}
acct_expiry = samdb_result_nttime(msgs[0], "accountExpires", 0);
- must_change_time = samdb_result_force_pwd_change(sam_ctx, mem_ctx,
- domain_dn, msgs[0], "pwdLastSet");
+ must_change_time = samdb_result_force_password_change(sam_ctx, mem_ctx,
+ domain_dn, msgs[0],
+ "pwdLastSet");
last_set_time = samdb_result_nttime(msgs[0], "pwdLastSet", 0);
workstation_list = samdb_result_string(msgs[0], "userWorkstations", NULL);
WERROR netr_LogonUasLogon(
[in] unistr *server_name,
- [in] unistr username,
+ [in] unistr account_name,
[in] unistr workstation,
[out] netr_UasInfo *info
);
WERROR netr_LogonUasLogoff(
[in] unistr *server_name,
- [in] unistr username,
+ [in] unistr account_name,
[in] unistr workstation,
[out] netr_UasLogoffInfo info
);
uint32 parameter_control;
uint32 logon_id_low;
uint32 logon_id_high;
- netr_String username;
+ netr_String account_name;
netr_String workstation;
} netr_IdentityInfo;
NTTIME logon_time;
NTTIME logoff_time;
NTTIME kickoff_time;
- NTTIME passwd_last_set;
- NTTIME passwd_can_change;
- NTTIME passwd_must_change;
+ NTTIME password_last_set;
+ NTTIME password_can_change;
+ NTTIME password_must_change;
netr_String account_name;
netr_String full_name;
netr_String logon_script;
netr_String profile_path;
- netr_String home_dir;
+ netr_String home_directory;
netr_String home_drive;
uint16 logon_count;
- uint16 bad_passwd_count;
- uint32 userid;
- uint32 primary_group;
+ uint16 bad_password_count;
+ uint32 rid;
+ uint32 primary_gid;
uint32 group_count;
[size_is(group_count)] netr_GroupMembership *groupids;
uint32 user_flags;
NTTIME logon_time;
NTTIME logoff_time;
NTTIME kickoff_time;
- NTTIME passwd_last_set;
- NTTIME passwd_can_change;
- NTTIME passwd_must_change;
+ NTTIME password_last_set;
+ NTTIME password_can_change;
+ NTTIME password_must_change;
netr_String account_name;
netr_String full_name;
netr_String logon_script;
netr_String profile_path;
- netr_String home_dir;
+ netr_String home_directory;
netr_String home_drive;
uint16 logon_count;
- uint16 bad_passwd_count;
- uint32 userid;
- uint32 primary_group;
+ uint16 bad_password_count;
+ uint32 rid;
+ uint32 primary_gid;
uint32 group_count;
[size_is(group_count)] netr_GroupMembership *groupids;
uint32 user_flags;
NTSTATUS netr_ServerAuthenticate(
[in] unistr *server_name,
- [in] unistr username,
+ [in] unistr account_name,
[in] uint16 secure_channel_type,
[in] unistr computer_name,
[in,out,ref] netr_Credential *credentials
NTSTATUS netr_ServerPasswordSet(
[in] unistr *server_name,
- [in] unistr username,
+ [in] unistr account_name,
[in] uint16 secure_channel_type,
[in] unistr computer_name,
[in] netr_Authenticator credential,
/* Function 0x07 */
typedef struct {
- unistr *username;
+ unistr *account_name;
netr_String unknown1;
netr_String unknown2;
netr_String unknown3;
netr_String DomainName;
netr_String OEMInfo;
NTTIME forcedlogoff;
- uint16 minpasswdlen;
- uint16 passwdhistorylen;
- uint64 pwd_must_change_time;
- uint64 pwd_can_change_time;
+ uint16 min_password_len;
+ uint16 password_history_len;
+ uint64 password_must_change_time;
+ uint64 password_can_change_time;
uint64 sequence_num;
NTTIME domain_create_time;
uint32 SecurityInformation;
NTSTATUS netr_ServerAuthenticate2(
[in] unistr *server_name,
- [in] unistr username,
+ [in] unistr account_name,
[in] uint16 secure_channel_type,
[in] unistr computer_name,
[in,out,ref] netr_Credential *credentials,
/* Function 0x1a */
NTSTATUS netr_ServerAuthenticate3(
[in] unistr *server_name,
- [in] unistr username,
+ [in] unistr account_name,
[in] uint16 secure_channel_type,
[in] unistr computer_name,
[in,out,ref] netr_Credential *credentials,
} samr_Role;
typedef struct {
- uint16 min_pwd_len;
+ uint16 min_password_len;
uint16 password_history;
uint32 password_properties;
/* yes, these are signed. They are in negative 100ns */
/* Function 0x0c */
NTSTATUS samr_CreateUser(
[in,ref] policy_handle *handle,
- [in,ref] samr_Name *username,
+ [in,ref] samr_Name *account_name,
[in] uint32 access_mask,
[out,ref] policy_handle *acct_handle,
[out,ref] uint32 *rid
/************************/
/* Function 0x24 */
typedef struct {
- samr_Name username;
+ samr_Name account_name;
samr_Name full_name;
