-/*
+/*
Unix SMB/CIFS implementation.
endpoint server for the samr pipe
Copyright (C) Volker Lendecke 2004
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
Copyright (C) Matthias Dieter Wallnöfer 2009
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
} \
set_el = ldb_msg_find_element(msg, attr); \
set_el->flags = LDB_FLAG_MOD_REPLACE; \
-} while (0)
-
+} while (0)
+
#define SET_INT64(msg, field, attr) do { \
struct ldb_message_element *set_el; \
if (samdb_msg_add_int64(sam_ctx, mem_ctx, msg, attr, r->in.info->field) != LDB_SUCCESS) { \
} \
set_el = ldb_msg_find_element(msg, attr); \
set_el->flags = LDB_FLAG_MOD_REPLACE; \
-} while (0)
-
+} while (0)
+
#define SET_UINT64(msg, field, attr) do { \
struct ldb_message_element *set_el; \
if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg, attr, r->in.info->field) != LDB_SUCCESS) { \
} \
set_el = ldb_msg_find_element(msg, attr); \
set_el->flags = LDB_FLAG_MOD_REPLACE; \
-} while (0)
+} while (0)
#define CHECK_FOR_MULTIPLES(value, flag, poss_flags) \
do { \
return NT_STATUS_INVALID_PARAMETER; \
} \
} while (0) \
-
-/* Set account flags, discarding flags that cannot be set with SAMR */
+
+/* Set account flags, discarding flags that cannot be set with SAMR */
#define SET_AFLAGS(msg, field, attr) do { \
struct ldb_message_element *set_el; \
if ((r->in.info->field & (ACB_NORMAL | ACB_DOMTRUST | ACB_WSTRUST | ACB_SVRTRUST)) == 0) { \
} \
set_el = ldb_msg_find_element(msg, attr); \
set_el->flags = LDB_FLAG_MOD_REPLACE; \
-} while (0)
-
+} while (0)
+
#define SET_LHOURS(msg, field, attr) do { \
struct ldb_message_element *set_el; \
if (samdb_msg_add_logon_hours(sam_ctx, mem_ctx, msg, attr, &r->in.info->field) != LDB_SUCCESS) { \
-/*
- samr_Connect
+/*
+ samr_Connect
create a connection to the SAM database
*/
}
-/*
- samr_Close
+/*
+ samr_Close
*/
static NTSTATUS dcesrv_samr_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_Close *r)
}
-/*
- samr_SetSecurity
+/*
+ samr_SetSecurity
*/
static NTSTATUS dcesrv_samr_SetSecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_SetSecurity *r)
}
-/*
- samr_QuerySecurity
+/*
+ samr_QuerySecurity
*/
static NTSTATUS dcesrv_samr_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_QuerySecurity *r)
}
-/*
- samr_Shutdown
+/*
+ samr_Shutdown
we refuse this operation completely. If a admin wants to shutdown samr
in Samba then they should use the samba admin tools to disable the samr pipe
}
-/*
- samr_LookupDomain
+/*
+ samr_LookupDomain
this maps from a domain name to a SID
*/
"(objectClass=builtinDomain)");
} else if (strcasecmp_m(r->in.domain_name->string, lpcfg_sam_name(dce_call->conn->dce_ctx->lp_ctx)) == 0) {
ret = gendb_search_dn(c_state->sam_ctx,
- mem_ctx, ldb_get_default_basedn(c_state->sam_ctx),
+ mem_ctx, ldb_get_default_basedn(c_state->sam_ctx),
&dom_msgs, dom_attrs);
} else {
return NT_STATUS_NO_SUCH_DOMAIN;
if (ret != 1) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
-
+
sid = samdb_result_dom_sid(mem_ctx, dom_msgs[0],
"objectSid");
-
+
if (sid == NULL) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
}
-/*
- samr_EnumDomains
+/*
+ samr_EnumDomains
list the domains in the SAM
*/
if (array == NULL) {
return NT_STATUS_NO_MEMORY;
}
-
+
array->count = 0;
array->entries = NULL;
}
-/*
- samr_OpenDomain
+/*
+ samr_OpenDomain
*/
static NTSTATUS dcesrv_samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_OpenDomain *r)
ret = gendb_search(c_state->sam_ctx,
mem_ctx, ldb_get_default_basedn(c_state->sam_ctx), &dom_msgs, dom_attrs,
- "(objectSid=%s)",
+ "(objectSid=%s)",
ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
-
+
if (ret == 0) {
talloc_free(d_state);
return NT_STATUS_NO_SUCH_DOMAIN;
talloc_free(d_state);
return NT_STATUS_NO_MEMORY;
}
-
+
h_domain->data = talloc_steal(h_domain, d_state);
*r->out.domain_handle = h_domain->wire_handle;
ldb_msg_find_attr_as_uint(dom_msgs[0], "minPwdLength", 0);
info->password_history_length =
ldb_msg_find_attr_as_uint(dom_msgs[0], "pwdHistoryLength", 0);
- info->password_properties =
+ info->password_properties =
ldb_msg_find_attr_as_uint(dom_msgs[0], "pwdProperties", 0);
