From 833729125093b884a528057b0aa03891efb9e9b5 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Fri, 4 Apr 2008 12:00:26 +0200
Subject: Fix _samr_GetUserPwInfo() (to return more then just zeros).

Guenther
(This used to be commit 624371ce32a7c0816963745059e743e5b3e92e2a)
---
 source3/rpc_server/srv_samr_nt.c | 53 ++++++++++++++++++++++++++++++++++------
 1 file changed, 45 insertions(+), 8 deletions(-)

diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index bcb4acbf15..0d9dd554c6 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -627,22 +627,59 @@ NTSTATUS _samr_GetUserPwInfo(pipes_struct *p,
 			     struct samr_GetUserPwInfo *r)
 {
 	struct samr_info *info = NULL;
+	enum lsa_SidType sid_type;
+	uint32_t min_password_length = 0;
+	uint32_t password_properties = 0;
+	bool ret = false;
+	NTSTATUS status;
+
+	DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__));
 
 	/* find the policy handle.  open a policy on it. */
-	if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info)) {
 		return NT_STATUS_INVALID_HANDLE;
+	}
 
-	if (!sid_check_is_in_our_domain(&info->sid))
+	status = access_check_samr_function(info->acc_granted,
+					    SAMR_USER_ACCESS_GET_ATTRIBUTES,
+					    "_samr_GetUserPwInfo" );
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (!sid_check_is_in_our_domain(&info->sid)) {
 		return NT_STATUS_OBJECT_TYPE_MISMATCH;
+	}
+
+	become_root();
+	ret = lookup_sid(p->mem_ctx, &info->sid, NULL, NULL, &sid_type);
+	unbecome_root();
+	if (ret == false) {
+		return NT_STATUS_NO_SUCH_USER;
+	}
 
-	ZERO_STRUCTP(r->out.info);
+	switch (sid_type) {
+		case SID_NAME_USER:
+			become_root();
+			pdb_get_account_policy(AP_MIN_PASSWORD_LEN,
+					       &min_password_length);
+			pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+					       &password_properties);
+			unbecome_root();
 
-	DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__));
+			if (lp_check_password_script() && *lp_check_password_script()) {
+				password_properties |= DOMAIN_PASSWORD_COMPLEX;
+			}
 
-	/*
-	 * NT sometimes return NT_STATUS_ACCESS_DENIED
-	 * I don't know yet why.
-	 */
+			break;
+		default:
+			break;
+	}
+
+	r->out.info->min_password_length = min_password_length;
+	r->out.info->password_properties = password_properties;
+
+	DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__));
 
 	return NT_STATUS_OK;
 }
-- 
cgit