[SCM] Samba Shared Repository - branch master updated -
6a627b440e8b3f42db2a8a27047dd3482bad0d28
Günther Deschner
gd at samba.org
Thu Nov 27 17:30:09 GMT 2008
The branch, master has been updated
via 6a627b440e8b3f42db2a8a27047dd3482bad0d28 (commit)
via 257d99d0cd441697d67b52f3e7c260c17a4a0916 (commit)
via e398eed15a7a94d2a53d3bb865927a9db411008c (commit)
via d94f3e3db35580af366017e100b2047b96d85a9d (commit)
via 5f9524a9561ba3b29113ac0d2894617f1c6c40e6 (commit)
via 9c2ed82d07a4c989896610d91aa2ff1614c579aa (commit)
from bed91c0e463ed425288f7b4223739108c1fced45 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6a627b440e8b3f42db2a8a27047dd3482bad0d28
Author: Günther Deschner <gd at samba.org>
Date: Thu Nov 27 17:29:30 2008 +0100
s3-samr: never allow to alter pwdlastset directly.
Guenther
commit 257d99d0cd441697d67b52f3e7c260c17a4a0916
Author: Günther Deschner <gd at samba.org>
Date: Thu Nov 27 01:25:46 2008 +0100
s3-samr: fix return code for invalid password sets in SetUserInfo.
Guenther
commit e398eed15a7a94d2a53d3bb865927a9db411008c
Author: Günther Deschner <gd at samba.org>
Date: Thu Nov 27 01:22:39 2008 +0100
s3-samr: fix return code for invalid name in _samr_LookupDomain.
Guenther
commit d94f3e3db35580af366017e100b2047b96d85a9d
Author: Günther Deschner <gd at samba.org>
Date: Thu Nov 27 01:21:49 2008 +0100
s3-samr: avoid enumeration and user creation on builtin domain handle.
Guenther
commit 5f9524a9561ba3b29113ac0d2894617f1c6c40e6
Author: Günther Deschner <gd at samba.org>
Date: Tue Nov 25 15:51:35 2008 +0100
s3-samr: support samr_CreateUser as well.
Guenther
commit 9c2ed82d07a4c989896610d91aa2ff1614c579aa
Author: Günther Deschner <gd at samba.org>
Date: Tue Nov 25 15:50:28 2008 +0100
s3-samr: support samr_QueryUserInfo2 as well.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/srv_samr_nt.c | 92 ++++++++++++++++++++++++++++----------
1 files changed, 68 insertions(+), 24 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 0623dfb..c45be02 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1484,6 +1484,11 @@ NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p,
if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
+ if (info->builtin_domain) {
+ DEBUG(5,("_samr_QueryDisplayInfo: Nothing in BUILTIN\n"));
+ return NT_STATUS_OK;
+ }
+
status = access_check_samr_function(info->acc_granted,
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
"_samr_QueryDisplayInfo");
@@ -2837,6 +2842,21 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p,
return status;
}
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_QueryUserInfo2(pipes_struct *p,
+ struct samr_QueryUserInfo2 *r)
+{
+ struct samr_QueryUserInfo u;
+
+ u.in.user_handle = r->in.user_handle;
+ u.in.level = r->in.level;
+ u.out.info = r->out.info;
+
+ return _samr_QueryUserInfo(p, &u);
+}
+
/*******************************************************************
_samr_GetGroupsForUser
********************************************************************/
@@ -3266,6 +3286,11 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p,
&disp_info))
return NT_STATUS_INVALID_HANDLE;
+ if (disp_info->builtin_domain) {
+ DEBUG(5,("_samr_CreateUser2: Refusing user create in BUILTIN\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
nt_status = access_check_samr_function(acc_granted,
SAMR_DOMAIN_ACCESS_CREATE_USER,
"_samr_CreateUser2");
@@ -3381,6 +3406,26 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p,
return NT_STATUS_OK;
}
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_CreateUser(pipes_struct *p,
+ struct samr_CreateUser *r)
+{
+ struct samr_CreateUser2 c;