- info->max_password_age =
+ info->max_password_age =
ldb_msg_find_attr_as_int64(dom_msgs[0], "maxPwdAge", 0);
- info->min_password_age =
+ info->min_password_age =
ldb_msg_find_attr_as_int64(dom_msgs[0], "minPwdAge", 0);
return NT_STATUS_OK;
/*
return DomInfo2
*/
-static NTSTATUS dcesrv_samr_info_DomGeneralInformation(struct samr_domain_state *state,
+static NTSTATUS dcesrv_samr_info_DomGeneralInformation(struct samr_domain_state *state,
TALLOC_CTX *mem_ctx,
struct ldb_message **dom_msgs,
struct samr_DomGeneralInformation *info)
"domainReplica",
"");
- info->force_logoff_time = ldb_msg_find_attr_as_uint64(dom_msgs[0], "forceLogoff",
+ info->force_logoff_time = ldb_msg_find_attr_as_uint64(dom_msgs[0], "forceLogoff",
0x8000000000000000LL);
info->oem_information.string = ldb_msg_find_attr_as_string(dom_msgs[0],
"");
info->domain_name.string = state->domain_name;
- info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount",
+ info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount",
0);
switch (state->role) {
case ROLE_DOMAIN_CONTROLLER:
- /* This pulls the NetBIOS name from the
+ /* This pulls the NetBIOS name from the
cn=NTDS Settings,cn=<NETBIOS name of PDC>,....
string */
if (samdb_is_pdc(state->sam_ctx)) {
struct ldb_message **dom_msgs,
struct samr_DomInfo3 *info)
{
- info->force_logoff_time = ldb_msg_find_attr_as_uint64(dom_msgs[0], "forceLogoff",
+ info->force_logoff_time = ldb_msg_find_attr_as_uint64(dom_msgs[0], "forceLogoff",
0x8000000000000000LL);
return NT_STATUS_OK;
switch (state->role) {
case ROLE_DOMAIN_CONTROLLER:
- /* This pulls the NetBIOS name from the
+ /* This pulls the NetBIOS name from the
cn=NTDS Settings,cn=<NETBIOS name of PDC>,....
string */
if (samdb_is_pdc(state->sam_ctx)) {
struct ldb_message **dom_msgs,
struct samr_DomInfo8 *info)
{
- info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount",
+ info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount",
time(NULL));
info->domain_create_time = ldb_msg_find_attr_as_uint(dom_msgs[0], "creationTime",
if (!NT_STATUS_IS_OK(status)) {
return status;
}
-
- info->lockout_duration = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutDuration",
+
+ info->lockout_duration = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutDuration",
-18000000000LL);
info->lockout_window = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockOutObservationWindow",
-18000000000LL);
struct ldb_message **dom_msgs,
struct samr_DomInfo12 *info)
{
- info->lockout_duration = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutDuration",
+ info->lockout_duration = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutDuration",
-18000000000LL);
info->lockout_window = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockOutObservationWindow",
-18000000000LL);
struct ldb_message **dom_msgs,
struct samr_DomInfo13 *info)
{
- info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount",
+ info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount",
time(NULL));
info->domain_create_time = ldb_msg_find_attr_as_uint(dom_msgs[0], "creationTime",
return NT_STATUS_OK;
}
-/*
- samr_QueryDomainInfo
+/*
+ samr_QueryDomainInfo
*/
static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct ldb_message **dom_msgs;
const char * const *attrs = NULL;
-
+
*r->out.info = NULL;
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
d_state = h->data;
switch (r->in.level) {
- case 1:
+ case 1:
{
static const char * const attrs2[] = { "minPwdLength",
"pwdHistoryLength",
}
case 3:
{
- static const char * const attrs2[] = {"forceLogoff",
+ static const char * const attrs2[] = {"forceLogoff",
NULL};
attrs = attrs2;
break;
}
case 4:
{
- static const char * const attrs2[] = {"oEMInformation",
+ static const char * const attrs2[] = {"oEMInformation",
NULL};
attrs = attrs2;
break;
}
case 8:
{
- static const char * const attrs2[] = { "modifiedCount",
- "creationTime",
+ static const char * const attrs2[] = { "modifiedCount",
+ "creationTime",
NULL };
attrs = attrs2;
break;
{
static const char * const attrs2[] = { "oEMInformation",
