From d6098de507ed46750ecd8063c075c5b1b2b3d32d Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Mon, 21 Jun 2010 22:26:31 +0200 Subject: s4:dcesrv_samr_SetUserInfo - implement right "pwdLastSet" behaviour Behaviour as the torture SAMR passwords tests show. --- source4/rpc_server/samr/dcesrv_samr.c | 73 ++++++++++++++++++++++++++++++++++- 1 file changed, 72 insertions(+), 1 deletion(-) (limited to 'source4/rpc_server/samr') diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 9556c86783..9200d37b32 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -3176,6 +3176,18 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL mem_ctx, r->in.info->info18.lm_pwd_active ? r->in.info->info18.lm_pwd.hash : NULL, r->in.info->info18.nt_pwd_active ? r->in.info->info18.nt_pwd.hash : NULL); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (r->in.info->info18.password_expired > 0) { + struct ldb_message_element *set_el; + if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg, "pwdLastSet", 0) != LDB_SUCCESS) { + return NT_STATUS_NO_MEMORY; + } + set_el = ldb_msg_find_element(msg, "pwdLastSet"); + set_el->flags = LDB_FLAG_MOD_REPLACE; + } break; case 20: @@ -3251,6 +3263,18 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL mem_ctx, lm_pwd_hash, nt_pwd_hash); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + + IFSET(SAMR_FIELD_EXPIRED_FLAG) { + struct ldb_message_element *set_el; + if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg, "pwdLastSet", 0) != LDB_SUCCESS) { + return NT_STATUS_NO_MEMORY; + } + set_el = ldb_msg_find_element(msg, "pwdLastSet"); + set_el->flags = LDB_FLAG_MOD_REPLACE; } #undef IFSET break; @@ -3312,6 +3336,18 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL mem_ctx, &r->in.info->info23.password); } + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + IFSET(SAMR_FIELD_EXPIRED_FLAG) { + struct ldb_message_element *set_el; + if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg, "pwdLastSet", 0) != LDB_SUCCESS) { + return NT_STATUS_NO_MEMORY; + } + set_el = ldb_msg_find_element(msg, "pwdLastSet"); + set_el->flags = LDB_FLAG_MOD_REPLACE; + } #undef IFSET break; @@ -3323,6 +3359,18 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL a_state->domain_state->domain_dn, mem_ctx, &r->in.info->info24.password); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (r->in.info->info24.password_expired > 0) { + struct ldb_message_element *set_el; + if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg, "pwdLastSet", 0) != LDB_SUCCESS) { + return NT_STATUS_NO_MEMORY; + } + set_el = ldb_msg_find_element(msg, "pwdLastSet"); + set_el->flags = LDB_FLAG_MOD_REPLACE; + } break; case 25: @@ -3382,6 +3430,18 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL mem_ctx, &r->in.info->info25.password); } + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + IFSET(SAMR_FIELD_EXPIRED_FLAG) { + struct ldb_message_element *set_el; + if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg, "pwdLastSet", 0) != LDB_SUCCESS) { + return NT_STATUS_NO_MEMORY; + } + set_el = ldb_msg_find_element(msg, "pwdLastSet"); + set_el->flags = LDB_FLAG_MOD_REPLACE; + } #undef IFSET break; @@ -3393,8 +3453,19 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL a_state->domain_state->domain_dn, mem_ctx, &r->in.info->info26.password); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (r->in.info->info26.password_expired > 0) { + struct ldb_message_element *set_el; + if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg, "pwdLastSet", 0) != LDB_SUCCESS) { + return NT_STATUS_NO_MEMORY; + } + set_el = ldb_msg_find_element(msg, "pwdLastSet"); + set_el->flags = LDB_FLAG_MOD_REPLACE; + } break; - default: /* many info classes are not valid for SetUserInfo */ -- cgit