uint32 primary_gid;
samr_Name description;
} samr_UserInfo2;
typedef struct {
- samr_Name username;
+ samr_Name account_name;
samr_Name full_name;
uint32 rid;
uint32 primary_gid;
samr_Name home_directory;
samr_Name home_drive;
samr_Name logon_script;
- samr_Name profile;
+ samr_Name profile_path;
samr_Name workstations;
NTTIME last_logon;
NTTIME last_logoff;
- NTTIME last_pwd_change;
- NTTIME allow_pwd_change;
- NTTIME force_pwd_change;
+ NTTIME last_password_change;
+ NTTIME allow_password_change;
+ NTTIME force_password_change;
samr_LogonHours logon_hours;
- uint16 bad_pwd_count;
+ uint16 bad_password_count;
uint16 num_logons;
uint32 acct_flags;
} samr_UserInfo3;
} samr_UserInfo4;
typedef struct {
- samr_Name username;
+ samr_Name account_name;
samr_Name full_name;
uint32 rid;
uint32 primary_gid;
samr_Name home_directory;
samr_Name home_drive;
samr_Name logon_script;
- samr_Name profile;
+ samr_Name profile_path;
samr_Name description;
samr_Name workstations;
NTTIME last_logon;
NTTIME last_logoff;
samr_LogonHours logon_hours;
- uint16 bad_pwd_count;
+ uint16 bad_password_count;
uint16 num_logons;
- NTTIME last_pwd_change;
+ NTTIME last_password_change;
NTTIME acct_expiry;
uint32 acct_flags;
} samr_UserInfo5;
typedef struct {
- samr_Name username;
+ samr_Name account_name;
samr_Name full_name;
} samr_UserInfo6;
typedef struct {
- samr_Name username;
+ samr_Name account_name;
} samr_UserInfo7;
typedef struct {
} samr_UserInfo11;
typedef struct {
- samr_Name profile;
+ samr_Name profile_path;
} samr_UserInfo12;
typedef struct {
const int SAMR_FIELD_DESCRIPTION = 0x00000010;
const int SAMR_FIELD_COMMENT = 0x00000020;
const int SAMR_FIELD_LOGON_SCRIPT = 0x00000100;
- const int SAMR_FIELD_PROFILE = 0x00000200;
+ const int SAMR_FIELD_PROFILE_PATH = 0x00000200;
const int SAMR_FIELD_WORKSTATION = 0x00000400;
const int SAMR_FIELD_LOGON_HOURS = 0x00002000;
const int SAMR_FIELD_CALLBACK = 0x00200000;
typedef struct {
NTTIME last_logon;
NTTIME last_logoff;
- NTTIME last_pwd_change;
+ NTTIME last_password_change;
NTTIME acct_expiry;
- NTTIME allow_pwd_change;
- NTTIME force_pwd_change;
- samr_Name username;
+ NTTIME allow_password_change;
+ NTTIME force_password_change;
+ samr_Name account_name;
samr_Name full_name;
samr_Name home_directory;
samr_Name home_drive;
samr_Name logon_script;
- samr_Name profile;
+ samr_Name profile_path;
samr_Name description;
samr_Name workstations;
samr_Name comment;
uint32 acct_flags;
uint32 fields_present;
samr_LogonHours logon_hours;
- uint16 bad_pwd_count;
+ uint16 bad_password_count;
uint16 num_logons;
uint16 country_code;
uint16 code_page;
- uint8 nt_pwd_set;
- uint8 lm_pwd_set;
+ uint8 nt_password_set;
+ uint8 lm_password_set;
uint8 expired_flag;
uint8 unknown4;
} samr_UserInfo21;
const uint32 DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020;
typedef struct {
- uint16 min_pwd_len;
+ uint16 min_password_len;
uint32 password_properties;
} samr_PwInfo;
/* Function 0x32 */
NTSTATUS samr_CreateUser2(
[in,ref] policy_handle *handle,
- [in,ref] samr_Name *username,
+ [in,ref] samr_Name *account_name,
[in] uint32 acct_flags,
[in] uint32 access_mask,
[out,ref] policy_handle *acct_handle,
negotiate_flags);
a.in.server_name = r.in.server_name;
- a.in.username = talloc_asprintf(p->mem_ctx, "%s$", workstation);
+ a.in.account_name = talloc_asprintf(p->mem_ctx, "%s$", workstation);
a.in.secure_channel_type = chan_type;
a.in.computer_name = workstation;
a.in.negotiate_flags = &negotiate_flags;
#define DCESRV_INTERFACE_NETLOGON_BIND netlogon_bind
#define DCESRV_INTERFACE_NETLOGON_UNBIND netlogon_unbind
-/*
- netr_ServerReqChallenge
-
- NTSTATUS netr_ServerReqChallenge(
- [in] unistr *server_name,
- [in] unistr computer_name,
- [in,out,ref] netr_Credential *credentials
- );
-
-*/
static NTSTATUS netr_ServerReqChallenge(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_ServerReqChallenge *r)
{
return NT_STATUS_OK;
}
-
-/*
- netr_ServerAuthenticate
-
- secure channel types:
-
- const int SEC_CHAN_WKSTA = 2;
- const int SEC_CHAN_DOMAIN = 4;
- const int SEC_CHAN_BDC = 6;
-
- NTSTATUS netr_ServerAuthenticate3(
- [in] unistr *server_name,
- [in] unistr username,
- [in] uint16 secure_channel_type,