"forceLogoff",
- "modifiedCount",
- "lockoutDuration",
- "lockOutObservationWindow",
- "lockoutThreshold",
+ "modifiedCount",
+ "lockoutDuration",
+ "lockOutObservationWindow",
+ "lockoutThreshold",
NULL};
attrs = attrs2;
break;
}
case 12:
{
- static const char * const attrs2[] = { "lockoutDuration",
- "lockOutObservationWindow",
- "lockoutThreshold",
+ static const char * const attrs2[] = { "lockoutDuration",
+ "lockOutObservationWindow",
+ "lockoutThreshold",
NULL};
attrs = attrs2;
break;
}
case 13:
{
- static const char * const attrs2[] = { "modifiedCount",
- "creationTime",
+ static const char * const attrs2[] = { "modifiedCount",
+ "creationTime",
NULL };
attrs = attrs2;
break;
switch (r->in.level) {
case 1:
- return dcesrv_samr_info_DomInfo1(d_state, mem_ctx, dom_msgs,
+ return dcesrv_samr_info_DomInfo1(d_state, mem_ctx, dom_msgs,
&info->info1);
case 2:
- return dcesrv_samr_info_DomGeneralInformation(d_state, mem_ctx, dom_msgs,
+ return dcesrv_samr_info_DomGeneralInformation(d_state, mem_ctx, dom_msgs,
&info->general);
case 3:
- return dcesrv_samr_info_DomInfo3(d_state, mem_ctx, dom_msgs,
+ return dcesrv_samr_info_DomInfo3(d_state, mem_ctx, dom_msgs,
&info->info3);
case 4:
- return dcesrv_samr_info_DomOEMInformation(d_state, mem_ctx, dom_msgs,
+ return dcesrv_samr_info_DomOEMInformation(d_state, mem_ctx, dom_msgs,
&info->oem);
case 5:
- return dcesrv_samr_info_DomInfo5(d_state, mem_ctx, dom_msgs,
+ return dcesrv_samr_info_DomInfo5(d_state, mem_ctx, dom_msgs,
&info->info5);
case 6:
- return dcesrv_samr_info_DomInfo6(d_state, mem_ctx, dom_msgs,
+ return dcesrv_samr_info_DomInfo6(d_state, mem_ctx, dom_msgs,
&info->info6);
case 7:
- return dcesrv_samr_info_DomInfo7(d_state, mem_ctx, dom_msgs,
+ return dcesrv_samr_info_DomInfo7(d_state, mem_ctx, dom_msgs,
&info->info7);
case 8:
- return dcesrv_samr_info_DomInfo8(d_state, mem_ctx, dom_msgs,
+ return dcesrv_samr_info_DomInfo8(d_state, mem_ctx, dom_msgs,
&info->info8);
case 9:
- return dcesrv_samr_info_DomInfo9(d_state, mem_ctx, dom_msgs,
+ return dcesrv_samr_info_DomInfo9(d_state, mem_ctx, dom_msgs,
&info->info9);
case 11:
- return dcesrv_samr_info_DomGeneralInformation2(d_state, mem_ctx, dom_msgs,
+ return dcesrv_samr_info_DomGeneralInformation2(d_state, mem_ctx, dom_msgs,
&info->general2);
case 12:
- return dcesrv_samr_info_DomInfo12(d_state, mem_ctx, dom_msgs,
+ return dcesrv_samr_info_DomInfo12(d_state, mem_ctx, dom_msgs,
&info->info12);
case 13:
- return dcesrv_samr_info_DomInfo13(d_state, mem_ctx, dom_msgs,
+ return dcesrv_samr_info_DomInfo13(d_state, mem_ctx, dom_msgs,
&info->info13);
default:
return NT_STATUS_INVALID_INFO_CLASS;
}
-/*
- samr_SetDomainInfo
+/*
+ samr_SetDomainInfo
*/
static NTSTATUS dcesrv_samr_SetDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_SetDomainInfo *r)
return NT_STATUS_OK;
}
-/*
- samr_CreateDomainGroup
+/*
+ samr_CreateDomainGroup
*/
static NTSTATUS dcesrv_samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_CreateDomainGroup *r)
return e1->idx - e2->idx;
}
-/*
- samr_EnumDomainGroups
+/*
+ samr_EnumDomainGroups
*/
static NTSTATUS dcesrv_samr_EnumDomainGroups(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_EnumDomainGroups *r)
}
-/*
- samr_CreateUser2
+/*
+ samr_CreateUser2
This call uses transactions to ensure we don't get a new conflicting
user while we are processing this, and to ensure the user either
}
-/*
- samr_CreateUser
+/*
+ samr_CreateUser
*/
static NTSTATUS dcesrv_samr_CreateUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_CreateUser *r)
return dcesrv_samr_CreateUser2(dce_call, mem_ctx, &r2);
}
-/*
- samr_EnumDomainUsers
+/*
+ samr_EnumDomainUsers
*/
static NTSTATUS dcesrv_samr_EnumDomainUsers(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_EnumDomainUsers *r)
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
d_state = h->data;
-
+
/* search for all domain users in this domain. This could possibly be
cached and resumed on resume_key */
ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx,
first<count && entries[first].idx <= *r->in.resume_handle;
first++) ;
