summaryrefslogtreecommitdiff
path: root/source4/rpc_server/samr
diff options
context:
space:
mode:
Diffstat (limited to 'source4/rpc_server/samr')
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c82
-rw-r--r--source4/rpc_server/samr/samr_password.c39
2 files changed, 70 insertions, 51 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 6dda06a6b8..6c5f5b845f 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -949,7 +949,7 @@ static NTSTATUS dcesrv_samr_SetDomainInfo(struct dcesrv_call_state *dce_call, TA
/* modify the samdb record */
ret = ldb_modify(sam_ctx, msg);
- if (ret != 0) {
+ if (ret != LDB_SUCCESS) {
DEBUG(1,("Failed to modify record %s: %s\n",
ldb_dn_get_linearized(d_state->domain_dn),
ldb_errstring(sam_ctx)));
@@ -1234,7 +1234,7 @@ static NTSTATUS dcesrv_samr_CreateUser2(struct dcesrv_call_state *dce_call, TALL
*/
ret = ldb_transaction_start(d_state->sam_ctx);
- if (ret != 0) {
+ if (ret != LDB_SUCCESS) {
DEBUG(0,("Failed to start a transaction for user creation: %s\n",
ldb_errstring(d_state->sam_ctx)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -1389,7 +1389,7 @@ static NTSTATUS dcesrv_samr_CreateUser2(struct dcesrv_call_state *dce_call, TALL
/* modify the samdb record */
ret = samdb_replace(a_state->sam_ctx, mem_ctx, msg);
- if (ret != 0) {
+ if (ret != LDB_SUCCESS) {
DEBUG(0,("Failed to modify account record %s to set userAccountControl: %s\n",
ldb_dn_get_linearized(msg->dn),
ldb_errstring(d_state->sam_ctx)));
@@ -1400,7 +1400,7 @@ static NTSTATUS dcesrv_samr_CreateUser2(struct dcesrv_call_state *dce_call, TALL
}
ret = ldb_transaction_commit(d_state->sam_ctx);
- if (ret != 0) {
+ if (ret != LDB_SUCCESS) {
DEBUG(0,("Failed to commit transaction to add and modify account record %s: %s\n",
ldb_dn_get_linearized(msg->dn),
ldb_errstring(d_state->sam_ctx)));
@@ -2193,7 +2193,7 @@ static NTSTATUS dcesrv_samr_SetGroupInfo(struct dcesrv_call_state *dce_call, TAL
/* modify the samdb record */
ret = ldb_modify(g_state->sam_ctx, msg);
- if (ret != 0) {
+ if (ret != LDB_SUCCESS) {
/* we really need samdb.c to return NTSTATUS */
return NT_STATUS_UNSUCCESSFUL;
}
@@ -2224,8 +2224,9 @@ static NTSTATUS dcesrv_samr_AddGroupMember(struct dcesrv_call_state *dce_call, T
d_state = a_state->domain_state;
membersid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid);
- if (membersid == NULL)
+ if (membersid == NULL) {
return NT_STATUS_NO_MEMORY;
+ }
/* In native mode, AD can also nest domain groups. Not sure yet
* whether this is also available via RPC. */
@@ -2234,7 +2235,7 @@ static NTSTATUS dcesrv_samr_AddGroupMember(struct dcesrv_call_state *dce_call, T
"(&(objectSid=%s)(objectclass=user))",
ldap_encode_ndr_dom_sid(mem_ctx, membersid));
- if (ret != 0) {
+ if (ret != LDB_SUCCESS) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -2258,9 +2259,11 @@ static NTSTATUS dcesrv_samr_AddGroupMember(struct dcesrv_call_state *dce_call, T
mod->dn = talloc_reference(mem_ctx, a_state->account_dn);
- if (samdb_msg_add_addval(d_state->sam_ctx, mem_ctx, mod, "member",
- memberdn) != 0)
+ ret = samdb_msg_add_addval(d_state->sam_ctx, mem_ctx, mod, "member",
+ memberdn);
+ if (ret != LDB_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
+ }
ret = ldb_modify(a_state->sam_ctx, mod);
switch (ret) {
@@ -2273,7 +2276,6 @@ static NTSTATUS dcesrv_samr_AddGroupMember(struct dcesrv_call_state *dce_call, T
default:
return NT_STATUS_UNSUCCESSFUL;
}
-
}
@@ -2294,7 +2296,7 @@ static NTSTATUS dcesrv_samr_DeleteDomainGroup(struct dcesrv_call_state *dce_call
a_state = h->data;
ret = ldb_delete(a_state->sam_ctx, a_state->account_dn);
- if (ret != 0) {
+ if (ret != LDB_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
}
@@ -2336,7 +2338,7 @@ static NTSTATUS dcesrv_samr_DeleteGroupMember(struct dcesrv_call_state *dce_call
