r25553: Convert to standard bool type.

[jelmer/samba4-debian.git] / source / rpc_server / samr / samr_password.c
diff --git a/source/rpc_server/samr/samr_password.c b/source/rpc_server/samr/samr_password.c

index 2d34d9afbf34d643de548da9d3d4714ba1c84430..28816c03f8e4659922b85035cfe317498327c119 100644 (file)
--- a/source/rpc_server/samr/samr_password.c
+++ b/source/rpc_server/samr/samr_password.c
@@ -8,7 +8,7 @@
     
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
+   the Free Software Foundation; either version 3 of the License, or
     (at your option) any later version.
     
     This program is distributed in the hope that it will be useful,
@@ -17,8 +17,7 @@
     GNU General Public License for more details.
     
     You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
  
  #include "includes.h"
@@ -27,7 +26,7 @@
  #include "rpc_server/samr/dcesrv_samr.h"
  #include "system/time.h"
  #include "lib/crypto/crypto.h"
-#include "ads.h"
+#include "dsdb/common/flags.h"
  #include "libcli/ldap/ldap.h"
  #include "dsdb/samdb/samdb.h"
  #include "auth/auth.h"
@@ -38,7 +37,7 @@
  /* 
    samr_ChangePasswordUser 
  */
-NTSTATUS samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                  struct samr_ChangePasswordUser *r)
  {
         struct dcesrv_handle *h;
@@ -49,7 +48,7 @@ NTSTATUS samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALLOC_CTX
         struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash;
         struct samr_Password *lm_pwd, *nt_pwd;
         NTSTATUS status = NT_STATUS_OK;
-       const char * const attrs[] = { "lmPwdHash", "ntPwdHash" , NULL };
+       const char * const attrs[] = { "dBCSPwd", "unicodePwd" , NULL };
  
         DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER);
  
@@ -63,12 +62,6 @@ NTSTATUS samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALLOC_CTX
                    present */
                 return NT_STATUS_INVALID_PARAMETER_MIX;
         }
-       if (!r->in.cross1_present || !r->in.nt_cross) {
-               return NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED;
-       }
-       if (!r->in.cross2_present || !r->in.lm_cross) {
-               return NT_STATUS_LM_CROSS_ENCRYPTION_REQUIRED;
-       }
  
         /* To change a password we need to open as system */
         sam_ctx = samdb_connect(mem_ctx, system_session(mem_ctx));
@@ -113,18 +106,24 @@ NTSTATUS samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALLOC_CTX
                 return NT_STATUS_WRONG_PASSWORD;
         }
         
-       /* check the nt cross hash */
-       D_P16(lm_pwd->hash, r->in.nt_cross->hash, checkHash.hash);
-       if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) != 0) {
-               ldb_transaction_cancel(sam_ctx);
-               return NT_STATUS_WRONG_PASSWORD;
+       /* The NT Cross is not required by Win2k3 R2, but if present
+          check the nt cross hash */
+       if (r->in.cross1_present && r->in.nt_cross) {
+               D_P16(lm_pwd->hash, r->in.nt_cross->hash, checkHash.hash);
+               if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) != 0) {
+                       ldb_transaction_cancel(sam_ctx);
+                       return NT_STATUS_WRONG_PASSWORD;
+               }
         }
  
-       /* check the lm cross hash */
-       D_P16(nt_pwd->hash, r->in.lm_cross->hash, checkHash.hash);
-       if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) != 0) {
-               ldb_transaction_cancel(sam_ctx);
-               return NT_STATUS_WRONG_PASSWORD;
+       /* The LM Cross is not required by Win2k3 R2, but if present
+          check the lm cross hash */
+       if (r->in.cross2_present && r->in.lm_cross) {
+               D_P16(nt_pwd->hash, r->in.lm_cross->hash, checkHash.hash);
+               if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) != 0) {
+                       ldb_transaction_cancel(sam_ctx);
+                       return NT_STATUS_WRONG_PASSWORD;
+               }
         }
  
         msg = ldb_msg_new(mem_ctx);
@@ -139,13 +138,12 @@ NTSTATUS samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALLOC_CTX
                 return NT_STATUS_NO_MEMORY;
         }
  