- [in] unistr computer_name,
- [in,out,ref] netr_Credential *credentials
- [in,out,ref] uint32 *negotiate_flags,
- [out,ref] uint32 *rid
- );
-*/
static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_ServerAuthenticate3 *r)
{
struct server_pipe_state *pipe_state = dce_call->conn->private;
void *sam_ctx;
- uint8_t *mach_pwd;
+ struct samr_Password *mach_pwd;
uint16_t acct_flags;
int num_records;
struct ldb_message **msgs;
/* pull the user attributes */
num_records = samdb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
"(&(sAMAccountName=%s)(objectclass=user))",
- r->in.username);
+ r->in.account_name);
if (num_records == 0) {
DEBUG(3,("Couldn't find user [%s] in samdb.\n",
- r->in.username));
+ r->in.account_name));
samdb_close(sam_ctx);
return NT_STATUS_NO_SUCH_USER;
}
if (num_records > 1) {
- DEBUG(1,("Found %d records matching user [%s]\n", num_records, r->in.username));
+ DEBUG(1,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
samdb_close(sam_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
"userAccountControl");
if (acct_flags & ACB_DISABLED) {
- DEBUG(1, ("Account [%s] is disabled\n", r->in.username));
+ DEBUG(1, ("Account [%s] is disabled\n", r->in.account_name));
return NT_STATUS_ACCESS_DENIED;
}
talloc_free(pipe_state->mem_ctx, pipe_state->account_name);
}
- pipe_state->account_name = talloc_strdup(pipe_state->mem_ctx, r->in.username);
+ pipe_state->account_name = talloc_strdup(pipe_state->mem_ctx, r->in.account_name);
if (pipe_state->computer_name) {
/* We don't want a memory leak on this long-lived talloc context */
uint32 negotiate_flags, rid;
r3.in.server_name = r->in.server_name;
- r3.in.username = r->in.username;
+ r3.in.account_name = r->in.account_name;
r3.in.secure_channel_type = r->in.secure_channel_type;
r3.in.computer_name = r->in.computer_name;
r3.in.credentials = r->in.credentials;
uint32 rid;
r3.in.server_name = r->in.server_name;
- r3.in.username = r->in.username;
+ r3.in.account_name = r->in.account_name;
r3.in.secure_channel_type = r->in.secure_channel_type;
r3.in.computer_name = r->in.computer_name;
r3.in.credentials = r->in.credentials;
return_authenticator);
}
-/*
- netr_ServerPasswordSet
-
- NTSTATUS netr_ServerPasswordSet(
- [in] unistr *server_name,
- [in] unistr username,
- [in] uint16 secure_channel_type,
- [in] unistr computer_name,
- [in] netr_Authenticator credential,
- [in] netr_Password new_password,
- [out] netr_Authenticator return_authenticator
- );
-*/
static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_ServerPasswordSet *r)
{
const char *name;
struct ldb_message msg;
uint32_t rid;
- const char *username, *sidstr;
+ const char *account_name, *sidstr;
time_t now = time(NULL);
TALLOC_CTX *mem_ctx2;
struct dcesrv_handle *u_handle;
d_state = h->data;
- username = r->in.username->name;
+ account_name = r->in.account_name->name;
- if (username == NULL) {
+ if (account_name == NULL) {
return NT_STATUS_INVALID_PARAMETER;
}
/* check if the user already exists */
name = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
"sAMAccountName",
- "(&(sAMAccountName=%s)(objectclass=user))", username);
+ "(&(sAMAccountName=%s)(objectclass=user))", account_name);
if (name != NULL) {
return NT_STATUS_USER_EXISTS;
}
}
/* add core elements to the ldb_message for the user */
- msg.dn = talloc_asprintf(mem_ctx, "CN=%s,CN=%s,%s", username, container, d_state->domain_dn);
+ msg.dn = talloc_asprintf(mem_ctx, "CN=%s,CN=%s,%s", account_name, container, d_state->domain_dn);
if (!msg.dn) {
return NT_STATUS_NO_MEMORY;
}
- samdb_msg_add_string(d_state->sam_ctx, mem_ctx, &msg, "name", username);
- samdb_msg_add_string(d_state->sam_ctx, mem_ctx, &msg, "cn", username);
- samdb_msg_add_string(d_state->sam_ctx, mem_ctx, &msg, "sAMAccountName", username);
+ samdb_msg_add_string(d_state->sam_ctx, mem_ctx, &msg, "name", account_name);
+ samdb_msg_add_string(d_state->sam_ctx, mem_ctx, &msg, "cn", account_name);
+ samdb_msg_add_string(d_state->sam_ctx, mem_ctx, &msg, "sAMAccountName", account_name);
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, &msg, "objectClass", "user");
if (additional_class) {
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, &msg, "objectClass", additional_class);
