diff options
| -rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 81 | ||||
| -rw-r--r-- | source4/rpc_server/samr/samr_password.c | 47 |
2 files changed, 126 insertions, 2 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 1ffda9795b..da89688d8f 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -427,7 +427,7 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO } /* check if the group already exists */ - name = samdb_search_string(d_state->sam_ctx, mem_ctx, d_state->domain_dn, + name = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL, "sAMAccountName", "(&(sAMAccountName=%s)(objectclass=group))", groupname); @@ -573,7 +573,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX } /* check if the user already exists */ - name = samdb_search_string(d_state->sam_ctx, mem_ctx, d_state->domain_dn, + name = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL, "sAMAccountName", "(&(sAMAccountName=%s)(objectclass=user))", username); if (name != NULL) { @@ -1711,6 +1711,40 @@ static NTSTATUS samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX SET_UINT (msg, info21.country_code, "countryCode"); IFSET(SAMR_FIELD_CODE_PAGE) SET_UINT (msg, info21.code_page, "codePage"); +#undef IFSET + break; + + case 23: +#define IFSET(bit) if (bit & r->in.info->info23.info.fields_present) + IFSET(SAMR_FIELD_NAME) + SET_STRING(msg, info23.info.full_name.name, "displayName"); + IFSET(SAMR_FIELD_DESCRIPTION) + SET_STRING(msg, info23.info.description.name, "description"); + IFSET(SAMR_FIELD_COMMENT) + SET_STRING(msg, info23.info.comment.name, "comment"); + IFSET(SAMR_FIELD_LOGON_SCRIPT) + SET_STRING(msg, info23.info.logon_script.name, "scriptPath"); + IFSET(SAMR_FIELD_PROFILE) + SET_STRING(msg, info23.info.profile.name, "profilePath"); + IFSET(SAMR_FIELD_WORKSTATION) + SET_STRING(msg, info23.info.workstations.name, "userWorkstations"); + IFSET(SAMR_FIELD_LOGON_HOURS) + SET_LHOURS(msg, info23.info.logon_hours, "logonHours"); + IFSET(SAMR_FIELD_CALLBACK) + SET_STRING(msg, info23.info.callback.name, "userParameters"); + IFSET(SAMR_FIELD_COUNTRY_CODE) + SET_UINT (msg, info23.info.country_code, "countryCode"); + IFSET(SAMR_FIELD_CODE_PAGE) + SET_UINT (msg, info23.info.code_page, "codePage"); + IFSET(SAMR_FIELD_PASSWORD) { + status = samr_set_password(dce_call, + a_state->sam_ctx, + a_state->account_dn, + a_state->domain_state->domain_dn, + mem_ctx, msg, + &r->in.info->info23.password); + } +#undef IFSET break; /* the set password levels are handled separately */ @@ -1722,6 +1756,49 @@ static NTSTATUS samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX mem_ctx, msg, &r->in.info->info24.password); break; + + case 25: +#define IFSET(bit) if (bit & r->in.info->info25.info.fields_present) + IFSET(SAMR_FIELD_NAME) + SET_STRING(msg, info25.info.full_name.name, "displayName"); + IFSET(SAMR_FIELD_DESCRIPTION) + SET_STRING(msg, info25.info.description.name, "description"); + IFSET(SAMR_FIELD_COMMENT) + SET_STRING(msg, info25.info.comment.name, "comment"); + IFSET(SAMR_FIELD_LOGON_SCRIPT) + SET_STRING(msg, info25.info.logon_script.name, "scriptPath"); + IFSET(SAMR_FIELD_PROFILE) + SET_STRING(msg, info25.info.profile.name, "profilePath"); + IFSET(SAMR_FIELD_WORKSTATION) + SET_STRING(msg, info25.info.workstations.name, "userWorkstations"); + IFSET(SAMR_FIELD_LOGON_HOURS) + SET_LHOURS(msg, info25.info.logon_hours, "logonHours"); + IFSET(SAMR_FIELD_CALLBACK) + SET_STRING(msg, info25.info.callback.name, "userParameters"); + IFSET(SAMR_FIELD_COUNTRY_CODE) + SET_UINT (msg, info25.info.country_code, "countryCode"); + IFSET(SAMR_FIELD_CODE_PAGE) + SET_UINT (msg, info25.info.code_page, "codePage"); + IFSET(SAMR_FIELD_PASSWORD) { + status = samr_set_password_ex(dce_call, + a_state->sam_ctx, + a_state->account_dn, + a_state->domain_state->domain_dn, + mem_ctx, msg, + &r->in.info->info25.password); + } +#undef IFSET + break; + + /* the set password levels are handled separately */ + case 26: + status = samr_set_password_ex(dce_call, + a_state->sam_ctx, + a_state->account_dn, + a_state->domain_state->domain_dn, + mem_ctx, msg, + &r->in.info->info26.password); + break; default: diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index c912566d09..46c2a41fb2 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -704,3 +704,50 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call, NULL); } + +/* + set password via a samr_CryptPasswordEx buffer + this will in the 'msg' with modify operations that will update the user + password when applied +*/ +NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call, + void *sam_ctx, + const char *account_dn, const char *domain_dn, + TALLOC_CTX *mem_ctx, + struct ldb_message *msg, + struct samr_CryptPasswordEx *pwbuf) +{ + char new_pass[512]; + uint32_t new_pass_len; + DATA_BLOB co_session_key; + DATA_BLOB session_key = dce_call->conn->session_key; + struct MD5Context ctx; + + co_session_key = data_blob_talloc(mem_ctx, NULL, 16); + if (!co_session_key.data) { + return NT_STATUS_NO_MEMORY; + } + + MD5Init(&ctx); + MD5Update(&ctx, &pwbuf->data[516], 16); + MD5Update(&ctx, session_key.data, session_key.length); + MD5Final(co_session_key.data, &ctx); + + SamOEMhashBlob(pwbuf->data, 516, &co_session_key); + + if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass), + &new_pass_len, STR_UNICODE)) { + DEBUG(3,("samr: failed to decode password buffer\n")); + return NT_STATUS_WRONG_PASSWORD; + } + + /* set the password - samdb needs to know both the domain and user DNs, + so the domain password policy can be used */ + return samdb_set_password(sam_ctx, mem_ctx, + account_dn, domain_dn, + msg, new_pass, + NULL, NULL, + False, + NULL); +} + |