-       /* set the password on the user DN specified.  This may fail
-        * due to password policies */
+       /* setup password modify mods on the user DN specified.  This may fail
+        * due to password policies.  */
         status = samdb_set_password(sam_ctx, mem_ctx,
                                     a_state->account_dn, a_state->domain_state->domain_dn,
                                     msg, NULL, &new_lmPwdHash, &new_ntPwdHash, 
-                                   True, /* this is a user password change */
-                                   True, /* run restriction tests */
+                                   true, /* this is a user password change */
                                     NULL,
                                     NULL);
         if (!NT_STATUS_IS_OK(status)) {
@@ -158,7 +156,7 @@ NTSTATUS samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALLOC_CTX
         ret = samdb_replace(sam_ctx, mem_ctx, msg);
         if (ret != 0) {
                 DEBUG(2,("Failed to modify record to change password on %s: %s\n",
-                        ldb_dn_linearize(mem_ctx, a_state->account_dn),
+                        ldb_dn_get_linearized(a_state->account_dn),
                          ldb_errstring(sam_ctx)));
                 ldb_transaction_cancel(sam_ctx);
                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -168,7 +166,7 @@ NTSTATUS samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALLOC_CTX
         ret = ldb_transaction_commit(sam_ctx);
         if (ret != 0) {
                 DEBUG(1,("Failed to commit transaction to change password on %s: %s\n",
-                        ldb_dn_linearize(mem_ctx, a_state->account_dn),
+                        ldb_dn_get_linearized(a_state->account_dn),
                          ldb_errstring(sam_ctx)));
                 return NT_STATUS_TRANSACTION_ABORTED;
         }
@@ -179,7 +177,7 @@ NTSTATUS samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALLOC_CTX
  /* 
    samr_OemChangePasswordUser2 
  */
-NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                      struct samr_OemChangePasswordUser2 *r)
  {
         NTSTATUS status;
@@ -187,17 +185,21 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_
         uint32_t new_pass_len;
         struct samr_CryptPassword *pwbuf = r->in.password;
         struct ldb_context *sam_ctx;
-       const struct ldb_dn *user_dn;
+       struct ldb_dn *user_dn;
         int ret;
         struct ldb_message **res, *mod;
-       const char * const attrs[] = { "objectSid", "lmPwdHash", NULL };
+       const char * const attrs[] = { "objectSid", "dBCSPwd", NULL };
         struct samr_Password *lm_pwd;
         DATA_BLOB lm_pwd_blob;
         uint8_t new_lm_hash[16];
         struct samr_Password lm_verifier;
  
         if (pwbuf == NULL) {
-               return NT_STATUS_WRONG_PASSWORD;
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
+       if (r->in.hash == NULL) {
+               return NT_STATUS_INVALID_PARAMETER;
         }
  
         /* To change a password we need to open as system */
@@ -246,7 +248,7 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_
         }
  
