[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-654-g624371c

Günther Deschner gd at samba.org
Fri Apr 4 21:42:43 GMT 2008


The branch, v3-2-test has been updated
       via  624371ce32a7c0816963745059e743e5b3e92e2a (commit)
       via  1cde9579f10ab8c43c25dfd6e5c658c7653f9a37 (commit)
      from  92d9f20852d5384e92a93dd0b051034718840ca8 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit 624371ce32a7c0816963745059e743e5b3e92e2a
Author: Günther Deschner <gd at samba.org>
Date:   Fri Apr 4 12:00:26 2008 +0200

    Fix _samr_GetUserPwInfo() (to return more then just zeros).
    
    Guenther

commit 1cde9579f10ab8c43c25dfd6e5c658c7653f9a37
Author: Günther Deschner <gd at samba.org>
Date:   Fri Apr 4 11:59:32 2008 +0200

    Fix _samr_GetDomPwInfo (to return more then zeros).
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source/rpc_server/srv_samr_nt.c |   71 +++++++++++++++++++++++++++++++++-----
 1 files changed, 61 insertions(+), 10 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 62632d0..0d9dd55 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -627,22 +627,59 @@ NTSTATUS _samr_GetUserPwInfo(pipes_struct *p,
 			     struct samr_GetUserPwInfo *r)
 {
 	struct samr_info *info = NULL;
+	enum lsa_SidType sid_type;
+	uint32_t min_password_length = 0;
+	uint32_t password_properties = 0;
+	bool ret = false;
+	NTSTATUS status;
+
+	DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__));
 
 	/* find the policy handle.  open a policy on it. */
-	if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info)) {
 		return NT_STATUS_INVALID_HANDLE;
+	}
 
-	if (!sid_check_is_in_our_domain(&info->sid))
+	status = access_check_samr_function(info->acc_granted,
+					    SAMR_USER_ACCESS_GET_ATTRIBUTES,
+					    "_samr_GetUserPwInfo" );
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (!sid_check_is_in_our_domain(&info->sid)) {
 		return NT_STATUS_OBJECT_TYPE_MISMATCH;
+	}
 
-	ZERO_STRUCTP(r->out.info);
+	become_root();
+	ret = lookup_sid(p->mem_ctx, &info->sid, NULL, NULL, &sid_type);
+	unbecome_root();
+	if (ret == false) {
+		return NT_STATUS_NO_SUCH_USER;
+	}
 
-	DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__));
+	switch (sid_type) {
+		case SID_NAME_USER:
+			become_root();
+			pdb_get_account_policy(AP_MIN_PASSWORD_LEN,
+					       &min_password_length);
+			pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+					       &password_properties);
+			unbecome_root();
 
-	/*
-	 * NT sometimes return NT_STATUS_ACCESS_DENIED
-	 * I don't know yet why.
-	 */
+			if (lp_check_password_script() && *lp_check_password_script()) {
+				password_properties |= DOMAIN_PASSWORD_COMPLEX;
+			}
+
+			break;
+		default:
+			break;
+	}
+
+	r->out.info->min_password_length = min_password_length;
+	r->out.info->password_properties = password_properties;
+
+	DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__));
 
 	return NT_STATUS_OK;
 }
@@ -5373,6 +5410,9 @@ NTSTATUS _samr_SetAliasInfo(pipes_struct *p,
 NTSTATUS _samr_GetDomPwInfo(pipes_struct *p,
 			    struct samr_GetDomPwInfo *r)
 {
+	uint32_t min_password_length = 0;
+	uint32_t password_properties = 0;
+
 	/* Perform access check.  Since this rpc does not require a
 	   policy handle it will not be caught by the access checks on
 	   SAMR_CONNECT or SAMR_CONNECT_ANON. */
@@ -5382,8 +5422,19 @@ NTSTATUS _samr_GetDomPwInfo(pipes_struct *p,
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	/* Actually, returning zeros here works quite well :-). */
-	ZERO_STRUCTP(r->out.info);
+	become_root();
+	pdb_get_account_policy(AP_MIN_PASSWORD_LEN,
+			       &min_password_length);
+	pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+			       &password_properties);
+	unbecome_root();
+
+	if (lp_check_password_script() && *lp_check_password_script()) {
+		password_properties |= DOMAIN_PASSWORD_COMPLEX;
+	}
+
+	r->out.info->min_password_length = min_password_length;
+	r->out.info->password_properties = password_properties;
 
 	return NT_STATUS_OK;
 }


-- 
Samba Shared Repository


More information about the samba-cvs mailing list