summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c81
-rw-r--r--source4/rpc_server/samr/samr_password.c47
2 files changed, 126 insertions, 2 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 1ffda9795b..da89688d8f 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -427,7 +427,7 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO
}
/* check if the group already exists */
- name = samdb_search_string(d_state->sam_ctx, mem_ctx, d_state->domain_dn,
+ name = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
"sAMAccountName",
"(&(sAMAccountName=%s)(objectclass=group))",
groupname);
@@ -573,7 +573,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX
}
/* check if the user already exists */
- name = samdb_search_string(d_state->sam_ctx, mem_ctx, d_state->domain_dn,
+ name = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
"sAMAccountName",
"(&(sAMAccountName=%s)(objectclass=user))", username);
if (name != NULL) {
@@ -1711,6 +1711,40 @@ static NTSTATUS samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
SET_UINT (msg, info21.country_code, "countryCode");
IFSET(SAMR_FIELD_CODE_PAGE)
SET_UINT (msg, info21.code_page, "codePage");
+#undef IFSET
+ break;
+
+ case 23:
+#define IFSET(bit) if (bit & r->in.info->info23.info.fields_present)
+ IFSET(SAMR_FIELD_NAME)
+ SET_STRING(msg, info23.info.full_name.name, "displayName");
+ IFSET(SAMR_FIELD_DESCRIPTION)
+ SET_STRING(msg, info23.info.description.name, "description");
+ IFSET(SAMR_FIELD_COMMENT)
+ SET_STRING(msg, info23.info.comment.name, "comment");
+ IFSET(SAMR_FIELD_LOGON_SCRIPT)
+ SET_STRING(msg, info23.info.logon_script.name, "scriptPath");
+ IFSET(SAMR_FIELD_PROFILE)
+ SET_STRING(msg, info23.info.profile.name, "profilePath");
+ IFSET(SAMR_FIELD_WORKSTATION)
+ SET_STRING(msg, info23.info.workstations.name, "userWorkstations");
+ IFSET(SAMR_FIELD_LOGON_HOURS)
+ SET_LHOURS(msg, info23.info.logon_hours, "logonHours");
+ IFSET(SAMR_FIELD_CALLBACK)
+ SET_STRING(msg, info23.info.callback.name, "userParameters");
+ IFSET(SAMR_FIELD_COUNTRY_CODE)
+ SET_UINT (msg, info23.info.country_code, "countryCode");
+ IFSET(SAMR_FIELD_CODE_PAGE)
+ SET_UINT (msg, info23.info.code_page, "codePage");
+ IFSET(SAMR_FIELD_PASSWORD) {
+ status = samr_set_password(dce_call,
+ a_state->sam_ctx,
+ a_state->account_dn,
+ a_state->domain_state->domain_dn,
+ mem_ctx, msg,
+ &r->in.info->info23.password);
+ }
+#undef IFSET
break;
/* the set password levels are handled separately */
@@ -1722,6 +1756,49 @@ static NTSTATUS samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
mem_ctx, msg,
&r->in.info->info24.password);
break;
+
+ case 25:
+#define IFSET(bit) if (bit & r->in.info->info25.info.fields_present)
+ IFSET(SAMR_FIELD_NAME)
+ SET_STRING(msg, info25.info.full_name.name, "displayName");
+ IFSET(SAMR_FIELD_DESCRIPTION)
+ SET_STRING(msg, info25.info.description.name, "description");
+ IFSET(SAMR_FIELD_COMMENT)
+ SET_STRING(msg, info25.info.comment.name, "comment");
+ IFSET(SAMR_FIELD_LOGON_SCRIPT)
+ SET_STRING(msg, info25.info.logon_script.name, "scriptPath");
+ IFSET(SAMR_FIELD_PROFILE)
+ SET_STRING(msg, info25.info.profile.name, "profilePath");
+ IFSET(SAMR_FIELD_WORKSTATION)
+ SET_STRING(msg, info25.info.workstations.name, "userWorkstations");
+ IFSET(SAMR_FIELD_LOGON_HOURS)
+ SET_LHOURS(msg, info25.info.logon_hours, "logonHours");
+ IFSET(SAMR_FIELD_CALLBACK)
+ SET_STRING(msg, info25.info.callback.name, "userParameters");
+ IFSET(SAMR_FIELD_COUNTRY_CODE)
+ SET_UINT (msg, info25.info.country_code, "countryCode");
+ IFSET(SAMR_FIELD_CODE_PAGE)
+ SET_UINT (msg, info25.info.code_page, "codePage");
+ IFSET(SAMR_FIELD_PASSWORD) {
+ status = samr_set_password_ex(dce_call,
+ a_state->sam_ctx,
+ a_state->account_dn,
+ a_state->domain_state->domain_dn,
+ mem_ctx, msg,
+ &r->in.info->info25.password);
+ }
+#undef IFSET
+ break;
+
+ /* the set password levels are handled separately */
+ case 26:
+ status = samr_set_password_ex(dce_call,
+ a_state->sam_ctx,
+ a_state->account_dn,
+ a_state->domain_state->domain_dn,
+ mem_ctx, msg,
+ &r->in.info->info26.password);
+ break;
default:
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index c912566d09..46c2a41fb2 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -704,3 +704,50 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
NULL);
}
+
+/*
+ set password via a samr_CryptPasswordEx buffer
+ this will in the 'msg' with modify operations that will update the user
+ password when applied
+*/
+NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
+ void *sam_ctx,
+ const char *account_dn, const char *domain_dn,
+ TALLOC_CTX *mem_ctx,
+ struct ldb_message *msg,
+ struct samr_CryptPasswordEx *pwbuf)
+{
+ char new_pass[512];
+ uint32_t new_pass_len;
+ DATA_BLOB co_session_key;
+ DATA_BLOB session_key = dce_call->conn->session_key;
+ struct MD5Context ctx;
+
+ co_session_key = data_blob_talloc(mem_ctx, NULL, 16);
+ if (!co_session_key.data) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ MD5Init(&ctx);
+ MD5Update(&ctx, &pwbuf->data[516], 16);
+ MD5Update(&ctx, session_key.data, session_key.length);
+ MD5Final(co_session_key.data, &ctx);
+
+ SamOEMhashBlob(pwbuf->data, 516, &co_session_key);
+
+ if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
+ &new_pass_len, STR_UNICODE)) {
+ DEBUG(3,("samr: failed to decode password buffer\n"));
+ return NT_STATUS_WRONG_PASSWORD;
+ }
+
+ /* set the password - samdb needs to know both the domain and user DNs,
+ so the domain password policy can be used */
+ return samdb_set_password(sam_ctx, mem_ctx,
+ account_dn, domain_dn,
+ msg, new_pass,
+ NULL, NULL,
+ False,
+ NULL);
+}
+