- /* return the rest, limit by max_size. Note that we
+ /* return the rest, limit by max_size. Note that we
use the w2k3 element size value of 54 */
*r->out.num_entries = count - first;
*r->out.num_entries = MIN(*r->out.num_entries,
}
-/*
- samr_CreateDomAlias
+/*
+ samr_CreateDomAlias
*/
static NTSTATUS dcesrv_samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_CreateDomAlias *r)
}
-/*
- samr_EnumDomainAliases
+/*
+ samr_EnumDomainAliases
*/
static NTSTATUS dcesrv_samr_EnumDomainAliases(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_EnumDomainAliases *r)
/* search for all domain aliases in this domain. This could possibly be
cached and resumed based on resume_key */
ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx, NULL,
- &res, attrs,
+ &res, attrs,
d_state->domain_sid,
"(&(|(grouptype=%d)(grouptype=%d)))"
"(objectclass=group))",
}
-/*
- samr_GetAliasMembership
+/*
+ samr_GetAliasMembership
*/
static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_GetAliasMembership *r)
}
-/*
- samr_LookupNames
+/*
+ samr_LookupNames
*/
static NTSTATUS dcesrv_samr_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_LookupNames *r)
r->out.rids->ids[i] = 0;
r->out.types->ids[i] = SID_NAME_UNKNOWN;
- count = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, &res, attrs,
- "sAMAccountName=%s",
+ count = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, &res, attrs,
+ "sAMAccountName=%s",
ldb_binary_encode_string(mem_ctx, r->in.names[i].string));
if (count != 1) {
status = STATUS_SOME_UNMAPPED;
status = STATUS_SOME_UNMAPPED;
continue;
}
-
+
atype = ldb_msg_find_attr_as_uint(res[0], "sAMAccountType", 0);
if (atype == 0) {
status = STATUS_SOME_UNMAPPED;
}
rtype = ds_atype_map(atype);
-
+
if (rtype == SID_NAME_UNKNOWN) {
status = STATUS_SOME_UNMAPPED;
continue;
r->out.types->ids[i] = rtype;
num_mapped++;
}
-
+
if (num_mapped == 0) {
return NT_STATUS_NONE_MAPPED;
}
}
-/*
- samr_LookupRids
+/*
+ samr_LookupRids
*/
static NTSTATUS dcesrv_samr_LookupRids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_LookupRids *r)
}
-/*
- samr_OpenGroup
+/*
+ samr_OpenGroup
*/
static NTSTATUS dcesrv_samr_OpenGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_OpenGroup *r)
return NT_STATUS_NO_SUCH_GROUP;
}
if (ret != 1) {
- DEBUG(0,("Found %d records matching sid %s\n",
+ DEBUG(0,("Found %d records matching sid %s\n",
ret, dom_sid_string(mem_ctx, sid)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
groupname = ldb_msg_find_attr_as_string(msgs[0], "sAMAccountName", NULL);
if (groupname == NULL) {
- DEBUG(0,("sAMAccountName field missing for sid %s\n",
+ DEBUG(0,("sAMAccountName field missing for sid %s\n",
dom_sid_string(mem_ctx, sid)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
return NT_STATUS_OK;
}
-/*
- samr_QueryGroupInfo
+/*
+ samr_QueryGroupInfo
*/
static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_QueryGroupInfo *r)
DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP);
a_state = h->data;
-
+
/* pull all the group attributes */
ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
a_state->account_dn, &res, attrs);
}
-/*
- samr_SetGroupInfo
+/*
+ samr_SetGroupInfo
*/
static NTSTATUS dcesrv_samr_SetGroupInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_SetGroupInfo *r)
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;
- }
+ }
msg->dn = ldb_dn_copy(mem_ctx, g_state->account_dn);
if (!msg->dn) {
}
-/*
- samr_AddGroupMember
+/*
+ samr_AddGroupMember
*/
static NTSTATUS dcesrv_samr_AddGroupMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_AddGroupMember *r)
if (res->count == 0) {
return NT_STATUS_NO_SUCH_USER;
}
-
+
if (res->count > 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
}
-/*
- samr_DeleteDomainGroup
+/*
+ samr_DeleteDomainGroup
*/
static NTSTATUS dcesrv_samr_DeleteDomainGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_DeleteDomainGroup *r)
}
-/*
- samr_DeleteGroupMember
+/*
+ samr_DeleteGroupMember
*/
static NTSTATUS dcesrv_samr_DeleteGroupMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_DeleteGroupMember *r)
if (res->count == 0) {
return NT_STATUS_NO_SUCH_USER;