}
/* create user state and new policy handle */
- mem_ctx2 = talloc_init("CreateUser(%s)", username);
+ mem_ctx2 = talloc_init("CreateUser(%s)", account_name);
if (!mem_ctx2) {
return NT_STATUS_NO_MEMORY;
}
a_state->domain_state = d_state;
a_state->account_dn = talloc_steal(mem_ctx, mem_ctx2, msg.dn);
a_state->account_sid = talloc_strdup(mem_ctx2, sidstr);
- a_state->account_name = talloc_strdup(mem_ctx2, username);
+ a_state->account_name = talloc_strdup(mem_ctx2, account_name);
if (!a_state->account_name || !a_state->account_sid) {
return NT_STATUS_NO_MEMORY;
}
/* a simple wrapper around samr_CreateUser2 works nicely */
r2.in.handle = r->in.handle;
- r2.in.username = r->in.username;
+ r2.in.account_name = r->in.account_name;
r2.in.acct_flags = ACB_NORMAL;
r2.in.access_mask = r->in.access_mask;
r2.out.acct_handle = r->out.acct_handle;
#define QUERY_NTTIME(msg, field, attr) \
r->out.info->field = samdb_result_nttime(msg, attr, 0);
#define QUERY_APASSC(msg, field, attr) \
- r->out.info->field = samdb_result_allow_pwd_change(a_state->sam_ctx, mem_ctx, \
+ r->out.info->field = samdb_result_allow_password_change(a_state->sam_ctx, mem_ctx, \
a_state->domain_state->domain_dn, msg, attr);
#define QUERY_FPASSC(msg, field, attr) \
- r->out.info->field = samdb_result_force_pwd_change(a_state->sam_ctx, mem_ctx, \
+ r->out.info->field = samdb_result_force_password_change(a_state->sam_ctx, mem_ctx, \
a_state->domain_state->domain_dn, msg, attr);
#define QUERY_LHOURS(msg, field, attr) \
r->out.info->field = samdb_result_logon_hours(mem_ctx, msg, attr);
struct samr_domain_state *d_state;
struct samr_account_state *a_state;
struct dcesrv_handle *h;
- const char *username, *sidstr;
+ const char *account_name, *sidstr;
TALLOC_CTX *mem_ctx2;
struct ldb_message **msgs;
struct dcesrv_handle *u_handle;
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- username = samdb_result_string(msgs[0], "sAMAccountName", NULL);
- if (username == NULL) {
+ account_name = samdb_result_string(msgs[0], "sAMAccountName", NULL);
+ if (account_name == NULL) {
DEBUG(1,("sAMAccountName field missing for sid %s\n", sidstr));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
a_state->domain_state = d_state;
a_state->account_dn = talloc_steal(mem_ctx, mem_ctx2, msgs[0]->dn);
a_state->account_sid = talloc_strdup(mem_ctx2, sidstr);
- a_state->account_name = talloc_strdup(mem_ctx2, username);
+ a_state->account_name = talloc_strdup(mem_ctx2, account_name);
if (!a_state->account_name || !a_state->account_sid) {
return NT_STATUS_NO_MEMORY;
}
/* fill in the reply */
switch (r->in.level) {
case 1:
- QUERY_STRING(msg, info1.username.name, "sAMAccountName");
+ QUERY_STRING(msg, info1.account_name.name,"sAMAccountName");
QUERY_STRING(msg, info1.full_name.name, "displayName");
QUERY_UINT (msg, info1.primary_gid, "primaryGroupID");
QUERY_STRING(msg, info1.description.name, "description");
break;
case 3:
- QUERY_STRING(msg, info3.username.name, "sAMAccountName");
+ QUERY_STRING(msg, info3.account_name.name, "sAMAccountName");
QUERY_STRING(msg, info3.full_name.name, "displayName");
QUERY_RID (msg, info3.rid, "objectSid");
QUERY_UINT (msg, info3.primary_gid, "primaryGroupID");
QUERY_STRING(msg, info3.home_directory.name, "homeDirectory");
QUERY_STRING(msg, info3.home_drive.name, "homeDrive");
QUERY_STRING(msg, info3.logon_script.name, "scriptPath");
- QUERY_STRING(msg, info3.profile.name, "profilePath");
+ QUERY_STRING(msg, info3.profile_path.name, "profilePath");
QUERY_STRING(msg, info3.workstations.name, "userWorkstations");
QUERY_NTTIME(msg, info3.last_logon, "lastLogon");
QUERY_NTTIME(msg, info3.last_logoff, "lastLogoff");
- QUERY_NTTIME(msg, info3.last_pwd_change, "pwdLastSet");
- QUERY_APASSC(msg, info3.allow_pwd_change, "pwdLastSet");
- QUERY_FPASSC(msg, info3.force_pwd_change, "pwdLastSet");
+ QUERY_NTTIME(msg, info3.last_password_change,"pwdLastSet");
+ QUERY_APASSC(msg, info3.allow_password_change,"pwdLastSet");
+ QUERY_FPASSC(msg, info3.force_password_change,"pwdLastSet");
QUERY_LHOURS(msg, info3.logon_hours, "logonHours");
- QUERY_UINT (msg, info3.bad_pwd_count, "badPwdCount");
+ QUERY_UINT (msg, info3.bad_password_count, "badPwdCount");