"(&(objectSid=%s)(objectclass=user))",
ldap_encode_ndr_dom_sid(mem_ctx, membersid));
- if (ret != 0) {
+ if (ret != LDB_SUCCESS) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -2360,8 +2362,9 @@ static NTSTATUS dcesrv_samr_DeleteGroupMember(struct dcesrv_call_state *dce_call
mod->dn = talloc_reference(mem_ctx, a_state->account_dn);
- if (samdb_msg_add_delval(d_state->sam_ctx, mem_ctx, mod, "member",
- memberdn) != 0) {
+ ret = samdb_msg_add_delval(d_state->sam_ctx, mem_ctx, mod, "member",
+ memberdn);
+ if (ret != LDB_SUCCESS) {
return NT_STATUS_NO_MEMORY;
}
@@ -2643,7 +2646,7 @@ static NTSTATUS dcesrv_samr_SetAliasInfo(struct dcesrv_call_state *dce_call, TAL
/* modify the samdb record */
ret = ldb_modify(a_state->sam_ctx, msg);
- if (ret != 0) {
+ if (ret != LDB_SUCCESS) {
/* we really need samdb.c to return NTSTATUS */
return NT_STATUS_UNSUCCESSFUL;
}
@@ -2732,12 +2735,15 @@ static NTSTATUS dcesrv_samr_AddAliasMember(struct dcesrv_call_state *dce_call, T
mod->dn = talloc_reference(mem_ctx, a_state->account_dn);
- if (samdb_msg_add_addval(d_state->sam_ctx, mem_ctx, mod, "member",
- ldb_dn_alloc_linearized(mem_ctx, memberdn)) != 0)
+ ret = samdb_msg_add_addval(d_state->sam_ctx, mem_ctx, mod, "member",
+ ldb_dn_alloc_linearized(mem_ctx, memberdn));
+ if (ret != LDB_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
+ }
- if (ldb_modify(a_state->sam_ctx, mod) != 0)
+ if (ldb_modify(a_state->sam_ctx, mod) != LDB_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
+ }
return NT_STATUS_OK;
}
@@ -2754,6 +2760,7 @@ static NTSTATUS dcesrv_samr_DeleteAliasMember(struct dcesrv_call_state *dce_call
struct samr_domain_state *d_state;
struct ldb_message *mod;
const char *memberdn;
+ int ret;
DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS);
@@ -2774,11 +2781,12 @@ static NTSTATUS dcesrv_samr_DeleteAliasMember(struct dcesrv_call_state *dce_call
mod->dn = talloc_reference(mem_ctx, a_state->account_dn);
- if (samdb_msg_add_delval(d_state->sam_ctx, mem_ctx, mod, "member",
- memberdn) != 0)
+ ret = samdb_msg_add_delval(d_state->sam_ctx, mem_ctx, mod, "member",
+ memberdn);
+ if (ret != LDB_SUCCESS)
return NT_STATUS_UNSUCCESSFUL;
- if (ldb_modify(a_state->sam_ctx, mod) != 0)
+ if (ldb_modify(a_state->sam_ctx, mod) != LDB_SUCCESS)
return NT_STATUS_UNSUCCESSFUL;
return NT_STATUS_OK;
@@ -2947,7 +2955,7 @@ static NTSTATUS dcesrv_samr_DeleteUser(struct dcesrv_call_state *dce_call, TALLO
a_state = h->data;
ret = ldb_delete(a_state->sam_ctx, a_state->account_dn);
- if (ret != 0) {
+ if (ret != LDB_SUCCESS) {
DEBUG(1, ("Failed to delete user: %s: %s\n",
ldb_dn_get_linearized(a_state->account_dn),
ldb_errstring(a_state->sam_ctx)));
@@ -3603,14 +3611,16 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL
}
/* modify the samdb record */
- ret = ldb_modify(a_state->sam_ctx, msg);
- if (ret != 0) {
- DEBUG(1,("Failed to modify record %s: %s\n",
- ldb_dn_get_linearized(a_state->account_dn),
- ldb_errstring(a_state->sam_ctx)));
-
- /* we really need samdb.c to return NTSTATUS */
- return NT_STATUS_UNSUCCESSFUL;
+ if (msg->num_elements > 0) {
+ ret = ldb_modify(a_state->sam_ctx, msg);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(1,("Failed to modify record %s: %s\n",
+ ldb_dn_get_linearized(a_state->account_dn),
+ ldb_errstring(a_state->sam_ctx)));
+
+ /* we really need samdb.c to return NTSTATUS */
+ return NT_STATUS_UNSUCCESSFUL;
+ }
}
return NT_STATUS_OK;
@@ -4175,10 +4185,14 @@ static NTSTATUS dcesrv_samr_GetDomPwInfo(struct dcesrv_call_state *dce_call, TAL
ret = gendb_search_dn(sam_ctx,
mem_ctx, NULL, &msgs, attrs);
if (ret <= 0) {
+ talloc_free(sam_ctx);
+
return NT_STATUS_NO_SUCH_DOMAIN;
}
if (ret > 1) {
talloc_free(msgs);
+ talloc_free(sam_ctx);
+
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -4188,8 +4202,8 @@ static NTSTATUS dcesrv_samr_GetDomPwInfo(struct dcesrv_call_state *dce_call, TAL
