r873: converted samba4 to use real 64 bit integers instead of

[jra/samba/.git] / source4 / auth / auth_sam.c

diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index d7e4e9782681debf917d54694c517ef0975be195..549b5ab36271a0104728fa2cc2cc475faff1e283 100644 (file)
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -91,28 +91,28 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
 
        /* Test account expire time */
        
-       if (!nt_time_is_zero(acct_expiry) && time(NULL) > nt_time_to_unix(acct_expiry)) {
+       if ((*acct_expiry) != 0 && time(NULL) > nt_time_to_unix(*acct_expiry)) {
                DEBUG(1,("sam_account_ok: Account for user '%s' has expired.\n", username));
                DEBUG(3,("sam_account_ok: Account expired at '%s'.\n", 
-                        nt_time_string(mem_ctx, acct_expiry)));
+                        nt_time_string(mem_ctx, *acct_expiry)));
                return NT_STATUS_ACCOUNT_EXPIRED;
        }
 
        if (!(acct_flags & ACB_PWNOEXP)) {
 
                /* check for immediate expiry "must change at next logon" */
-               if (nt_time_is_zero(must_change_time) && !nt_time_is_zero(last_set_time)) {
+               if (*must_change_time == 0 && *last_set_time != 0) {
                        DEBUG(1,("sam_account_ok: Account for user '%s' password must change!.\n", 
                                 username));
                        return NT_STATUS_PASSWORD_MUST_CHANGE;
                }
 
                /* check for expired password */
-               if (!nt_time_is_zero(must_change_time) && nt_time_to_unix(must_change_time) < time(NULL)) {
+               if ((*must_change_time) != 0 && nt_time_to_unix(*must_change_time) < time(NULL)) {
                        DEBUG(1,("sam_account_ok: Account for user '%s' password expired!.\n", 
                                 username));
                        DEBUG(1,("sam_account_ok: Password expired at '%s' unix time.\n", 
-                                nt_time_string(mem_ctx, must_change_time)));
+                                nt_time_string(mem_ctx, *must_change_time)));
                        return NT_STATUS_PASSWORD_EXPIRED;
                }
        }
@@ -183,20 +183,15 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
        uint_t ret_domain;
 
        const char *domain_dn;
+       const char *domain_sid;
 
        NTSTATUS nt_status;
        DATA_BLOB user_sess_key = data_blob(NULL, 0);
        DATA_BLOB lm_sess_key = data_blob(NULL, 0);
-       const uint8 *lm_pwd, *nt_pwd;
-       const char *unicodePwd;
-       struct samr_Hash lmPwdHash_u, ntPwdHash_u;
-       struct samr_Hash *lmPwdHash, *ntPwdHash;
-       uint_t num_lm, num_nt;
-
-       struct dom_sid *domain_sid;
+       uint8 *lm_pwd, *nt_pwd;
 
        const char *attrs[] = {"unicodePwd", "lmPwdHash", "ntPwdHash", 
-                              "sAMAcctFlags", 
+                              "userAccountControl",
                               "pwdLastSet",
                               "accountExpires",
                               "objectSid",
@@ -204,7 +199,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
                               NULL,
        };
 
-       const char *domain_attrs[] =  {NULL};
+       const char *domain_attrs[] =  {"name"};
 
        if (!user_info || !auth_context) {
                return NT_STATUS_UNSUCCESSFUL;
@@ -232,28 +227,27 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
                return NT_STATUS_INTERNAL_DB_CORRUPTION;
        }
        
-       domain_sid = dom_sid_parse_talloc(mem_ctx, samdb_result_string(msgs[0], "objectSid", NULL));
+       domain_sid = samdb_result_sid_prefix(mem_ctx, msgs[0], "objectSid");
        if (!domain_sid) {
                samdb_close(sam_ctx);
                return NT_STATUS_INTERNAL_DB_CORRUPTION;
        }
 
-       sid_split_rid(domain_sid, NULL);
-
        /* find the domain's DN */
        ret_domain = samdb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs,
                           "(&(objectSid=%s)(objectclass=domain))", 
-                          dom_sid_string(mem_ctx, domain_sid));
+                          domain_sid);
 
        if (ret_domain == 0) {
                DEBUG(3,("check_sam_security: Couldn't find domain [%s] in passdb file.\n", 
-                        dom_sid_string(mem_ctx, domain_sid)));
+                        domain_sid));
                samdb_close(sam_ctx);
                return NT_STATUS_NO_SUCH_USER;
        }
 
        if (ret_domain > 1) {
-               DEBUG(1,("Found %d records matching domain [%s]\n", ret, dom_sid_string(mem_ctx, domain_sid)));
+               DEBUG(1,("Found %d records matching domain [%s]\n", 
+                        ret_domain, domain_sid));
                samdb_close(sam_ctx);
                return NT_STATUS_INTERNAL_DB_CORRUPTION;
        }
@@ -270,40 +264,9 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
                return NT_STATUS_ACCOUNT_LOCKED_OUT;
        }
 
-       unicodePwd = samdb_result_string(msgs[0], "unicodePwd", NULL);
-       
-       if (unicodePwd) {
-               BOOL lm_hash_ok;
-               /* compute the new nt and lm hashes */
-               lm_hash_ok = E_deshash(unicodePwd, lmPwdHash_u.hash);
-               E_md4hash(unicodePwd, ntPwdHash_u.hash);
-
-               if (lm_hash_ok) {
-                       lm_pwd = lmPwdHash_u.hash;
-               } else {
-                       lm_pwd = NULL;
-               }
-
-               nt_pwd = ntPwdHash_u.hash;
-               
-       } else {
-               num_lm = samdb_result_hashes(mem_ctx, msgs[0], "lmPwdHash", &lmPwdHash);
-               if (num_lm == 0) {
-                       lm_pwd = NULL;
-               } else if (num_lm > 1) {
-                       return NT_STATUS_INTERNAL_DB_CORRUPTION;
-               } else {
-                       lm_pwd = lmPwdHash[0].hash;
-               }
-               
-               num_nt = samdb_result_hashes(mem_ctx, msgs[0], "ntPwdHash", &ntPwdHash);
-               if (num_nt == 0) {
-                       nt_pwd = NULL;
-               } else if (num_nt > 1) {
-                       return NT_STATUS_INTERNAL_DB_CORRUPTION;
-               } else {
-                       nt_pwd = ntPwdHash[0].hash;
-               }
+       if (!NT_STATUS_IS_OK(nt_status = samdb_result_passwords(mem_ctx, msgs[0], 
+                                                               &lm_pwd, &nt_pwd))) {
+               return nt_status;
        }
 
        nt_status = sam_password_ok(auth_context, mem_ctx,