QUERY_UINT (msg, info3.num_logons, "logonCount");
QUERY_AFLAGS(msg, info3.acct_flags, "userAccountControl");
break;
break;
case 5:
- QUERY_STRING(msg, info5.username.name, "sAMAccountName");
+ QUERY_STRING(msg, info5.account_name.name, "sAMAccountName");
QUERY_STRING(msg, info5.full_name.name, "displayName");
QUERY_RID (msg, info5.rid, "objectSid");
QUERY_UINT (msg, info5.primary_gid, "primaryGroupID");
QUERY_STRING(msg, info5.home_directory.name, "homeDirectory");
QUERY_STRING(msg, info5.home_drive.name, "homeDrive");
QUERY_STRING(msg, info5.logon_script.name, "scriptPath");
- QUERY_STRING(msg, info5.profile.name, "profilePath");
+ QUERY_STRING(msg, info5.profile_path.name, "profilePath");
QUERY_STRING(msg, info5.description.name, "description");
QUERY_STRING(msg, info5.workstations.name, "userWorkstations");
QUERY_NTTIME(msg, info5.last_logon, "lastLogon");
QUERY_NTTIME(msg, info5.last_logoff, "lastLogoff");
QUERY_LHOURS(msg, info5.logon_hours, "logonHours");
- QUERY_UINT (msg, info5.bad_pwd_count, "badPwdCount");
+ QUERY_UINT (msg, info5.bad_password_count, "badPwdCount");
QUERY_UINT (msg, info5.num_logons, "logonCount");
- QUERY_NTTIME(msg, info5.last_pwd_change, "pwdLastSet");
+ QUERY_NTTIME(msg, info5.last_password_change,"pwdLastSet");
QUERY_NTTIME(msg, info5.acct_expiry, "accountExpires");
QUERY_AFLAGS(msg, info5.acct_flags, "userAccountControl");
break;
case 6:
- QUERY_STRING(msg, info6.username.name, "sAMAccountName");
+ QUERY_STRING(msg, info6.account_name.name, "sAMAccountName");
QUERY_STRING(msg, info6.full_name.name, "displayName");
break;
case 7:
- QUERY_STRING(msg, info7.username.name, "sAMAccountName");
+ QUERY_STRING(msg, info7.account_name.name, "sAMAccountName");
break;
case 8:
case 21:
QUERY_NTTIME(msg, info21.last_logon, "lastLogon");
QUERY_NTTIME(msg, info21.last_logoff, "lastLogoff");
- QUERY_NTTIME(msg, info21.last_pwd_change, "pwdLastSet");
+ QUERY_NTTIME(msg, info21.last_password_change, "pwdLastSet");
QUERY_NTTIME(msg, info21.acct_expiry, "accountExpires");
- QUERY_APASSC(msg, info21.allow_pwd_change, "pwdLastSet");
- QUERY_FPASSC(msg, info21.force_pwd_change, "pwdLastSet");
- QUERY_STRING(msg, info21.username.name, "sAMAccountName");
+ QUERY_APASSC(msg, info21.allow_password_change, "pwdLastSet");
+ QUERY_FPASSC(msg, info21.force_password_change, "pwdLastSet");
+ QUERY_STRING(msg, info21.account_name.name, "sAMAccountName");
QUERY_STRING(msg, info21.full_name.name, "displayName");
QUERY_STRING(msg, info21.home_directory.name, "homeDirectory");
QUERY_STRING(msg, info21.home_drive.name, "homeDrive");
QUERY_AFLAGS(msg, info21.acct_flags, "userAccountControl");
r->out.info->info21.fields_present = 0x00FFFFFF;
QUERY_LHOURS(msg, info21.logon_hours, "logonHours");
- QUERY_UINT (msg, info21.bad_pwd_count, "badPwdCount");
+ QUERY_UINT (msg, info21.bad_password_count, "badPwdCount");
QUERY_UINT (msg, info21.num_logons, "logonCount");
QUERY_UINT (msg, info21.country_code, "countryCode");
QUERY_UINT (msg, info21.code_page, "codePage");
a_state = h->data;
- r->out.info.min_pwd_len = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0, NULL, "minPwdLength",
+ r->out.info.min_password_len = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0, NULL, "minPwdLength",
"dn=%s", a_state->domain_state->domain_dn);
r->out.info.password_properties = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0, NULL, "pwdProperties",
"dn=%s", a_state->account_dn);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- r->out.info.min_pwd_len = samdb_result_uint(msgs[0], "minPwdLength", 0);
+ r->out.info.min_password_len = samdb_result_uint(msgs[0], "minPwdLength", 0);
r->out.info.password_properties = samdb_result_uint(msgs[0], "pwdProperties", 1);
samdb_search_free(sam_ctx, mem_ctx, msgs);
/*
- construct the allow_pwd_change field from the PwdLastSet attribute and the
+ construct the allow_password_change field from the PwdLastSet attribute and the
domain password settings
*/
-NTTIME samdb_result_allow_pwd_change(void *ctx, TALLOC_CTX *mem_ctx,
- const char *domain_dn, struct ldb_message *msg, const char *attr)
+NTTIME samdb_result_allow_password_change(void *ctx, TALLOC_CTX *mem_ctx,
+ const char *domain_dn,