         /* check LM verifier */
-       if (lm_pwd == NULL || r->in.hash == NULL) {
+       if (lm_pwd == NULL) {
                 ldb_transaction_cancel(sam_ctx);
                 return NT_STATUS_WRONG_PASSWORD;
         }
@@ -276,8 +278,7 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_
                                     user_dn, NULL, 
                                     mod, new_pass, 
                                     NULL, NULL,
-                                   True, /* this is a user password change */
-                                   True, /* run restriction tests */
+                                   true, /* this is a user password change */
                                     NULL, 
                                     NULL);
         if (!NT_STATUS_IS_OK(status)) {
@@ -290,7 +291,7 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_
         ret = samdb_replace(sam_ctx, mem_ctx, mod);
         if (ret != 0) {
                 DEBUG(2,("Failed to modify record to change password on %s: %s\n",
-                        ldb_dn_linearize(mem_ctx, user_dn),
+                        ldb_dn_get_linearized(user_dn),
                          ldb_errstring(sam_ctx)));
                 ldb_transaction_cancel(sam_ctx);
                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -300,7 +301,7 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_
         ret = ldb_transaction_commit(sam_ctx);
         if (ret != 0) {
                 DEBUG(1,("Failed to commit transaction to change password on %s: %s\n",
-                        ldb_dn_linearize(mem_ctx, user_dn),
+                        ldb_dn_get_linearized(user_dn),
                          ldb_errstring(sam_ctx)));
                 return NT_STATUS_TRANSACTION_ABORTED;
         }
@@ -312,7 +313,7 @@ NTSTATUS samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_
  /* 
    samr_ChangePasswordUser3 
  */
-NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, 
+NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, 
                                   TALLOC_CTX *mem_ctx,
                                   struct samr_ChangePasswordUser3 *r)
  {      
@@ -320,10 +321,10 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
         char new_pass[512];
         uint32_t new_pass_len;
         struct ldb_context *sam_ctx = NULL;
-       const struct ldb_dn *user_dn;
+       struct ldb_dn *user_dn;
         int ret;
         struct ldb_message **res, *mod;
-       const char * const attrs[] = { "ntPwdHash", "lmPwdHash", NULL };
+       const char * const attrs[] = { "unicodePwd", "dBCSPwd", NULL };
         struct samr_Password *nt_pwd, *lm_pwd;
         DATA_BLOB nt_pwd_blob;
         struct samr_DomInfo1 *dominfo = NULL;
@@ -430,8 +431,7 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
                                     user_dn, NULL, 
                                     mod, new_pass, 
                                     NULL, NULL,
-                                   True, /* this is a user password change */
-                                   True, /* run restriction tests */
+                                   true, /* this is a user password change */
                                     &reason, 
                                     &dominfo);
         if (!NT_STATUS_IS_OK(status)) {
@@ -443,7 +443,7 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
         ret = samdb_replace(sam_ctx, mem_ctx, mod);
         if (ret != 0) {
                 DEBUG(2,("samdb_replace failed to change password for %s: %s\n",
-                        ldb_dn_linearize(mem_ctx, user_dn),
+                        ldb_dn_get_linearized(user_dn),
                          ldb_errstring(sam_ctx)));
                 status = NT_STATUS_UNSUCCESSFUL;
                 goto failed;
@@ -453,7 +453,7 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
         ret = ldb_transaction_commit(sam_ctx);
         if (ret != 0) {
                 DEBUG(1,("Failed to commit transaction to change password on %s: %s\n",
-                        ldb_dn_linearize(mem_ctx, user_dn),
+                        ldb_dn_get_linearized(user_dn),
                          ldb_errstring(sam_ctx)));
                 status = NT_STATUS_TRANSACTION_ABORTED;
                 goto failed;
@@ -485,7 +485,7 @@ failed:
  
    easy - just a subset of samr_ChangePasswordUser3
  */
-NTSTATUS samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+NTSTATUS dcesrv_samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                   struct samr_ChangePasswordUser2 *r)
  {
         struct samr_ChangePasswordUser3 r2;
@@ -499,7 +499,7 @@ NTSTATUS samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX
         r2.in.lm_verifier = r->in.lm_verifier;
         r2.in.password3 = NULL;
  
-       return samr_ChangePasswordUser3(dce_call, mem_ctx, &r2);
+       return dcesrv_samr_ChangePasswordUser3(dce_call, mem_ctx, &r2);
  }
  
  
@@ -510,7 +510,7 @@ NTSTATUS samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX
  */
  NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
                            void *sam_ctx,
-                          const struct ldb_dn *account_dn, const struct ldb_dn *domain_dn,
+                          struct ldb_dn *account_dn, struct ldb_dn *domain_dn,
                            TALLOC_CTX *mem_ctx,
                            struct ldb_message *msg, 
                            struct samr_CryptPassword *pwbuf)
@@ -539,8 +539,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
                                   account_dn, domain_dn, 
                                   msg, new_pass, 
                                   NULL, NULL,
-                                 False, /* This is a password set, not change */
-                                 True, /* run restriction tests */
+                                 false, /* This is a password set, not change */
                                   NULL, NULL);
  }
  
@@ -552,7 +551,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
  */
  NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
                               struct ldb_context *sam_ctx,
-                             const struct ldb_dn *account_dn, const struct ldb_dn *domain_dn,
+                             struct ldb_dn *account_dn, struct ldb_dn *domain_dn,
                               TALLOC_CTX *mem_ctx,
                               struct ldb_message *msg, 
                               struct samr_CryptPasswordEx *pwbuf)
@@ -593,8 +592,7 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
                                   account_dn, domain_dn, 
                                   msg, new_pass, 
                                   NULL, NULL,
-                                 False, /* This is a password set, not change */
-                                 True, /* run restriction tests */
+                                 false, /* This is a password set, not change */
                                   NULL, NULL);
  }