diff options
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 38 | ||||
-rw-r--r-- | source4/rpc_server/samr/samdb.c | 20 |
2 files changed, 27 insertions, 31 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 4d68212073..d1f3f8e028 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -1191,7 +1191,7 @@ static NTSTATUS samr_SetGroupInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX struct dcesrv_handle *h; struct samr_account_state *a_state; struct ldb_message mod, *msg = &mod; - int i, ret; + int ret; DCESRV_PULL_HANDLE(h, r->in.handle, SAMR_HANDLE_GROUP); @@ -1219,13 +1219,8 @@ static NTSTATUS samr_SetGroupInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX return NT_STATUS_INVALID_INFO_CLASS; } - /* mark all the message elements as LDB_FLAG_MOD_REPLACE */ - for (i=0;i<mod.num_elements;i++) { - mod.elements[i].flags = LDB_FLAG_MOD_REPLACE; - } - /* modify the samdb record */ - ret = samdb_modify(a_state->sam_ctx, mem_ctx, &mod); + ret = samdb_replace(a_state->sam_ctx, mem_ctx, &mod); if (ret != 0) { /* we really need samdb.c to return NTSTATUS */ return NT_STATUS_UNSUCCESSFUL; @@ -1707,7 +1702,7 @@ static NTSTATUS samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX struct dcesrv_handle *h; struct samr_account_state *a_state; struct ldb_message mod, *msg = &mod; - int i, ret; + int ret; NTSTATUS status = NT_STATUS_OK; DCESRV_PULL_HANDLE(h, r->in.handle, SAMR_HANDLE_USER); @@ -1812,16 +1807,8 @@ static NTSTATUS samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX return status; } - /* mark all the message elements as LDB_FLAG_MOD_REPLACE, - unless they are already marked with some other flag */ - for (i=0;i<mod.num_elements;i++) { - if (mod.elements[i].flags == 0) { - mod.elements[i].flags = LDB_FLAG_MOD_REPLACE; - } - } - /* modify the samdb record */ - ret = samdb_modify(a_state->sam_ctx, mem_ctx, msg); + ret = samdb_replace(a_state->sam_ctx, mem_ctx, msg); if (ret != 0) { /* we really need samdb.c to return NTSTATUS */ return NT_STATUS_UNSUCCESSFUL; @@ -1840,7 +1827,7 @@ static NTSTATUS samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALL struct dcesrv_handle *h; struct samr_account_state *a_state; struct ldb_message **res, mod, *msg; - int i, ret; + int ret; struct samr_Hash *lmPwdHash=NULL, *ntPwdHash=NULL; struct samr_Hash new_lmPwdHash, new_ntPwdHash, checkHash; NTSTATUS status = NT_STATUS_OK; @@ -1921,12 +1908,8 @@ static NTSTATUS samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALL return status; } - for (i=0;i<mod.num_elements;i++) { - mod.elements[i].flags = LDB_FLAG_MOD_REPLACE; - } - /* modify the samdb record */ - ret = samdb_modify(a_state->sam_ctx, mem_ctx, &mod); + ret = samdb_replace(a_state->sam_ctx, mem_ctx, &mod); if (ret != 0) { return NT_STATUS_UNSUCCESSFUL; } @@ -1946,7 +1929,7 @@ static NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, struct samr_CryptPassword *pwbuf = r->in.password; void *sam_ctx; const char *user_dn, *domain_dn; - int ret, i; + int ret; struct ldb_message **res, mod; const char * const attrs[] = { "objectSid", "lmPwdHash", NULL }; const char *domain_sid; @@ -2027,13 +2010,8 @@ static NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, return status; } - /* mark all the message elements as LDB_FLAG_MOD_REPLACE */ - for (i=0;i<mod.num_elements;i++) { - mod.elements[i].flags = LDB_FLAG_MOD_REPLACE; - } - /* modify the samdb record */ - ret = samdb_modify(sam_ctx, mem_ctx, &mod); + ret = samdb_replace(sam_ctx, mem_ctx, &mod); if (ret != 0) { samdb_close(sam_ctx); return NT_STATUS_UNSUCCESSFUL; diff --git a/source4/rpc_server/samr/samdb.c b/source4/rpc_server/samr/samdb.c index c9d7d601b2..a0591af451 100644 --- a/source4/rpc_server/samr/samdb.c +++ b/source4/rpc_server/samr/samdb.c @@ -705,7 +705,9 @@ int samdb_msg_add_delete(void *ctx, TALLOC_CTX *mem_ctx, struct ldb_message *msg return -1; } ldb_set_alloc(sam_ctx->ldb, samdb_alloc, mem_ctx); - return ldb_msg_add_empty(sam_ctx->ldb, msg, a, LDB_FLAG_MOD_DELETE); + /* we use an empty replace rather than a delete, as it allows for + samdb_replace() to be used everywhere */ + return ldb_msg_add_empty(sam_ctx->ldb, msg, a, LDB_FLAG_MOD_REPLACE); } /* @@ -855,6 +857,22 @@ int samdb_modify(void *ctx, TALLOC_CTX *mem_ctx, struct ldb_message *msg) } /* + replace elements in a record +*/ +int samdb_replace(void *ctx, TALLOC_CTX *mem_ctx, struct ldb_message *msg) +{ + int i; + + /* mark all the message elements as LDB_FLAG_MOD_REPLACE */ + for (i=0;i<msg->num_elements;i++) { + msg->elements[i].flags = LDB_FLAG_MOD_REPLACE; + } + + /* modify the samdb record */ + return samdb_modify(ctx, mem_ctx, msg); +} + +/* check that a password is sufficiently complex */ static BOOL samdb_password_complexity_ok(const char *pass) |