+ uint32_t access_granted;
+
+ c.in.domain_handle = r->in.domain_handle;
+ c.in.account_name = r->in.account_name;
+ c.in.acct_flags = ACB_NORMAL;
+ c.in.access_mask = r->in.access_mask;
+ c.out.user_handle = r->out.user_handle;
+ c.out.access_granted = &access_granted;
+ c.out.rid = r->out.rid;
+
+ return _samr_CreateUser2(p, &c);
+}
+
/*******************************************************************
_samr_Connect
********************************************************************/
@@ -3605,6 +3650,9 @@ NTSTATUS _samr_LookupDomain(pipes_struct *p,
}
domain_name = r->in.domain_name->string;
+ if (!domain_name) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
sid = TALLOC_ZERO_P(p->mem_ctx, struct dom_sid2);
if (!sid) {
@@ -3911,6 +3959,11 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
+ if (id21->fields_present & SAMR_FIELD_LAST_PWD_CHANGE) {
+ TALLOC_FREE(pwd);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/* we need to separately check for an account rename first */
if (id21->account_name.string &&
@@ -3994,6 +4047,12 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
+ if (id23->info.fields_present & SAMR_FIELD_LAST_PWD_CHANGE) {
+ TALLOC_FREE(pwd);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+
DEBUG(5, ("Attempting administrator password change (level 23) for user %s\n",
pdb_get_username(pwd)));
@@ -4005,7 +4064,7 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx,
&len,
STR_UNICODE)) {
TALLOC_FREE(pwd);
- return NT_STATUS_INVALID_PARAMETER;
+ return NT_STATUS_WRONG_PASSWORD;
}
if (!pdb_set_plaintext_passwd (pwd, plaintext_buf)) {
@@ -4172,6 +4231,11 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
+ if (id25->info.fields_present & SAMR_FIELD_LAST_PWD_CHANGE) {
+ TALLOC_FREE(pwd);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
copy_id25_to_sam_passwd(pwd, id25);
/* write the change out */
@@ -4362,7 +4426,7 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p,
if (!set_user_info_pw(info->info24.password.data, pwd,
switch_value)) {
- status = NT_STATUS_ACCESS_DENIED;
+ status = NT_STATUS_WRONG_PASSWORD;
}
break;
@@ -4383,7 +4447,7 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p,
}
if (!set_user_info_pw(info->info25.password.data, pwd,
switch_value)) {
- status = NT_STATUS_ACCESS_DENIED;
+ status = NT_STATUS_WRONG_PASSWORD;
}
break;
@@ -4399,7 +4463,7 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p,
if (!set_user_info_pw(info->info26.password.data, pwd,
switch_value)) {
- status = NT_STATUS_ACCESS_DENIED;
+ status = NT_STATUS_WRONG_PASSWORD;
}
break;
@@ -5962,16 +6026,6 @@ NTSTATUS _samr_Shutdown(pipes_struct *p,
/****************************************************************
****************************************************************/
-NTSTATUS _samr_CreateUser(pipes_struct *p,
- struct samr_CreateUser *r)
-{
- p->rng_fault_state = true;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
NTSTATUS _samr_SetMemberAttributesOfGroup(pipes_struct *p,
struct samr_SetMemberAttributesOfGroup *r)
{
@@ -6012,16 +6066,6 @@ NTSTATUS _samr_TestPrivateFunctionsUser(pipes_struct *p,
/****************************************************************
****************************************************************/
-NTSTATUS _samr_QueryUserInfo2(pipes_struct *p,
- struct samr_QueryUserInfo2 *r)
-{
- p->rng_fault_state = true;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
NTSTATUS _samr_AddMultipleMembersToAlias(pipes_struct *p,
struct samr_AddMultipleMembersToAlias *r)
{
--
Samba Shared Repository
More information about the samba-cvs
mailing list