}
-
+
if (res->count > 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
}
-/*
- samr_QueryGroupMember
+/*
+ samr_QueryGroupMember
*/
static NTSTATUS dcesrv_samr_QueryGroupMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_QueryGroupMember *r)
}
-/*
- samr_SetMemberAttributesOfGroup
+/*
+ samr_SetMemberAttributesOfGroup
*/
static NTSTATUS dcesrv_samr_SetMemberAttributesOfGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_SetMemberAttributesOfGroup *r)
}
-/*
- samr_OpenAlias
+/*
+ samr_OpenAlias
*/
static NTSTATUS dcesrv_samr_OpenAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_OpenAlias *r)
return NT_STATUS_NO_SUCH_ALIAS;
}
if (ret != 1) {
- DEBUG(0,("Found %d records matching sid %s\n",
+ DEBUG(0,("Found %d records matching sid %s\n",
ret, dom_sid_string(mem_ctx, sid)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
alias_name = ldb_msg_find_attr_as_string(msgs[0], "sAMAccountName", NULL);
if (alias_name == NULL) {
- DEBUG(0,("sAMAccountName field missing for sid %s\n",
+ DEBUG(0,("sAMAccountName field missing for sid %s\n",
dom_sid_string(mem_ctx, sid)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
}
-/*
- samr_QueryAliasInfo
+/*
+ samr_QueryAliasInfo
*/
static NTSTATUS dcesrv_samr_QueryAliasInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_QueryAliasInfo *r)
}
-/*
- samr_SetAliasInfo
+/*
+ samr_SetAliasInfo
*/
static NTSTATUS dcesrv_samr_SetAliasInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_SetAliasInfo *r)
}
-/*
- samr_DeleteDomAlias
+/*
+ samr_DeleteDomAlias
*/
static NTSTATUS dcesrv_samr_DeleteDomAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_DeleteDomAlias *r)
}
-/*
- samr_AddAliasMember
+/*
+ samr_AddAliasMember
*/
static NTSTATUS dcesrv_samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_AddAliasMember *r)
d_state = a_state->domain_state;
ret = gendb_search(d_state->sam_ctx, mem_ctx, NULL,
- &msgs, attrs, "(objectsid=%s)",
+ &msgs, attrs, "(objectsid=%s)",
ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
if (ret == 1) {
}
-/*
- samr_DeleteAliasMember
+/*
+ samr_DeleteAliasMember
*/
static NTSTATUS dcesrv_samr_DeleteAliasMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_DeleteAliasMember *r)
d_state = a_state->domain_state;
memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
- "distinguishedName", "(objectSid=%s)",
+ "distinguishedName", "(objectSid=%s)",
ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
if (memberdn == NULL) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
-/*
- samr_GetMembersInAlias
+/*
+ samr_GetMembersInAlias
*/
static NTSTATUS dcesrv_samr_GetMembersInAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_GetMembersInAlias *r)
return NT_STATUS_OK;
}
-/*
- samr_OpenUser
+/*
+ samr_OpenUser
*/
static NTSTATUS dcesrv_samr_OpenUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_OpenUser *r)
/* search for the user record */
ret = gendb_search(d_state->sam_ctx,
mem_ctx, d_state->domain_dn, &msgs, attrs,
- "(&(objectSid=%s)(objectclass=user))",
+ "(&(objectSid=%s)(objectclass=user))",
ldap_encode_ndr_dom_sid(mem_ctx, sid));
if (ret == 0) {
return NT_STATUS_NO_SUCH_USER;
}
if (ret != 1) {
- DEBUG(0,("Found %d records matching sid %s\n", ret,
+ DEBUG(0,("Found %d records matching sid %s\n", ret,
dom_sid_string(mem_ctx, sid)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
account_name = ldb_msg_find_attr_as_string(msgs[0], "sAMAccountName", NULL);
if (account_name == NULL) {
- DEBUG(0,("sAMAccountName field missing for sid %s\n",
+ DEBUG(0,("sAMAccountName field missing for sid %s\n",
dom_sid_string(mem_ctx, sid)));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
}
-/*
- samr_DeleteUser
+/*
+ samr_DeleteUser
*/
static NTSTATUS dcesrv_samr_DeleteUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_DeleteUser *r)
ret = ldb_delete(a_state->sam_ctx, a_state->account_dn);
if (ret != LDB_SUCCESS) {
- DEBUG(1, ("Failed to delete user: %s: %s\n",
- ldb_dn_get_linearized(a_state->account_dn),
+ DEBUG(1, ("Failed to delete user: %s: %s\n",
+ ldb_dn_get_linearized(a_state->account_dn),
