[SCM] Samba Shared Repository - branch v3-2-test updated -
release-3-2-0pre2-654-g624371c
Günther Deschner
gd at samba.org
Fri Apr 4 21:42:43 GMT 2008
The branch, v3-2-test has been updated
via 624371ce32a7c0816963745059e743e5b3e92e2a (commit)
via 1cde9579f10ab8c43c25dfd6e5c658c7653f9a37 (commit)
from 92d9f20852d5384e92a93dd0b051034718840ca8 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 624371ce32a7c0816963745059e743e5b3e92e2a
Author: Günther Deschner <gd at samba.org>
Date: Fri Apr 4 12:00:26 2008 +0200
Fix _samr_GetUserPwInfo() (to return more then just zeros).
Guenther
commit 1cde9579f10ab8c43c25dfd6e5c658c7653f9a37
Author: Günther Deschner <gd at samba.org>
Date: Fri Apr 4 11:59:32 2008 +0200
Fix _samr_GetDomPwInfo (to return more then zeros).
Guenther
-----------------------------------------------------------------------
Summary of changes:
source/rpc_server/srv_samr_nt.c | 71 +++++++++++++++++++++++++++++++++-----
1 files changed, 61 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 62632d0..0d9dd55 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -627,22 +627,59 @@ NTSTATUS _samr_GetUserPwInfo(pipes_struct *p,
struct samr_GetUserPwInfo *r)
{
struct samr_info *info = NULL;
+ enum lsa_SidType sid_type;
+ uint32_t min_password_length = 0;
+ uint32_t password_properties = 0;
+ bool ret = false;
+ NTSTATUS status;
+
+ DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__));
/* find the policy handle. open a policy on it. */
- if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info)) {
return NT_STATUS_INVALID_HANDLE;
+ }
- if (!sid_check_is_in_our_domain(&info->sid))
+ status = access_check_samr_function(info->acc_granted,
+ SAMR_USER_ACCESS_GET_ATTRIBUTES,
+ "_samr_GetUserPwInfo" );
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (!sid_check_is_in_our_domain(&info->sid)) {
return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ }
- ZERO_STRUCTP(r->out.info);
+ become_root();
+ ret = lookup_sid(p->mem_ctx, &info->sid, NULL, NULL, &sid_type);
+ unbecome_root();
+ if (ret == false) {
+ return NT_STATUS_NO_SUCH_USER;
+ }
- DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__));
+ switch (sid_type) {
+ case SID_NAME_USER:
+ become_root();
+ pdb_get_account_policy(AP_MIN_PASSWORD_LEN,
+ &min_password_length);
+ pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+ &password_properties);
+ unbecome_root();
- /*
- * NT sometimes return NT_STATUS_ACCESS_DENIED
- * I don't know yet why.
- */
+ if (lp_check_password_script() && *lp_check_password_script()) {
+ password_properties |= DOMAIN_PASSWORD_COMPLEX;
+ }
+
+ break;
+ default:
+ break;
+ }
+
+ r->out.info->min_password_length = min_password_length;
+ r->out.info->password_properties = password_properties;
+
+ DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__));
return NT_STATUS_OK;
}
@@ -5373,6 +5410,9 @@ NTSTATUS _samr_SetAliasInfo(pipes_struct *p,
NTSTATUS _samr_GetDomPwInfo(pipes_struct *p,
struct samr_GetDomPwInfo *r)
{
+ uint32_t min_password_length = 0;
+ uint32_t password_properties = 0;
+
/* Perform access check. Since this rpc does not require a
policy handle it will not be caught by the access checks on
SAMR_CONNECT or SAMR_CONNECT_ANON. */
@@ -5382,8 +5422,19 @@ NTSTATUS _samr_GetDomPwInfo(pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
- /* Actually, returning zeros here works quite well :-). */
- ZERO_STRUCTP(r->out.info);
+ become_root();
+ pdb_get_account_policy(AP_MIN_PASSWORD_LEN,
+ &min_password_length);
+ pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+ &password_properties);
+ unbecome_root();
+
+ if (lp_check_password_script() && *lp_check_password_script()) {
+ password_properties |= DOMAIN_PASSWORD_COMPLEX;
+ }
+
+ r->out.info->min_password_length = min_password_length;
+ r->out.info->password_properties = password_properties;
return NT_STATUS_OK;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list