar password_encrypted_with_nt_hash[516],
const uchar old_nt_hash_encrypted[16],
- uint32 *reject_reason)
+ enum samPwdChangeReason *reject_reason)
{
char *new_passwd = NULL;
struct samu *sampass = NULL;
@@ -1081,7 +1081,7 @@ static bool check_passwd_history(struct samu *sampass, const char *plaintext)
is correct before calling. JRA.
************************************************************/
-NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passwd, bool as_root, uint32 *samr_reject_reason)
+NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passwd, bool as_root, enum samPwdChangeReason *samr_reject_reason)
{
uint32 min_len;
uint32 refuse;
@@ -1091,14 +1091,14 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
time_t can_change_time = pdb_get_pass_can_change_time(hnd);
if (samr_reject_reason) {
- *samr_reject_reason = Undefined;
+ *samr_reject_reason = SAM_PWD_CHANGE_NO_ERROR;
}
/* check to see if the secdesc has previously been set to disallow */
if (!pdb_get_pass_can_change(hnd)) {
DEBUG(1, ("user %s does not have permissions to change password\n", username));
if (samr_reject_reason) {
- *samr_reject_reason = SAMR_REJECT_OTHER;
+ *samr_reject_reason = SAM_PWD_CHANGE_NO_ERROR;
}
return NT_STATUS_ACCOUNT_RESTRICTION;
}
@@ -1112,7 +1112,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
"denied by Refuse Machine Password Change policy\n",
username));
if (samr_reject_reason) {
- *samr_reject_reason = SAMR_REJECT_OTHER;
+ *samr_reject_reason = SAM_PWD_CHANGE_NO_ERROR;
}
return NT_STATUS_ACCOUNT_RESTRICTION;
}
@@ -1125,7 +1125,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
"wait until %s\n", username,
http_timestring(tosctx, can_change_time)));
if (samr_reject_reason) {
- *samr_reject_reason = SAMR_REJECT_OTHER;
+ *samr_reject_reason = SAM_PWD_CHANGE_NO_ERROR;
}
return NT_STATUS_ACCOUNT_RESTRICTION;
}
@@ -1135,7 +1135,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
username));
DEBUGADD(1, (" account policy min password len = %d\n", min_len));
if (samr_reject_reason) {
- *samr_reject_reason = SAMR_REJECT_TOO_SHORT;
+ *samr_reject_reason = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT;
}
return NT_STATUS_PASSWORD_RESTRICTION;
/* return NT_STATUS_PWD_TOO_SHORT; */
@@ -1143,7 +1143,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
if (check_passwd_history(hnd,new_passwd)) {
if (samr_reject_reason) {
- *samr_reject_reason = SAMR_REJECT_IN_HISTORY;
+ *samr_reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@@ -1171,7 +1171,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
if (check_ret != 0) {
DEBUG(1, ("change_oem_password: check password script said new password is not good enough!\n"));
if (samr_reject_reason) {
- *samr_reject_reason = SAMR_REJECT_COMPLEXITY;
+ *samr_reject_reason = SAM_PWD_CHANGE_NOT_COMPLEX;
}
TALLOC_FREE(pass);
return NT_STATUS_PASSWORD_RESTRICTION;
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 178b3ea74b..edbaa55e9b 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -2060,7 +2060,7 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact
struct rpc_pipe_client *cli;
bool got_info = false;
struct samr_DomInfo1 *info = NULL;
- struct samr_ChangeReject *reject = NULL;
+ struct userPwdChangeFailureInformation *reject = NULL;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
fstring domain, user;
@@ -2102,7 +2102,7 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact
fill_in_password_policy(state->response, info);
state->response->data.auth.reject_reason =
- reject->reason;
+ reject->extendedFailureReason;
got_info = true;
}
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index ce74c7b19c..9a8b59e55d 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1583,7 +1583,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
struct samr_Password *param_lmNewHash,
struct samr_Password *param_ntNewHash,
bool user_change,
- enum samr_RejectReason *reject_reason,
+ enum samPwdChangeReason *reject_reason,
struct samr_DomInfo1 **_dominfo)
{
const char * const user_attrs[] = { "userAccountControl",
@@ -1702,7 +1702,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
&& (minPwdLength > utf16_len_n(
new_password->data, new_password->length)/2)) {
if (reject_reason) {
- *reject_reason = SAMR_REJECT_TOO_SHORT;
+ *reject_reason = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@@ -1726,7 +1726,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
& DOMAIN_PASSWORD_COMPLEX) != 0)