ldb_errstring(a_state->sam_ctx)));
return NT_STATUS_UNSUCCESSFUL;
}
}
-/*
- samr_QueryUserInfo
+/*
+ samr_QueryUserInfo
*/
static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_QueryUserInfo *r)
}
case 5:
{
- static const char * const attrs2[] = {"sAMAccountName",
+ static const char * const attrs2[] = {"sAMAccountName",
"displayName",
"objectSid",
"primaryGroupID",
"homeDirectory",
"homeDrive",
- "scriptPath",
+ "scriptPath",
"profilePath",
"description",
"userWorkstations",
QUERY_UINT (msg, info21.country_code, "countryCode");
QUERY_UINT (msg, info21.code_page, "codePage");
break;
-
+
default:
talloc_free(info);
}
-/*
- samr_SetUserInfo
+/*
+ samr_SetUserInfo
*/
static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_SetUserInfo *r)
SET_UINT64(msg, info21.last_logoff, "lastLogoff");
IFSET(SAMR_FIELD_ACCT_EXPIRY)
SET_UINT64(msg, info21.acct_expiry, "accountExpires");
- IFSET(SAMR_FIELD_ACCOUNT_NAME)
+ IFSET(SAMR_FIELD_ACCOUNT_NAME)
SET_STRING(msg, info21.account_name, "samAccountName");
- IFSET(SAMR_FIELD_FULL_NAME)
+ IFSET(SAMR_FIELD_FULL_NAME)
SET_STRING(msg, info21.full_name, "displayName");
IFSET(SAMR_FIELD_HOME_DIRECTORY)
SET_STRING(msg, info21.home_directory, "homeDirectory");
SET_STRING(msg, info21.workstations, "userWorkstations");
IFSET(SAMR_FIELD_COMMENT)
SET_STRING(msg, info21.comment, "comment");
- IFSET(SAMR_FIELD_PARAMETERS)
+ IFSET(SAMR_FIELD_PARAMETERS)
SET_PARAMETERS(msg, info21.parameters, "userParameters");
IFSET(SAMR_FIELD_PRIMARY_GID)
SET_UINT(msg, info21.primary_gid, "primaryGroupID");
SET_UINT64(msg, info23.info.last_logoff, "lastLogoff");
IFSET(SAMR_FIELD_ACCT_EXPIRY)
SET_UINT64(msg, info23.info.acct_expiry, "accountExpires");
- IFSET(SAMR_FIELD_ACCOUNT_NAME)
+ IFSET(SAMR_FIELD_ACCOUNT_NAME)
SET_STRING(msg, info23.info.account_name, "samAccountName");
IFSET(SAMR_FIELD_FULL_NAME)
SET_STRING(msg, info23.info.full_name, "displayName");
SET_UINT64(msg, info25.info.last_logoff, "lastLogoff");
IFSET(SAMR_FIELD_ACCT_EXPIRY)
SET_UINT64(msg, info25.info.acct_expiry, "accountExpires");
- IFSET(SAMR_FIELD_ACCOUNT_NAME)
+ IFSET(SAMR_FIELD_ACCOUNT_NAME)
SET_STRING(msg, info25.info.account_name, "samAccountName");
IFSET(SAMR_FIELD_FULL_NAME)
SET_STRING(msg, info25.info.full_name, "displayName");
}
-/*
- samr_GetGroupsForUser
+/*
+ samr_GetGroupsForUser
*/
static NTSTATUS dcesrv_samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_GetGroupsForUser *r)
}
-/*
- samr_QueryDisplayInfo
+/*
+ samr_QueryDisplayInfo
*/
static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_QueryDisplayInfo *r)
switch(r->in.level) {
case 1:
entriesGeneral[count].idx = count + 1;
- entriesGeneral[count].rid =
+ entriesGeneral[count].rid =
objectsid->sub_auths[objectsid->num_auths-1];
entriesGeneral[count].acct_flags =
samdb_result_acct_flags(d_state->sam_ctx, mem_ctx,
- res[i],
+ res[i],
d_state->domain_dn);
entriesGeneral[count].account_name.string =
ldb_msg_find_attr_as_string(res[i],
/* No idea why we need to or in ACB_NORMAL here, but this is what Win2k3 seems to do... */
entriesFull[count].acct_flags =
samdb_result_acct_flags(d_state->sam_ctx, mem_ctx,
- res[i],
+ res[i],
d_state->domain_dn) | ACB_NORMAL;
entriesFull[count].account_name.string =
ldb_msg_find_attr_as_string(res[i], "sAMAccountName",
}
-/*
- samr_GetDisplayEnumerationIndex
+/*
+ samr_GetDisplayEnumerationIndex
*/
static NTSTATUS dcesrv_samr_GetDisplayEnumerationIndex(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_GetDisplayEnumerationIndex *r)
}
-/*
- samr_TestPrivateFunctionsDomain
+/*
+ samr_TestPrivateFunctionsDomain
*/
static NTSTATUS dcesrv_samr_TestPrivateFunctionsDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_TestPrivateFunctionsDomain *r)
}
-/*
- samr_TestPrivateFunctionsUser
+/*
+ samr_TestPrivateFunctionsUser
*/
static NTSTATUS dcesrv_samr_TestPrivateFunctionsUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_TestPrivateFunctionsUser *r)
}
-/*
- samr_GetUserPwInfo
+/*
+ samr_GetUserPwInfo
*/
static NTSTATUS dcesrv_samr_GetUserPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_GetUserPwInfo *r)
}
