diff options
Diffstat (limited to 'source4/rpc_server/samr')
| -rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 12 | ||||
| -rw-r--r-- | source4/rpc_server/samr/samr_password.c | 105 |
2 files changed, 21 insertions, 96 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index e2890f7ad7..5775b1410f 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -3562,14 +3562,14 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL a_state->sam_ctx, a_state->account_dn, a_state->domain_state->domain_dn, - mem_ctx, msg, + mem_ctx, &r->in.info->info23.password); } else IFSET(SAMR_FIELD_LM_PASSWORD_PRESENT) { status = samr_set_password(dce_call, a_state->sam_ctx, a_state->account_dn, a_state->domain_state->domain_dn, - mem_ctx, msg, + mem_ctx, &r->in.info->info23.password); } #undef IFSET @@ -3581,7 +3581,7 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL a_state->sam_ctx, a_state->account_dn, a_state->domain_state->domain_dn, - mem_ctx, msg, + mem_ctx, &r->in.info->info24.password); break; @@ -3625,14 +3625,14 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL a_state->sam_ctx, a_state->account_dn, a_state->domain_state->domain_dn, - mem_ctx, msg, + mem_ctx, &r->in.info->info25.password); } else IFSET(SAMR_FIELD_LM_PASSWORD_PRESENT) { status = samr_set_password_ex(dce_call, a_state->sam_ctx, a_state->account_dn, a_state->domain_state->domain_dn, - mem_ctx, msg, + mem_ctx, &r->in.info->info25.password); } #undef IFSET @@ -3644,7 +3644,7 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL a_state->sam_ctx, a_state->account_dn, a_state->domain_state->domain_dn, - mem_ctx, msg, + mem_ctx, &r->in.info->info26.password); break; diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index 1a09283ea6..288df91b09 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -40,7 +40,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, struct dcesrv_handle *h; struct samr_account_state *a_state; struct ldb_context *sam_ctx; - struct ldb_message **res, *msg; + struct ldb_message **res; int ret; struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash; struct samr_Password *lm_pwd, *nt_pwd; @@ -79,10 +79,10 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, ldb_transaction_cancel(sam_ctx); return NT_STATUS_WRONG_PASSWORD; } - msg = res[0]; - status = samdb_result_passwords(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, - msg, &lm_pwd, &nt_pwd); + status = samdb_result_passwords(mem_ctx, + dce_call->conn->dce_ctx->lp_ctx, + res[0], &lm_pwd, &nt_pwd); if (!NT_STATUS_IS_OK(status) || !nt_pwd) { ldb_transaction_cancel(sam_ctx); return NT_STATUS_WRONG_PASSWORD; @@ -126,23 +126,12 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, } } - msg = ldb_msg_new(mem_ctx); - if (msg == NULL) { - ldb_transaction_cancel(sam_ctx); - return NT_STATUS_NO_MEMORY; - } - - msg->dn = ldb_dn_copy(msg, a_state->account_dn); - if (!msg->dn) { - ldb_transaction_cancel(sam_ctx); - return NT_STATUS_NO_MEMORY; - } - /* setup password modify mods on the user DN specified. This may fail * due to password policies. */ status = samdb_set_password(sam_ctx, mem_ctx, - a_state->account_dn, a_state->domain_state->domain_dn, - msg, NULL, &new_lmPwdHash, &new_ntPwdHash, + a_state->account_dn, + a_state->domain_state->domain_dn, + NULL, &new_lmPwdHash, &new_ntPwdHash, true, /* this is a user password change */ NULL, NULL); @@ -151,17 +140,6 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, return status; } - /* The above call only setup the modifications, this actually - * makes the write to the database. */ - ret = dsdb_replace(sam_ctx, msg, 0); - if (ret != LDB_SUCCESS) { - DEBUG(2,("Failed to modify record to change password on %s: %s\n", - ldb_dn_get_linearized(a_state->account_dn), - ldb_errstring(sam_ctx))); - ldb_transaction_cancel(sam_ctx); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - /* And this confirms it in a transaction commit */ ret = ldb_transaction_commit(sam_ctx); if (ret != LDB_SUCCESS) { @@ -188,7 +166,7 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, struct ldb_context *sam_ctx; struct ldb_dn *user_dn; int ret; - struct ldb_message **res, *mod; + struct ldb_message **res; const char * const attrs[] = { "objectSid", "dBCSPwd", NULL }; struct samr_Password *lm_pwd; DATA_BLOB lm_pwd_blob; @@ -282,23 +260,11 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, return NT_STATUS_WRONG_PASSWORD; } - mod = ldb_msg_new(mem_ctx); - if (mod == NULL) { - ldb_transaction_cancel(sam_ctx); - return NT_STATUS_NO_MEMORY; - } - - mod->dn = ldb_dn_copy(mod, user_dn); - if (!mod->dn) { - ldb_transaction_cancel(sam_ctx); - return NT_STATUS_NO_MEMORY; - } - /* set the password on the user DN specified. This may fail * due to password policies */ status = samdb_set_password(sam_ctx, mem_ctx, user_dn, NULL, - mod, &new_unicode_password, + &new_unicode_password, NULL, NULL, true, /* this is a user password change */ NULL, @@ -308,17 +274,6 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, return status; } - /* The above call only setup the modifications, this actually - * makes the write to the database. */ - ret = dsdb_replace(sam_ctx, mod, 0); - if (ret != LDB_SUCCESS) { - DEBUG(2,("Failed to modify record to change password on %s: %s\n", - ldb_dn_get_linearized(user_dn), - ldb_errstring(sam_ctx))); - ldb_transaction_cancel(sam_ctx); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - /* And this confirms it in a transaction commit */ ret = ldb_transaction_commit(sam_ctx); if (ret != LDB_SUCCESS) { @@ -344,7 +299,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, struct ldb_context *sam_ctx = NULL; struct ldb_dn *user_dn; int ret; - struct ldb_message **res, *mod; + struct ldb_message **res; const char * const attrs[] = { "unicodePwd", "dBCSPwd", NULL }; struct samr_Password *nt_pwd, *lm_pwd; DATA_BLOB nt_pwd_blob; @@ -445,23 +400,11 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, } } - mod = ldb_msg_new(mem_ctx); - if (mod == NULL) { - status = NT_STATUS_NO_MEMORY; - goto failed; - } - - mod->dn = ldb_dn_copy(mod, user_dn); - if (!mod->dn) { - status = NT_STATUS_NO_MEMORY; - goto failed; - } - /* set the password on the user DN specified. This may fail * due to password policies */ status = samdb_set_password(sam_ctx, mem_ctx, user_dn, NULL, - mod, &new_password, + &new_password, NULL, NULL, true, /* this is a user password change */ &reason, @@ -471,17 +414,6 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, goto failed; } - /* The above call only setup the modifications, this actually - * makes the write to the database. */ - ret = dsdb_replace(sam_ctx, mod, 0); - if (ret != LDB_SUCCESS) { - DEBUG(2,("dsdb_replace failed to change password for %s: %s\n", - ldb_dn_get_linearized(user_dn), - ldb_errstring(sam_ctx))); - status = NT_STATUS_UNSUCCESSFUL; - goto failed; - } - /* And this confirms it in a transaction commit */ ret = ldb_transaction_commit(sam_ctx); if (ret != LDB_SUCCESS) { @@ -497,9 +429,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, failed: ldb_transaction_cancel(sam_ctx); - reject = talloc(mem_ctx, struct userPwdChangeFailureInformation); + reject = talloc_zero(mem_ctx, struct userPwdChangeFailureInformation); if (reject != NULL) { - ZERO_STRUCTP(reject); reject->extendedFailureReason = reason; *r->out.reject = reject; @@ -541,14 +472,11 @@ NTSTATUS dcesrv_samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call, /* set password via a samr_CryptPassword buffer - this will in the 'msg' with modify operations that will update the user - password when applied */ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call, - void *sam_ctx, + struct ldb_context *sam_ctx, struct ldb_dn *account_dn, struct ldb_dn *domain_dn, TALLOC_CTX *mem_ctx, - struct ldb_message *msg, struct samr_CryptPassword *pwbuf) { NTSTATUS nt_status; @@ -571,7 +499,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call, so the domain password policy can be used */ return samdb_set_password(sam_ctx, mem_ctx, account_dn, domain_dn, - msg, &new_password, + &new_password, NULL, NULL, false, /* This is a password set, not change */ NULL, NULL); @@ -580,15 +508,12 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call, /* set password via a samr_CryptPasswordEx buffer - this will in the 'msg' with modify operations that will update the user - password when applied */ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call, struct ldb_context *sam_ctx, struct ldb_dn *account_dn, struct ldb_dn *domain_dn, TALLOC_CTX *mem_ctx, - struct ldb_message *msg, struct samr_CryptPasswordEx *pwbuf) { NTSTATUS nt_status; @@ -623,7 +548,7 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call, so the domain password policy can be used */ return samdb_set_password(sam_ctx, mem_ctx, account_dn, domain_dn, - msg, &new_password, + &new_password, NULL, NULL, false, /* This is a password set, not change */ NULL, NULL); |