&& (!check_password_quality(new_pass))) {
if (reject_reason) {
- *reject_reason = SAMR_REJECT_COMPLEXITY;
+ *reject_reason = SAM_PWD_CHANGE_NOT_COMPLEX;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@@ -1742,7 +1742,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
/* are all password changes disallowed? */
if ((pwdProperties & DOMAIN_REFUSE_PASSWORD_CHANGE) != 0) {
if (reject_reason) {
- *reject_reason = SAMR_REJECT_OTHER;
+ *reject_reason = SAM_PWD_CHANGE_NO_ERROR;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@@ -1750,7 +1750,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
/* can this user change the password? */
if ((userAccountControl & UF_PASSWD_CANT_CHANGE) != 0) {
if (reject_reason) {
- *reject_reason = SAMR_REJECT_OTHER;
+ *reject_reason = SAM_PWD_CHANGE_NO_ERROR;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@@ -1758,7 +1758,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
/* Password minimum age: yes, this is a minus. The ages are in negative 100nsec units! */
if (pwdLastSet - minPwdAge > now_nt) {
if (reject_reason) {
- *reject_reason = SAMR_REJECT_OTHER;
+ *reject_reason = SAM_PWD_CHANGE_NO_ERROR;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@@ -1768,14 +1768,14 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
if (lmNewHash && lmPwdHash && memcmp(lmNewHash->hash,
lmPwdHash->hash, 16) == 0) {
if (reject_reason) {
- *reject_reason = SAMR_REJECT_IN_HISTORY;
+ *reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
if (ntNewHash && ntPwdHash && memcmp(ntNewHash->hash,
ntPwdHash->hash, 16) == 0) {
if (reject_reason) {
- *reject_reason = SAMR_REJECT_IN_HISTORY;
+ *reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@@ -1791,7 +1791,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
if (memcmp(lmNewHash->hash, sambaLMPwdHistory[i].hash,
16) == 0) {
if (reject_reason) {
- *reject_reason = SAMR_REJECT_IN_HISTORY;
+ *reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@@ -1800,7 +1800,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
if (memcmp(ntNewHash->hash, sambaNTPwdHistory[i].hash,
16) == 0) {
if (reject_reason) {
- *reject_reason = SAMR_REJECT_IN_HISTORY;
+ *reject_reason = SAM_PWD_CHANGE_PWD_IN_HISTORY;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@@ -1833,6 +1833,9 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
}
}
+ if (reject_reason) {
+ *reject_reason = SAM_PWD_CHANGE_NO_ERROR;
+ }
return NT_STATUS_OK;
}
@@ -1851,7 +1854,7 @@ NTSTATUS samdb_set_password_sid(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
struct samr_Password *lmNewHash,
struct samr_Password *ntNewHash,
bool user_change,
- enum samr_RejectReason *reject_reason,
+ enum samPwdChangeReason *reject_reason,
struct samr_DomInfo1 **_dominfo)
{
NTSTATUS nt_status;
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index 9664d1b016..f9bd683e88 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -113,7 +113,7 @@ static bool kpasswdd_make_unauth_error_reply(struct kdc_server *kdc,
static bool kpasswd_make_pwchange_reply(struct kdc_server *kdc,
TALLOC_CTX *mem_ctx,
NTSTATUS status,
- enum samr_RejectReason reject_reason,
+ enum samPwdChangeReason reject_reason,
struct samr_DomInfo1 *dominfo,
DATA_BLOB *error_blob)
{
@@ -132,17 +132,16 @@ static bool kpasswd_make_pwchange_reply(struct kdc_server *kdc,
if (dominfo && NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
const char *reject_string;
switch (reject_reason) {
- case SAMR_REJECT_TOO_SHORT:
+ case SAM_PWD_CHANGE_PASSWORD_TOO_SHORT:
reject_string = talloc_asprintf(mem_ctx, "Password too short, password must be at least %d characters long",
dominfo->min_password_length);
break;
- case SAMR_REJECT_COMPLEXITY:
+ case SAM_PWD_CHANGE_NOT_COMPLEX:
reject_string = "Password does not meet complexity requirements";
break;
- case SAMR_REJECT_IN_HISTORY:
+ case SAM_PWD_CHANGE_PWD_IN_HISTORY:
reject_string = "Password is already in password history";
break;
- case SAMR_REJECT_OTHER:
default:
reject_string = talloc_asprintf(mem_ctx, "Password must be at least %d characters long, and cannot match any of your %d previous passwords",
dominfo->min_password_length, dominfo->password_history_length);
@@ -178,7 +177,7 @@ static bool kpasswdd_change_password(struct kdc_server *kdc,
DATA_BLOB *reply)
{
NTSTATUS status;
- enum samr_RejectReason reject_reason;
+ enum samPwdChangeReason reject_reason;
struct samr_DomInfo1 *dominfo;
struct ldb_context *samdb;
