summaryrefslogtreecommitdiff
path: root/source4/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source4/rpc_server')
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c12
-rw-r--r--source4/rpc_server/samr/samr_password.c105
2 files changed, 21 insertions, 96 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index e2890f7ad7..5775b1410f 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -3562,14 +3562,14 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL
a_state->sam_ctx,
a_state->account_dn,
a_state->domain_state->domain_dn,
- mem_ctx, msg,
+ mem_ctx,
&r->in.info->info23.password);
} else IFSET(SAMR_FIELD_LM_PASSWORD_PRESENT) {
status = samr_set_password(dce_call,
a_state->sam_ctx,
a_state->account_dn,
a_state->domain_state->domain_dn,
- mem_ctx, msg,
+ mem_ctx,
&r->in.info->info23.password);
}
#undef IFSET
@@ -3581,7 +3581,7 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL
a_state->sam_ctx,
a_state->account_dn,
a_state->domain_state->domain_dn,
- mem_ctx, msg,
+ mem_ctx,
&r->in.info->info24.password);
break;
@@ -3625,14 +3625,14 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL
a_state->sam_ctx,
a_state->account_dn,
a_state->domain_state->domain_dn,
- mem_ctx, msg,
+ mem_ctx,
&r->in.info->info25.password);
} else IFSET(SAMR_FIELD_LM_PASSWORD_PRESENT) {
status = samr_set_password_ex(dce_call,
a_state->sam_ctx,
a_state->account_dn,
a_state->domain_state->domain_dn,
- mem_ctx, msg,
+ mem_ctx,
&r->in.info->info25.password);
}
#undef IFSET
@@ -3644,7 +3644,7 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL
a_state->sam_ctx,
a_state->account_dn,
a_state->domain_state->domain_dn,
- mem_ctx, msg,
+ mem_ctx,
&r->in.info->info26.password);
break;
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 1a09283ea6..288df91b09 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -40,7 +40,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
struct dcesrv_handle *h;
struct samr_account_state *a_state;
struct ldb_context *sam_ctx;
- struct ldb_message **res, *msg;
+ struct ldb_message **res;
int ret;
struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash;
struct samr_Password *lm_pwd, *nt_pwd;
@@ -79,10 +79,10 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
ldb_transaction_cancel(sam_ctx);
return NT_STATUS_WRONG_PASSWORD;
}
- msg = res[0];
- status = samdb_result_passwords(mem_ctx, dce_call->conn->dce_ctx->lp_ctx,
- msg, &lm_pwd, &nt_pwd);
+ status = samdb_result_passwords(mem_ctx,
+ dce_call->conn->dce_ctx->lp_ctx,
+ res[0], &lm_pwd, &nt_pwd);
if (!NT_STATUS_IS_OK(status) || !nt_pwd) {
ldb_transaction_cancel(sam_ctx);
return NT_STATUS_WRONG_PASSWORD;
@@ -126,23 +126,12 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
}
}
- msg = ldb_msg_new(mem_ctx);
- if (msg == NULL) {
- ldb_transaction_cancel(sam_ctx);
- return NT_STATUS_NO_MEMORY;
- }
-
- msg->dn = ldb_dn_copy(msg, a_state->account_dn);
- if (!msg->dn) {
- ldb_transaction_cancel(sam_ctx);
- return NT_STATUS_NO_MEMORY;
- }
-
/* setup password modify mods on the user DN specified. This may fail
* due to password policies. */
status = samdb_set_password(sam_ctx, mem_ctx,
- a_state->account_dn, a_state->domain_state->domain_dn,
- msg, NULL, &new_lmPwdHash, &new_ntPwdHash,
+ a_state->account_dn,
+ a_state->domain_state->domain_dn,
+ NULL, &new_lmPwdHash, &new_ntPwdHash,
true, /* this is a user password change */
NULL,
NULL);
@@ -151,17 +140,6 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
return status;
}
- /* The above call only setup the modifications, this actually
- * makes the write to the database. */
- ret = dsdb_replace(sam_ctx, msg, 0);
- if (ret != LDB_SUCCESS) {
- DEBUG(2,("Failed to modify record to change password on %s: %s\n",
- ldb_dn_get_linearized(a_state->account_dn),
- ldb_errstring(sam_ctx)));
- ldb_transaction_cancel(sam_ctx);
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
-
/* And this confirms it in a transaction commit */
ret = ldb_transaction_commit(sam_ctx);
if (ret != LDB_SUCCESS) {
@@ -188,7 +166,7 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
struct ldb_context *sam_ctx;
struct ldb_dn *user_dn;
int ret;
- struct ldb_message **res, *mod;
+ struct ldb_message **res;
const char * const attrs[] = { "objectSid", "dBCSPwd", NULL };
struct samr_Password *lm_pwd;
DATA_BLOB lm_pwd_blob;
@@ -282,23 +260,11 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
return NT_STATUS_WRONG_PASSWORD;
}
- mod = ldb_msg_new(mem_ctx);
- if (mod == NULL) {
