summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_samr_nt.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server/srv_samr_nt.c')
-rw-r--r--source3/rpc_server/srv_samr_nt.c120
1 files changed, 71 insertions, 49 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index dcbd0963c4..c60d904b18 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -3636,12 +3636,7 @@ static NTSTATUS set_user_info_18(struct samr_UserInfo18 *id18,
pdb_set_pass_last_set_time(pwd, time(NULL), PDB_CHANGED);
}
- if (id18->password_expired) {
- pdb_set_pass_last_set_time(pwd, 0, PDB_CHANGED);
- } else {
- /* FIXME */
- pdb_set_pass_last_set_time(pwd, time(NULL), PDB_CHANGED);
- }
+ copy_id18_to_sam_passwd(pwd, id18);
return pdb_update_sam_account(pwd);
}
@@ -3848,23 +3843,16 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx,
set_user_info_pw
********************************************************************/
-static bool set_user_info_pw(uint8 *pass, struct samu *pwd,
- int level)
+static bool set_user_info_pw(uint8 *pass, struct samu *pwd)
{
uint32 len = 0;
char *plaintext_buf = NULL;
uint32 acct_ctrl;
- time_t last_set_time;
- enum pdb_value_state last_set_state;
DEBUG(5, ("Attempting administrator password change for user %s\n",
pdb_get_username(pwd)));
acct_ctrl = pdb_get_acct_ctrl(pwd);
- /* we need to know if it's expired, because this is an admin change, not a
- user change, so it's still expired when we're done */
- last_set_state = pdb_get_init_flags(pwd, PDB_PASSLASTSET);
- last_set_time = pdb_get_pass_last_set_time(pwd);
if (!decode_pw_buffer(talloc_tos(),
pass,
@@ -3907,29 +3895,38 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd,
memset(plaintext_buf, '\0', strlen(plaintext_buf));
- /*
- * A level 25 change does reset the pwdlastset field, a level 24
- * change does not. I know this is probably not the full story, but
- * it is needed to make XP join LDAP correctly, without it the later
- * auth2 check can fail with PWD_MUST_CHANGE.
- */
- if (level != 25) {
- /*
- * restore last set time as this is an admin change, not a
- * user pw change
- */
- pdb_set_pass_last_set_time (pwd, last_set_time,
- last_set_state);
+ DEBUG(5,("set_user_info_pw: pdb_update_pwd()\n"));
+
+ return True;
+}
+
+/*******************************************************************
+ set_user_info_24
+ ********************************************************************/
+
+static NTSTATUS set_user_info_24(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo24 *id24,
+ struct samu *pwd)
+{
+ NTSTATUS status;
+
+ if (id24 == NULL) {
+ DEBUG(5, ("set_user_info_24: NULL id24\n"));
+ return NT_STATUS_INVALID_PARAMETER;
}
- DEBUG(5,("set_user_info_pw: pdb_update_pwd()\n"));
+ if (!set_user_info_pw(id24->password.data, pwd)) {
+ return NT_STATUS_WRONG_PASSWORD;
+ }
- /* update the SAMBA password */
- if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) {
- return False;
+ copy_id24_to_sam_passwd(pwd, id24);
+
+ status = pdb_update_sam_account(pwd);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- return True;
+ return NT_STATUS_OK;
}
/*******************************************************************
@@ -3955,6 +3952,14 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx,
return NT_STATUS_ACCESS_DENIED;
}
+ if ((id25->info.fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
+ (id25->info.fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT)) {
+
+ if (!set_user_info_pw(id25->password.data, pwd)) {
+ return NT_STATUS_WRONG_PASSWORD;
+ }
+ }
+
copy_id25_to_sam_passwd(pwd, id25);
/* write the change out */
@@ -3981,6 +3986,36 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx,
}
/*******************************************************************
+ set_user_info_26
+ ********************************************************************/
+
+static NTSTATUS set_user_info_26(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo26 *id26,
+ struct samu *pwd)
+{
+ NTSTATUS status;
+
+ if (id26 == NULL) {
+ DEBUG(5, ("set_user_info_26: NULL id26\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (!set_user_info_pw(id26->password.data, pwd)) {
+ return NT_STATUS_WRONG_PASSWORD;
+ }
+
+ copy_id26_to_sam_passwd(pwd, id26);
+
+ status = pdb_update_sam_account(pwd);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+
+/*******************************************************************
samr_SetUserInfo
********************************************************************/
@@ -4139,10 +4174,8 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p,
dump_data(100, info->info24.password.data, 516);
- if (!set_user_info_pw(info->info24.password.data, pwd,
- switch_value)) {
- status = NT_STATUS_WRONG_PASSWORD;
- }
+ status = set_user_info_24(p->mem_ctx,
+ &info->info24, pwd);
break;
case 25:
@@ -4157,13 +4190,6 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p,
status = set_user_info_25(p->mem_ctx,
&info->info25, pwd);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
- if (!set_user_info_pw(info->info25.password.data, pwd,
- switch_value)) {
- status = NT_STATUS_WRONG_PASSWORD;
- }
break;
case 26:
@@ -4176,18 +4202,14 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p,
dump_data(100, info->info26.password.data, 516);
- if (!set_user_info_pw(info->info26.password.data, pwd,
- switch_value)) {
- status = NT_STATUS_WRONG_PASSWORD;
- }
+ status = set_user_info_26(p->mem_ctx,
+ &info->info26, pwd);
break;
default:
status = NT_STATUS_INVALID_INFO_CLASS;
}
- done:
-
TALLOC_FREE(pwd);
if (has_enough_rights) {