@@ -248,7 +247,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
case KRB5_KPASSWD_VERS_SETPW:
{
NTSTATUS status;
- enum samr_RejectReason reject_reason = SAMR_REJECT_OTHER;
+ enum samPwdChangeReason reject_reason = SAM_PWD_CHANGE_NO_ERROR;
struct samr_DomInfo1 *dominfo = NULL;
struct ldb_context *samdb;
struct ldb_message *msg;
@@ -349,7 +348,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
status = NT_STATUS_TRANSACTION_ABORTED;
return kpasswd_make_pwchange_reply(kdc, mem_ctx,
status,
- SAMR_REJECT_OTHER,
+ SAM_PWD_CHANGE_NO_ERROR,
NULL,
reply);
}
@@ -362,7 +361,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
ldb_transaction_cancel(samdb);
return kpasswd_make_pwchange_reply(kdc, mem_ctx,
status,
- SAMR_REJECT_OTHER,
+ SAM_PWD_CHANGE_NO_ERROR,
NULL,
reply);
}
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 450af82895..1e6eb47e86 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -177,8 +177,9 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
/*
samr_OemChangePasswordUser2
*/
-NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct samr_OemChangePasswordUser2 *r)
+NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
+ TALLOC_CTX *mem_ctx,
+ struct samr_OemChangePasswordUser2 *r)
{
NTSTATUS status;
DATA_BLOB new_password, new_unicode_password;
@@ -335,8 +336,8 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
samr_ChangePasswordUser3
*/
NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
- TALLOC_CTX *mem_ctx,
- struct samr_ChangePasswordUser3 *r)
+ TALLOC_CTX *mem_ctx,
+ struct samr_ChangePasswordUser3 *r)
{
NTSTATUS status;
DATA_BLOB new_password;
@@ -348,8 +349,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
struct samr_Password *nt_pwd, *lm_pwd;
DATA_BLOB nt_pwd_blob;
struct samr_DomInfo1 *dominfo = NULL;
- struct samr_ChangeReject *reject = NULL;
- enum samr_RejectReason reason = SAMR_REJECT_OTHER;
+ struct userPwdChangeFailureInformation *reject = NULL;
+ enum samPwdChangeReason reason = SAM_PWD_CHANGE_NO_ERROR;
uint8_t new_nt_hash[16], new_lm_hash[16];
struct samr_Password nt_verifier, lm_verifier;
@@ -465,6 +466,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
true, /* this is a user password change */
&reason,
&dominfo);
+
if (!NT_STATUS_IS_OK(status)) {
goto failed;
}
@@ -494,18 +496,16 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
failed:
ldb_transaction_cancel(sam_ctx);
- talloc_free(sam_ctx);
- reject = talloc(mem_ctx, struct samr_ChangeReject);
- *r->out.dominfo = dominfo;
- *r->out.reject = reject;
+ reject = talloc(mem_ctx, struct userPwdChangeFailureInformation);
+ if (reject != NULL) {
+ ZERO_STRUCTP(reject);
+ reject->extendedFailureReason = reason;
- if (reject == NULL) {
- return status;
+ *r->out.reject = reject;
}
- ZERO_STRUCTP(reject);
- reject->reason = reason;
+ *r->out.dominfo = dominfo;
return status;
}
@@ -516,12 +516,13 @@ failed:
easy - just a subset of samr_ChangePasswordUser3
*/
-NTSTATUS dcesrv_samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct samr_ChangePasswordUser2 *r)
+NTSTATUS dcesrv_samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call,
+ TALLOC_CTX *mem_ctx,
+ struct samr_ChangePasswordUser2 *r)
{
struct samr_ChangePasswordUser3 r2;
struct samr_DomInfo1 *dominfo = NULL;
- struct samr_ChangeReject *reject = NULL;
+ struct userPwdChangeFailureInformation *reject = NULL;
r2.in.server = r->in.server;
r2.in.account = r->in.account;
@@ -584,7 +585,8 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
*/
NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
struct ldb_context *sam_ctx,
- struct ldb_dn *account_dn, struct ldb_dn *domain_dn,
+ struct ldb_dn *account_dn,
+ struct ldb_dn *domain_dn,
TALLOC_CTX *mem_ctx,
struct ldb_message *msg,
struct samr_CryptPasswordEx *pwbuf)
@@ -627,4 +629,3 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
NULL, NULL);
}
-
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index b786c3f46a..c448b3bb83 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -2132,7 +2132,7 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
uint8_t old_lm_hash[16], new_lm_hash[16];
NTTIME t;
struct samr_DomInfo1 *dominfo = NULL;
- struct samr_ChangeReject *reject = NULL;
+ struct userPwdChangeFailureInformation *reject = NULL;
torture_comment(tctx, "Testing ChangePasswordUser3\n");
@@ -2269,9 +2269,9 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
&& (!null_nttime(last_password_change) || !dominfo->min_password_age)) {