- ldb_transaction_cancel(sam_ctx);
- return NT_STATUS_NO_MEMORY;
- }
-
- mod->dn = ldb_dn_copy(mod, user_dn);
- if (!mod->dn) {
- ldb_transaction_cancel(sam_ctx);
- return NT_STATUS_NO_MEMORY;
- }
-
/* set the password on the user DN specified. This may fail
* due to password policies */
status = samdb_set_password(sam_ctx, mem_ctx,
user_dn, NULL,
- mod, &new_unicode_password,
+ &new_unicode_password,
NULL, NULL,
true, /* this is a user password change */
NULL,
@@ -308,17 +274,6 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
return status;
}
- /* The above call only setup the modifications, this actually
- * makes the write to the database. */
- ret = dsdb_replace(sam_ctx, mod, 0);
- if (ret != LDB_SUCCESS) {
- DEBUG(2,("Failed to modify record to change password on %s: %s\n",
- ldb_dn_get_linearized(user_dn),
- ldb_errstring(sam_ctx)));
- ldb_transaction_cancel(sam_ctx);
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
-
/* And this confirms it in a transaction commit */
ret = ldb_transaction_commit(sam_ctx);
if (ret != LDB_SUCCESS) {
@@ -344,7 +299,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
struct ldb_context *sam_ctx = NULL;
struct ldb_dn *user_dn;
int ret;
- struct ldb_message **res, *mod;
+ struct ldb_message **res;
const char * const attrs[] = { "unicodePwd", "dBCSPwd", NULL };
struct samr_Password *nt_pwd, *lm_pwd;
DATA_BLOB nt_pwd_blob;
@@ -445,23 +400,11 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
}
}
- mod = ldb_msg_new(mem_ctx);
- if (mod == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto failed;
- }
-
- mod->dn = ldb_dn_copy(mod, user_dn);
- if (!mod->dn) {
- status = NT_STATUS_NO_MEMORY;
- goto failed;
- }
-
/* set the password on the user DN specified. This may fail
* due to password policies */
status = samdb_set_password(sam_ctx, mem_ctx,
user_dn, NULL,
- mod, &new_password,
+ &new_password,
NULL, NULL,
true, /* this is a user password change */
&reason,
@@ -471,17 +414,6 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
goto failed;
}
- /* The above call only setup the modifications, this actually
- * makes the write to the database. */
- ret = dsdb_replace(sam_ctx, mod, 0);
- if (ret != LDB_SUCCESS) {
- DEBUG(2,("dsdb_replace failed to change password for %s: %s\n",
- ldb_dn_get_linearized(user_dn),
- ldb_errstring(sam_ctx)));
- status = NT_STATUS_UNSUCCESSFUL;
- goto failed;
- }
-
/* And this confirms it in a transaction commit */
ret = ldb_transaction_commit(sam_ctx);
if (ret != LDB_SUCCESS) {
@@ -497,9 +429,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
failed:
ldb_transaction_cancel(sam_ctx);
- reject = talloc(mem_ctx, struct userPwdChangeFailureInformation);
+ reject = talloc_zero(mem_ctx, struct userPwdChangeFailureInformation);
if (reject != NULL) {
- ZERO_STRUCTP(reject);
reject->extendedFailureReason = reason;
*r->out.reject = reject;
@@ -541,14 +472,11 @@ NTSTATUS dcesrv_samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call,
/*
set password via a samr_CryptPassword buffer
- this will in the 'msg' with modify operations that will update the user
- password when applied
*/
NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
- void *sam_ctx,
+ struct ldb_context *sam_ctx,
struct ldb_dn *account_dn, struct ldb_dn *domain_dn,
TALLOC_CTX *mem_ctx,
- struct ldb_message *msg,
struct samr_CryptPassword *pwbuf)
{
NTSTATUS nt_status;
@@ -571,7 +499,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
so the domain password policy can be used */
return samdb_set_password(sam_ctx, mem_ctx,
account_dn, domain_dn,
- msg, &new_password,
+ &new_password,
NULL, NULL,
false, /* This is a password set, not change */
NULL, NULL);
@@ -580,15 +508,12 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
/*
set password via a samr_CryptPasswordEx buffer
- this will in the 'msg' with modify operations that will update the user
- password when applied
*/
NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
struct ldb_context *sam_ctx,
struct ldb_dn *account_dn,
struct ldb_dn *domain_dn,
TALLOC_CTX *mem_ctx,
- struct ldb_message *msg,
struct samr_CryptPasswordEx *pwbuf)
{
NTSTATUS nt_status;
@@ -623,7 +548,7 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
so the domain password policy can be used */
return samdb_set_password(sam_ctx, mem_ctx,
account_dn, domain_dn,
- msg, &new_password,
+ &new_password,
NULL, NULL,
false, /* This is a password set, not change */
NULL, NULL);
generated by cgit (git 2.34.1) at 2024-07-06 08:41:47 +0000