"pwdProperties", 1);
talloc_free(msgs);
-
talloc_free(sam_ctx);
+
return NT_STATUS_OK;
}
@@ -4342,7 +4356,11 @@ static NTSTATUS dcesrv_samr_SetDsrmPassword(struct dcesrv_call_state *dce_call,
static NTSTATUS dcesrv_samr_ValidatePassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_ValidatePassword *r)
{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+ /* just say it's OK for now - we need to hook this into our
+ password strength code later */
+ DEBUG(0,(__location__ ": Faking samr_ValidatePassword reply\n"));
+ (*r->out.rep) = talloc_zero(mem_ctx, union samr_ValidatePasswordRep);
+ return NT_STATUS_OK;
}
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 450af82895..1e6eb47e86 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -177,8 +177,9 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
/*
samr_OemChangePasswordUser2
*/
-NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct samr_OemChangePasswordUser2 *r)
+NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
+ TALLOC_CTX *mem_ctx,
+ struct samr_OemChangePasswordUser2 *r)
{
NTSTATUS status;
DATA_BLOB new_password, new_unicode_password;
@@ -335,8 +336,8 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
samr_ChangePasswordUser3
*/
NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
- TALLOC_CTX *mem_ctx,
- struct samr_ChangePasswordUser3 *r)
+ TALLOC_CTX *mem_ctx,
+ struct samr_ChangePasswordUser3 *r)
{
NTSTATUS status;
DATA_BLOB new_password;
@@ -348,8 +349,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
struct samr_Password *nt_pwd, *lm_pwd;
DATA_BLOB nt_pwd_blob;
struct samr_DomInfo1 *dominfo = NULL;
- struct samr_ChangeReject *reject = NULL;
- enum samr_RejectReason reason = SAMR_REJECT_OTHER;
+ struct userPwdChangeFailureInformation *reject = NULL;
+ enum samPwdChangeReason reason = SAM_PWD_CHANGE_NO_ERROR;
uint8_t new_nt_hash[16], new_lm_hash[16];
struct samr_Password nt_verifier, lm_verifier;
@@ -465,6 +466,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
true, /* this is a user password change */
&reason,
&dominfo);
+
if (!NT_STATUS_IS_OK(status)) {
goto failed;
}
@@ -494,18 +496,16 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
failed:
ldb_transaction_cancel(sam_ctx);
- talloc_free(sam_ctx);
- reject = talloc(mem_ctx, struct samr_ChangeReject);
- *r->out.dominfo = dominfo;
- *r->out.reject = reject;
+ reject = talloc(mem_ctx, struct userPwdChangeFailureInformation);
+ if (reject != NULL) {
+ ZERO_STRUCTP(reject);
+ reject->extendedFailureReason = reason;
- if (reject == NULL) {
- return status;
+ *r->out.reject = reject;
}
- ZERO_STRUCTP(reject);
- reject->reason = reason;
+ *r->out.dominfo = dominfo;
return status;
}
@@ -516,12 +516,13 @@ failed:
easy - just a subset of samr_ChangePasswordUser3
*/
-NTSTATUS dcesrv_samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct samr_ChangePasswordUser2 *r)
+NTSTATUS dcesrv_samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call,
+ TALLOC_CTX *mem_ctx,
+ struct samr_ChangePasswordUser2 *r)
{
struct samr_ChangePasswordUser3 r2;
struct samr_DomInfo1 *dominfo = NULL;
- struct samr_ChangeReject *reject = NULL;
+ struct userPwdChangeFailureInformation *reject = NULL;
r2.in.server = r->in.server;
r2.in.account = r->in.account;
@@ -584,7 +585,8 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
*/
NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
struct ldb_context *sam_ctx,
- struct ldb_dn *account_dn, struct ldb_dn *domain_dn,
+ struct ldb_dn *account_dn,
+ struct ldb_dn *domain_dn,
TALLOC_CTX *mem_ctx,
struct ldb_message *msg,
struct samr_CryptPasswordEx *pwbuf)
@@ -627,4 +629,3 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
NULL, NULL);
}
-
generated by cgit (git 2.34.1) at 2024-09-01 16:01:10 +0000