+ struct ldb_message *msg,
+ const char *attr)
{
uint64_t attr_time = samdb_result_uint64(msg, attr, 0);
int64_t minPwdAge;
return 0;
}
- minPwdAge = samdb_search_int64(ctx, mem_ctx, 0, NULL, "minPwdAge", "dn=%s", domain_dn);
+ minPwdAge = samdb_search_int64(ctx, mem_ctx, 0, NULL,
+ "minPwdAge", "dn=%s", domain_dn);
/* yes, this is a -= not a += as minPwdAge is stored as the negative
of the number of 100-nano-seconds */
}
/*
- construct the force_pwd_change field from the PwdLastSet attribute and the
+ construct the force_password_change field from the PwdLastSet attribute and the
domain password settings
*/
-NTTIME samdb_result_force_pwd_change(void *ctx, TALLOC_CTX *mem_ctx,
- const char *domain_dn, struct ldb_message *msg, const char *attr)
+NTTIME samdb_result_force_password_change(void *ctx, TALLOC_CTX *mem_ctx,
+ const char *domain_dn,
+ struct ldb_message *msg,
+ const char *attr)
{
uint64_t attr_time = samdb_result_uint64(msg, attr, 0);
int64_t maxPwdAge;
return status;
}
- dominfo->min_pwd_len = samdb_result_uint (res[0], "minPwdLength", 0);
+ dominfo->min_password_len = samdb_result_uint (res[0], "minPwdLength", 0);
dominfo->password_properties = samdb_result_uint (res[0], "pwdProperties", 0);
dominfo->password_history = samdb_result_uint (res[0], "pwdHistoryLength", 0);
dominfo->max_password_age = samdb_result_int64(res[0], "maxPwdAge", 0);
again:
name.name = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
r.in.handle = &domain_handle;
- r.in.username = &name;
+ r.in.account_name = &name;
r.in.acct_flags = ACB_SVRTRUST;
r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
r.out.acct_handle = &join.acct_handle;
status = dcerpc_samr_GetUserPwInfo(join.p, mem_ctx, &pwp);
if (NT_STATUS_IS_OK(status)) {
- policy_min_pw_len = pwp.out.info.min_pwd_len;
+ policy_min_pw_len = pwp.out.info.min_password_len;
}
join.machine_password = generate_random_str(mem_ctx, MAX(8, policy_min_pw_len));
struct netr_LogonUasLogon r;
r.in.server_name = NULL;
- r.in.username = lp_parm_string(-1, "torture", "username");
+ r.in.account_name = lp_parm_string(-1, "torture", "username");
r.in.workstation = TEST_MACHINE_NAME;
printf("Testing LogonUasLogon\n");
struct netr_LogonUasLogoff r;
r.in.server_name = NULL;
- r.in.username = lp_parm_string(-1, "torture", "username");
+ r.in.account_name = lp_parm_string(-1, "torture", "username");
r.in.workstation = TEST_MACHINE_NAME;
printf("Testing LogonUasLogoff\n");
struct netr_ServerAuthenticate a;
struct netr_Credential credentials1, credentials2, credentials3;
const char *plain_pass;
- uint8_t mach_pwd[16];
+ struct samr_Password mach_password;
printf("Testing ServerReqChallenge\n");
return False;
}
- E_md4hash(plain_pass, mach_pwd);
+ E_md4hash(plain_pass, mach_password.hash);
a.in.server_name = NULL;
- a.in.username = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
+ a.in.account_name = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
a.in.secure_channel_type = SEC_CHAN_BDC;
a.in.computer_name = TEST_MACHINE_NAME;
a.in.credentials = &credentials3;
a.out.credentials = &credentials3;
- creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3,
+ creds_client_init(creds, &credentials1, &credentials2, &mach_password, &credentials3,
NETLOGON_NEG_AUTH2_FLAGS);
printf("Testing ServerAuthenticate\n");
struct netr_ServerAuthenticate2 a;
struct netr_Credential credentials1, credentials2, credentials3;
const char *plain_pass;
- uint8_t mach_pwd[16];
+ struct samr_Password mach_password;
printf("Testing ServerReqChallenge\n");
return False;
}
- E_md4hash(plain_pass, mach_pwd);
+ E_md4hash(plain_pass, mach_password.hash);
a.in.server_name = NULL;
- a.in.username = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
+ a.in.account_name = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
a.in.secure_channel_type = SEC_CHAN_BDC;
a.in.computer_name = TEST_MACHINE_NAME;
a.in.negotiate_flags = &negotiate_flags;
a.in.credentials = &credentials3;
a.out.credentials = &credentials3;
- creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3,
+ creds_client_init(creds, &credentials1, &credentials2, &mach_password, &credentials3,
negotiate_flags);
printf("Testing ServerAuthenticate2\n");