-/*
- samr_RemoveMemberFromForeignDomain
+/*
+ samr_RemoveMemberFromForeignDomain
*/
static NTSTATUS dcesrv_samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_RemoveMemberFromForeignDomain *r)
d_state = h->data;
memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
- "distinguishedName", "(objectSid=%s)",
+ "distinguishedName", "(objectSid=%s)",
ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
/* Nothing to do */
if (memberdn == NULL) {
}
-/*
- samr_QueryDomainInfo2
+/*
+ samr_QueryDomainInfo2
just an alias for samr_QueryDomainInfo
*/
r1.out.info = r->out.info;
status = dcesrv_samr_QueryDomainInfo(dce_call, mem_ctx, &r1);
-
+
return status;
}
-/*
- samr_QueryUserInfo2
+/*
+ samr_QueryUserInfo2
just an alias for samr_QueryUserInfo
*/
r1.in.user_handle = r->in.user_handle;
r1.in.level = r->in.level;
r1.out.info = r->out.info;
-
+
status = dcesrv_samr_QueryUserInfo(dce_call, mem_ctx, &r1);
return status;
}
-/*
- samr_QueryDisplayInfo2
+/*
+ samr_QueryDisplayInfo2
*/
static NTSTATUS dcesrv_samr_QueryDisplayInfo2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_QueryDisplayInfo2 *r)
}
-/*
- samr_GetDisplayEnumerationIndex2
+/*
+ samr_GetDisplayEnumerationIndex2
*/
static NTSTATUS dcesrv_samr_GetDisplayEnumerationIndex2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_GetDisplayEnumerationIndex2 *r)
}
-/*
- samr_QueryDisplayInfo3
+/*
+ samr_QueryDisplayInfo3
*/
static NTSTATUS dcesrv_samr_QueryDisplayInfo3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_QueryDisplayInfo3 *r)
}
-/*
- samr_AddMultipleMembersToAlias
+/*
+ samr_AddMultipleMembersToAlias
*/
static NTSTATUS dcesrv_samr_AddMultipleMembersToAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_AddMultipleMembersToAlias *r)
}
-/*
- samr_RemoveMultipleMembersFromAlias
+/*
+ samr_RemoveMultipleMembersFromAlias
*/
static NTSTATUS dcesrv_samr_RemoveMultipleMembersFromAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_RemoveMultipleMembersFromAlias *r)
}
-/*
- samr_GetDomPwInfo
+/*
+ samr_GetDomPwInfo
this fetches the default password properties for a domain
- note that w2k3 completely ignores the domain name in this call, and
+ note that w2k3 completely ignores the domain name in this call, and
always returns the information for the servers primary domain
*/
static NTSTATUS dcesrv_samr_GetDomPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
}
/* The domain name in this call is ignored */
- ret = gendb_search_dn(sam_ctx,
+ ret = gendb_search_dn(sam_ctx,
mem_ctx, NULL, &msgs, attrs);
if (ret <= 0) {
talloc_free(sam_ctx);
}
-/*
- samr_Connect2
+/*
+ samr_Connect2
*/
static NTSTATUS dcesrv_samr_Connect2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_Connect2 *r)
}
-/*
- samr_SetUserInfo2
+/*
+ samr_SetUserInfo2
just an alias for samr_SetUserInfo
*/
}
-/*
- samr_SetBootKeyInformation
+/*
+ samr_SetBootKeyInformation
*/
static NTSTATUS dcesrv_samr_SetBootKeyInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_SetBootKeyInformation *r)
}
-/*
- samr_GetBootKeyInformation
+/*
+ samr_GetBootKeyInformation
*/
static NTSTATUS dcesrv_samr_GetBootKeyInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_GetBootKeyInformation *r)
}
-/*
- samr_Connect3
+/*
+ samr_Connect3
*/
static NTSTATUS dcesrv_samr_Connect3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_Connect3 *r)
}
-/*
- samr_Connect4
+/*
+ samr_Connect4
*/
static NTSTATUS dcesrv_samr_Connect4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_Connect4 *r)
}
-/*
- samr_Connect5
+/*
+ samr_Connect5
*/
static NTSTATUS dcesrv_samr_Connect5(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_Connect5 *r)
}
-/*
- samr_RidToSid
+/*
+ samr_RidToSid
*/
static NTSTATUS dcesrv_samr_RidToSid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_RidToSid *r)
}
-/*
- samr_SetDsrmPassword
+/*
+ samr_SetDsrmPassword
*/
static NTSTATUS dcesrv_samr_SetDsrmPassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_SetDsrmPassword *r)
}
-/*
+/*
samr_ValidatePassword
For now the call checks the password complexity (if active) and the minimum
-/*
+/*
Unix SMB/CIFS implementation.