if (dominfo->password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE ) {
- if (reject && (reject->reason != SAMR_REJECT_OTHER)) {
- torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
- SAMR_REJECT_OTHER, reject->reason);
+ if (reject && (reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR)) {
+ torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+ SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false;
}
}
@@ -2288,40 +2288,40 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
if ((dominfo->min_password_age > 0) && !null_nttime(last_password_change) &&
(last_password_change + dominfo->min_password_age > t)) {
- if (reject->reason != SAMR_REJECT_OTHER) {
- torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
- SAMR_REJECT_OTHER, reject->reason);
+ if (reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
+ torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+ SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false;
}
} else if ((dominfo->min_password_length > 0) &&
(strlen(newpass) < dominfo->min_password_length)) {
- if (reject->reason != SAMR_REJECT_TOO_SHORT) {
- torture_warning(tctx, "expected SAMR_REJECT_TOO_SHORT (%d), got %d\n",
- SAMR_REJECT_TOO_SHORT, reject->reason);
+ if (reject->extendedFailureReason != SAM_PWD_CHANGE_PASSWORD_TOO_SHORT) {
+ torture_warning(tctx, "expected SAM_PWD_CHANGE_PASSWORD_TOO_SHORT (%d), got %d\n",
+ SAM_PWD_CHANGE_PASSWORD_TOO_SHORT, reject->extendedFailureReason);
return false;
}
} else if ((dominfo->password_history_length > 0) &&
strequal(oldpass, newpass)) {
- if (reject->reason != SAMR_REJECT_IN_HISTORY) {
- torture_warning(tctx, "expected SAMR_REJECT_IN_HISTORY (%d), got %d\n",
- SAMR_REJECT_IN_HISTORY, reject->reason);
+ if (reject->extendedFailureReason != SAM_PWD_CHANGE_PWD_IN_HISTORY) {
+ torture_warning(tctx, "expected SAM_PWD_CHANGE_PWD_IN_HISTORY (%d), got %d\n",
+ SAM_PWD_CHANGE_PWD_IN_HISTORY, reject->extendedFailureReason);
return false;
}
} else if (dominfo->password_properties & DOMAIN_PASSWORD_COMPLEX) {
- if (reject->reason != SAMR_REJECT_COMPLEXITY) {
- torture_warning(tctx, "expected SAMR_REJECT_COMPLEXITY (%d), got %d\n",
- SAMR_REJECT_COMPLEXITY, reject->reason);
+ if (reject->extendedFailureReason != SAM_PWD_CHANGE_NOT_COMPLEX) {
+ torture_warning(tctx, "expected SAM_PWD_CHANGE_NOT_COMPLEX (%d), got %d\n",
+ SAM_PWD_CHANGE_NOT_COMPLEX, reject->extendedFailureReason);
return false;
}
}
- if (reject->reason == SAMR_REJECT_TOO_SHORT) {
+ if (reject->extendedFailureReason == SAM_PWD_CHANGE_PASSWORD_TOO_SHORT) {
/* retry with adjusted size */
return test_ChangePasswordUser3(p, tctx, account_string,
dominfo->min_password_length,
@@ -2330,9 +2330,9 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
}
} else if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
- if (reject && reject->reason != SAMR_REJECT_OTHER) {
- torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
- SAMR_REJECT_OTHER, reject->reason);
+ if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
+ torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+ SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false;
}
/* Perhaps the server has a 'min password age' set? */
@@ -2369,7 +2369,7 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
uint8_t old_nt_hash[16], new_nt_hash[16];
NTTIME t;
struct samr_DomInfo1 *dominfo = NULL;
- struct samr_ChangeReject *reject = NULL;
+ struct userPwdChangeFailureInformation *reject = NULL;
new_random_pass = samr_very_rand_pass(tctx, 128);
@@ -2444,9 +2444,9 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
- if (reject && reject->reason != SAMR_REJECT_OTHER) {
- torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
- SAMR_REJECT_OTHER, reject->reason);
+ if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
+ torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+ SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false;
}
/* Perhaps the server has a 'min password age' set? */
@@ -2482,9 +2482,9 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
- if (reject && reject->reason != SAMR_REJECT_OTHER) {
- torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
- SAMR_REJECT_OTHER, reject->reason);
+ if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
+ torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+ SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false;
}
/* Perhaps the server has a 'min password age' set? */