struct netr_ServerAuthenticate3 a;
struct netr_Credential credentials1, credentials2, credentials3;
const char *plain_pass;
- uint8_t mach_pwd[16];
+ struct samr_Password mach_password;
uint32 rid;
printf("Testing ServerReqChallenge\n");
return False;
}
- E_md4hash(plain_pass, mach_pwd);
+ E_md4hash(plain_pass, mach_password.hash);
a.in.server_name = NULL;
- a.in.username = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
+ a.in.account_name = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
a.in.secure_channel_type = SEC_CHAN_BDC;
a.in.computer_name = TEST_MACHINE_NAME;
a.in.negotiate_flags = &negotiate_flags;
a.out.negotiate_flags = &negotiate_flags;
a.out.rid = &rid;
- creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3,
+ creds_client_init(creds, &credentials1, &credentials2, &mach_password, &credentials3,
negotiate_flags);
printf("Testing ServerAuthenticate3\n");
struct samlogon_state {
TALLOC_CTX *mem_ctx;
- const char *username;
+ const char *account_name;
const char *password;
struct dcerpc_pipe *p;
struct netr_LogonSamLogon r;
ninfo.logon_info.parameter_control = 0;
ninfo.logon_info.logon_id_low = 0;
ninfo.logon_info.logon_id_high = 0;
- ninfo.logon_info.username.string = samlogon_state->username;
+ ninfo.logon_info.account_name.string = samlogon_state->account_name;
ninfo.logon_info.workstation.string = TEST_MACHINE_NAME;
memcpy(ninfo.challenge, chall->data, 8);
ZERO_STRUCT(user_session_key);
/* TODO - test with various domain cases, and without domain */
- if (!SMBNTLMv2encrypt(samlogon_state->username, lp_workgroup(),
+ if (!SMBNTLMv2encrypt(samlogon_state->account_name, lp_workgroup(),
samlogon_state->password, &samlogon_state->chall,
&names_blob,
&lmv2_response, &ntlmv2_response,
struct samlogon_state samlogon_state;
samlogon_state.mem_ctx = mem_ctx;
- samlogon_state.username = lp_parm_string(-1, "torture", "username");
+ samlogon_state.account_name = lp_parm_string(-1, "torture", "username");
samlogon_state.password = lp_parm_string(-1, "torture", "password");
samlogon_state.p = p;
}
r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
- r.in.username = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
+ r.in.account_name = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
r.in.secure_channel_type = SEC_CHAN_BDC;
r.in.computer_name = TEST_MACHINE_NAME;
#include "includes.h"
-#define TEST_USERNAME "samrtorturetest"
+#define TEST_ACCOUNT_NAME "samrtorturetest"
#define TEST_ALIASNAME "samrtorturetestalias"
#define TEST_GROUPNAME "samrtorturetestgroup"
#define TEST_MACHINENAME "samrtorturetestmach$"
TEST_USERINFO_NAME(21, logon_script, 21, logon_script, "xx21-21 logon_script",
SAMR_FIELD_LOGON_SCRIPT);
- TEST_USERINFO_NAME(12, profile, 3, profile, "xx12-3 profile", 0);
- TEST_USERINFO_NAME(12, profile, 5, profile, "xx12-5 profile", 0);
- TEST_USERINFO_NAME(12, profile, 21, profile, "xx12-21 profile", 0);
- TEST_USERINFO_NAME(21, profile, 21, profile, "xx21-21 profile",
- SAMR_FIELD_PROFILE);
+ TEST_USERINFO_NAME(12, profile_path, 3, profile_path, "xx12-3 profile_path", 0);
+ TEST_USERINFO_NAME(12, profile_path, 5, profile_path, "xx12-5 profile_path", 0);
+ TEST_USERINFO_NAME(12, profile_path, 21, profile_path, "xx12-21 profile_path", 0);
+ TEST_USERINFO_NAME(21, profile_path, 21, profile_path, "xx21-21 profile_path",
+ SAMR_FIELD_PROFILE_PATH);
TEST_USERINFO_NAME(13, description, 1, description, "xx13-1 description", 0);
TEST_USERINFO_NAME(13, description, 5, description, "xx13-5 description", 0);
uint8_t old_nt_hash[16], new_nt_hash[16];
uint8_t old_lm_hash[16], new_lm_hash[16];
- status = test_OpenUser_byname(p, mem_ctx, handle, TEST_USERNAME, &user_handle);
+ status = test_OpenUser_byname(p, mem_ctx, handle, TEST_ACCOUNT_NAME, &user_handle);
if (!NT_STATUS_IS_OK(status)) {
return False;
}
printf("Testing OemChangePasswordUser2\n");
server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
- account.name = TEST_USERNAME;
+ account.name = TEST_ACCOUNT_NAME;
E_deshash(oldpass, old_lm_hash);
E_deshash(newpass, new_lm_hash);
printf("Testing ChangePasswordUser2\n");
server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
- init_samr_Name(&account, TEST_USERNAME);