samr server password set/change handling
Copyright (C) Andrew Tridgell 2004
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "libcli/auth/libcli_auth.h"
#include "../lib/util/util_ldb.h"
-/*
- samr_ChangePasswordUser
+/*
+ samr_ChangePasswordUser
*/
-NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
+NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct samr_ChangePasswordUser *r)
{
if (memcmp(checkHash.hash, nt_pwd, 16) != 0) {
return NT_STATUS_WRONG_PASSWORD;
}
-
+
/* The NT Cross is not required by Win2k3 R2, but if present
check the nt cross hash */
if (r->in.cross1_present && r->in.nt_cross && lm_pwd) {
return NT_STATUS_OK;
}
-/*
- samr_OemChangePasswordUser2
+/*
+ samr_OemChangePasswordUser2
*/
NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
/* we need the users dn and the domain dn (derived from the
user SID). We also need the current lm password hash in
order to decrypt the incoming password */
- ret = gendb_search(sam_ctx,
+ ret = gendb_search(sam_ctx,
mem_ctx, NULL, &res, attrs,
"(&(sAMAccountName=%s)(objectclass=user))",
r->in.account->string);
}
/* decrypt the password we have been given */
- lm_pwd_blob = data_blob(lm_pwd->hash, sizeof(lm_pwd->hash));
+ lm_pwd_blob = data_blob(lm_pwd->hash, sizeof(lm_pwd->hash));
arcfour_crypt_blob(pwbuf->data, 516, &lm_pwd_blob);
data_blob_free(&lm_pwd_blob);
-
+
if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
DEBUG(3,("samr: failed to decode password buffer\n"));
return NT_STATUS_WRONG_PASSWORD;
}
-
+
if (!convert_string_talloc_convenience(mem_ctx, lpcfg_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
- CH_DOS, CH_UNIX,
- (const char *)new_password.data,
+ CH_DOS, CH_UNIX,
+ (const char *)new_password.data,
new_password.length,
(void **)&new_pass, NULL, false)) {
DEBUG(3,("samr: failed to convert incoming password buffer to unix charset\n"));
}
if (!convert_string_talloc_convenience(mem_ctx, lpcfg_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
- CH_DOS, CH_UTF16,
- (const char *)new_password.data,
+ CH_DOS, CH_UTF16,
+ (const char *)new_password.data,
new_password.length,
(void **)&new_unicode_password.data, &unicode_pw_len, false)) {
DEBUG(3,("samr: failed to convert incoming password buffer to UTF16 charset\n"));
* from the database since they were already checked against the user-
* provided ones. */
status = samdb_set_password(sam_ctx, mem_ctx,
- user_dn, NULL,
+ user_dn, NULL,
&new_unicode_password,
NULL, NULL,
lm_pwd, NULL, /* this is a user password change */
- NULL,
+ NULL,
NULL);
if (!NT_STATUS_IS_OK(status)) {
ldb_transaction_cancel(sam_ctx);
}
-/*
- samr_ChangePasswordUser3
+/*
+ samr_ChangePasswordUser3
*/
-NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
+NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct samr_ChangePasswordUser3 *r)
-{
+{
NTSTATUS status;
DATA_BLOB new_password;
struct ldb_context *sam_ctx = NULL;
/* we need the users dn and the domain dn (derived from the
user SID). We also need the current lm and nt password hashes
in order to decrypt the incoming passwords */
- ret = gendb_search(sam_ctx,
+ ret = gendb_search(sam_ctx,
mem_ctx, NULL, &res, attrs,
"(&(sAMAccountName=%s)(objectclass=user))",
r->in.account->string);
status = NT_STATUS_WRONG_PASSWORD;
goto failed;
}
-
+
if (r->in.nt_verifier == NULL) {
status = NT_STATUS_WRONG_PASSWORD;
goto failed;
if (lm_pwd && r->in.lm_verifier != NULL) {
char *new_pass;
if (!convert_string_talloc_convenience(mem_ctx, lpcfg_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
- CH_UTF16, CH_UNIX,
- (const char *)new_password.data,
+ CH_UTF16, CH_UNIX,
+ (const char *)new_password.data,
new_password.length,
(void **)&new_pass, NULL, false)) {
E_deshash(new_pass, new_lm_hash);
* from the database since they were already checked against the user-
* provided ones. */
status = samdb_set_password(sam_ctx, mem_ctx,
- user_dn, NULL,
+ user_dn, NULL,
&new_password,
NULL, NULL,
lm_pwd, nt_pwd, /* this is a user password change */
- &reason,
+ &reason,
&dominfo);
if (!NT_STATUS_IS_OK(status)) {
}
-/*
- samr_ChangePasswordUser2
+/*
+ samr_ChangePasswordUser2
easy - just a subset of samr_ChangePasswordUser3
*/
DEBUG(3,("samr: failed to decode password buffer\n"));
return NT_STATUS_WRONG_PASSWORD;
}
-
+
/* set the password - samdb needs to know both the domain and user DNs,
so the domain password policy can be used */
return samdb_set_password(sam_ctx, mem_ctx,
- account_dn, domain_dn,
+ account_dn, domain_dn,
&new_password,
NULL, NULL,
NULL, NULL, /* This is a password set, not change */
MD5Update(&ctx, &pwbuf->data[516], 16);
MD5Update(&ctx, session_key.data, session_key.length);
MD5Final(co_session_key.data, &ctx);
-
+
arcfour_crypt_blob(pwbuf->data, 516, &co_session_key);
if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
DEBUG(3,("samr: failed to decode password buffer\n"));
return NT_STATUS_WRONG_PASSWORD;
}
-
+
/* set the password - samdb needs to know both the domain and user DNs,
so the domain password policy can be used */
return samdb_set_password(sam_ctx, mem_ctx,
- account_dn, domain_dn,
+ account_dn, domain_dn,
&new_password,
NULL, NULL,
NULL, NULL, /* This is a password set, not change */