summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c38
-rw-r--r--source4/rpc_server/samr/samdb.c20
2 files changed, 27 insertions, 31 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 4d68212073..d1f3f8e028 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -1191,7 +1191,7 @@ static NTSTATUS samr_SetGroupInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
struct dcesrv_handle *h;
struct samr_account_state *a_state;
struct ldb_message mod, *msg = &mod;
- int i, ret;
+ int ret;
DCESRV_PULL_HANDLE(h, r->in.handle, SAMR_HANDLE_GROUP);
@@ -1219,13 +1219,8 @@ static NTSTATUS samr_SetGroupInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
return NT_STATUS_INVALID_INFO_CLASS;
}
- /* mark all the message elements as LDB_FLAG_MOD_REPLACE */
- for (i=0;i<mod.num_elements;i++) {
- mod.elements[i].flags = LDB_FLAG_MOD_REPLACE;
- }
-
/* modify the samdb record */
- ret = samdb_modify(a_state->sam_ctx, mem_ctx, &mod);
+ ret = samdb_replace(a_state->sam_ctx, mem_ctx, &mod);
if (ret != 0) {
/* we really need samdb.c to return NTSTATUS */
return NT_STATUS_UNSUCCESSFUL;
@@ -1707,7 +1702,7 @@ static NTSTATUS samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
struct dcesrv_handle *h;
struct samr_account_state *a_state;
struct ldb_message mod, *msg = &mod;
- int i, ret;
+ int ret;
NTSTATUS status = NT_STATUS_OK;
DCESRV_PULL_HANDLE(h, r->in.handle, SAMR_HANDLE_USER);
@@ -1812,16 +1807,8 @@ static NTSTATUS samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
return status;
}
- /* mark all the message elements as LDB_FLAG_MOD_REPLACE,
- unless they are already marked with some other flag */
- for (i=0;i<mod.num_elements;i++) {
- if (mod.elements[i].flags == 0) {
- mod.elements[i].flags = LDB_FLAG_MOD_REPLACE;
- }
- }
-
/* modify the samdb record */
- ret = samdb_modify(a_state->sam_ctx, mem_ctx, msg);
+ ret = samdb_replace(a_state->sam_ctx, mem_ctx, msg);
if (ret != 0) {
/* we really need samdb.c to return NTSTATUS */
return NT_STATUS_UNSUCCESSFUL;
@@ -1840,7 +1827,7 @@ static NTSTATUS samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALL
struct dcesrv_handle *h;
struct samr_account_state *a_state;
struct ldb_message **res, mod, *msg;
- int i, ret;
+ int ret;
struct samr_Hash *lmPwdHash=NULL, *ntPwdHash=NULL;
struct samr_Hash new_lmPwdHash, new_ntPwdHash, checkHash;
NTSTATUS status = NT_STATUS_OK;
@@ -1921,12 +1908,8 @@ static NTSTATUS samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALL
return status;
}
- for (i=0;i<mod.num_elements;i++) {
- mod.elements[i].flags = LDB_FLAG_MOD_REPLACE;
- }
-
/* modify the samdb record */
- ret = samdb_modify(a_state->sam_ctx, mem_ctx, &mod);
+ ret = samdb_replace(a_state->sam_ctx, mem_ctx, &mod);
if (ret != 0) {
return NT_STATUS_UNSUCCESSFUL;
}
@@ -1946,7 +1929,7 @@ static NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
struct samr_CryptPassword *pwbuf = r->in.password;
void *sam_ctx;
const char *user_dn, *domain_dn;
- int ret, i;
+ int ret;
struct ldb_message **res, mod;
const char * const attrs[] = { "objectSid", "lmPwdHash", NULL };
const char *domain_sid;
@@ -2027,13 +2010,8 @@ static NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
return status;
}
- /* mark all the message elements as LDB_FLAG_MOD_REPLACE */
- for (i=0;i<mod.num_elements;i++) {
- mod.elements[i].flags = LDB_FLAG_MOD_REPLACE;
- }
-
/* modify the samdb record */
- ret = samdb_modify(sam_ctx, mem_ctx, &mod);
+ ret = samdb_replace(sam_ctx, mem_ctx, &mod);
if (ret != 0) {
samdb_close(sam_ctx);
return NT_STATUS_UNSUCCESSFUL;
diff --git a/source4/rpc_server/samr/samdb.c b/source4/rpc_server/samr/samdb.c
index c9d7d601b2..a0591af451 100644
--- a/source4/rpc_server/samr/samdb.c
+++ b/source4/rpc_server/samr/samdb.c
@@ -705,7 +705,9 @@ int samdb_msg_add_delete(void *ctx, TALLOC_CTX *mem_ctx, struct ldb_message *msg
return -1;
}
ldb_set_alloc(sam_ctx->ldb, samdb_alloc, mem_ctx);
- return ldb_msg_add_empty(sam_ctx->ldb, msg, a, LDB_FLAG_MOD_DELETE);
+ /* we use an empty replace rather than a delete, as it allows for
+ samdb_replace() to be used everywhere */
+ return ldb_msg_add_empty(sam_ctx->ldb, msg, a, LDB_FLAG_MOD_REPLACE);
}
/*
@@ -855,6 +857,22 @@ int samdb_modify(void *ctx, TALLOC_CTX *mem_ctx, struct ldb_message *msg)
}
/*
+ replace elements in a record
+*/
+int samdb_replace(void *ctx, TALLOC_CTX *mem_ctx, struct ldb_message *msg)
+{
+ int i;
+
+ /* mark all the message elements as LDB_FLAG_MOD_REPLACE */
+ for (i=0;i<msg->num_elements;i++) {
+ msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+ }
+
+ /* modify the samdb record */
+ return samdb_modify(ctx, mem_ctx, msg);
+}
+
+/*
check that a password is sufficiently complex
*/
static BOOL samdb_password_complexity_ok(const char *pass)