+ init_samr_Name(&account, TEST_ACCOUNT_NAME);
E_md4hash(oldpass, old_nt_hash);
E_md4hash(newpass, new_nt_hash);
printf("Testing ChangePasswordUser3\n");
server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
- init_samr_Name(&account, TEST_USERNAME);
+ init_samr_Name(&account, TEST_ACCOUNT_NAME);
E_md4hash(oldpass, old_nt_hash);
E_md4hash(newpass, new_nt_hash);
struct samr_Name name;
BOOL ret = True;
- init_samr_Name(&name, TEST_USERNAME);
+ init_samr_Name(&name, TEST_ACCOUNT_NAME);
r.in.handle = domain_handle;
- r.in.username = &name;
+ r.in.account_name = &name;
r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
r.out.acct_handle = user_handle;
r.out.rid = &rid;
- printf("Testing CreateUser(%s)\n", r.in.username->name);
+ printf("Testing CreateUser(%s)\n", r.in.account_name->name);
status = dcerpc_samr_CreateUser(p, mem_ctx, &r);
if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
- printf("Server refused create of '%s'\n", r.in.username->name);
+ printf("Server refused create of '%s'\n", r.in.account_name->name);
ZERO_STRUCTP(user_handle);
return True;
}
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
- if (!test_DeleteUser_byname(p, mem_ctx, domain_handle, r.in.username->name)) {
+ if (!test_DeleteUser_byname(p, mem_ctx, domain_handle, r.in.account_name->name)) {
return False;
}
status = dcerpc_samr_CreateUser(p, mem_ctx, &r);
const char *account_name;
NTSTATUS nt_status;
} account_types[] = {
- { ACB_NORMAL, TEST_USERNAME, NT_STATUS_OK },
- { ACB_NORMAL | ACB_DISABLED, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
- { ACB_NORMAL | ACB_PWNOEXP, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
+ { ACB_NORMAL, TEST_ACCOUNT_NAME, NT_STATUS_OK },
+ { ACB_NORMAL | ACB_DISABLED, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
+ { ACB_NORMAL | ACB_PWNOEXP, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
{ ACB_WSTRUST, TEST_MACHINENAME, NT_STATUS_OK },
{ ACB_WSTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
{ ACB_WSTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
{ ACB_DOMTRUST, TEST_DOMAINNAME, NT_STATUS_OK },
{ ACB_DOMTRUST | ACB_DISABLED, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
{ ACB_DOMTRUST | ACB_PWNOEXP, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
- { 0, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
- { ACB_DISABLED, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
+ { 0, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
+ { ACB_DISABLED, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
{ 0, NULL, NT_STATUS_INVALID_PARAMETER }
};
init_samr_Name(&name, account_types[i].account_name);
r.in.handle = handle;
- r.in.username = &name;
+ r.in.account_name = &name;
r.in.acct_flags = acct_flags;
r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
r.out.acct_handle = &acct_handle;
r.out.access_granted = &access_granted;
r.out.rid = &rid;
- printf("Testing CreateUser2(%s)\n", r.in.username->name);
+ printf("Testing CreateUser2(%s)\n", r.in.account_name->name);
status = dcerpc_samr_CreateUser2(p, mem_ctx, &r);
if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
- printf("Server refused create of '%s'\n", r.in.username->name);
+ printf("Server refused create of '%s'\n", r.in.account_name->name);
continue;
} else if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
- if (!test_DeleteUser_byname(p, mem_ctx, handle, r.in.username->name)) {
+ if (!test_DeleteUser_byname(p, mem_ctx, handle, r.in.account_name->name)) {
return False;
}
status = dcerpc_samr_CreateUser2(p, mem_ctx, &r);
r.in.handle = handle;
r.in.level = levels[i];
- init_samr_Name(&r.in.name, TEST_USERNAME);
+ init_samr_Name(&r.in.name, TEST_ACCOUNT_NAME);
status = dcerpc_samr_GetDisplayEnumerationIndex(p, mem_ctx, &r);
r.in.handle = handle;
r.in.level = levels[i];
- init_samr_Name(&r.in.name, TEST_USERNAME);
+ init_samr_Name(&r.in.name, TEST_ACCOUNT_NAME);
status = dcerpc_samr_GetDisplayEnumerationIndex2(p, mem_ctx, &r);
if (ok_lvl[i] &&
BOOL ret = True;
uint32_t rid;
- status = test_LookupName(p, mem_ctx, domain_handle, TEST_USERNAME, &rid);
+ status = test_LookupName(p, mem_ctx, domain_handle, TEST_ACCOUNT_NAME, &rid);
if (!NT_STATUS_IS_OK(status)) {
return False;
}