r897: - user/group creation needs to create unique names across both the
authorAndrew Tridgell <tridge@samba.org>
Wed, 26 May 2004 04:20:17 +0000 (04:20 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 17:56:18 +0000 (12:56 -0500)
  Builtin and local domain, as some calls (notably password change
  calls) don't specify a domain name, they just specifiy an account
  name.

- added the remaining password set levels to SetUserInfo in the samr
  server. We now support all of the password set and change levels
  that we know about in SAMR.
(This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)

source4/rpc_server/samr/dcesrv_samr.c
source4/rpc_server/samr/samr_password.c

index 1ffda9795befcd443604216b39052a162601a4f4..da89688d8f4f3c4727c4747d65fc838476e97093 100644 (file)
@@ -427,7 +427,7 @@ static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLO
        }
 
        /* check if the group already exists */
-       name = samdb_search_string(d_state->sam_ctx, mem_ctx, d_state->domain_dn
+       name = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL
                                   "sAMAccountName",
                                   "(&(sAMAccountName=%s)(objectclass=group))",
                                   groupname);
@@ -573,7 +573,7 @@ static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX
        }
 
        /* check if the user already exists */
-       name = samdb_search_string(d_state->sam_ctx, mem_ctx, d_state->domain_dn
+       name = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL
                                   "sAMAccountName", 
                                   "(&(sAMAccountName=%s)(objectclass=user))", username);
        if (name != NULL) {
@@ -1711,6 +1711,40 @@ static NTSTATUS samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
                        SET_UINT  (msg, info21.country_code,      "countryCode");
                IFSET(SAMR_FIELD_CODE_PAGE)    
                        SET_UINT  (msg, info21.code_page,         "codePage");
+#undef IFSET
+               break;
+
+       case 23:
+#define IFSET(bit) if (bit & r->in.info->info23.info.fields_present)
+               IFSET(SAMR_FIELD_NAME)         
+                       SET_STRING(msg, info23.info.full_name.name,    "displayName");
+               IFSET(SAMR_FIELD_DESCRIPTION)  
+                       SET_STRING(msg, info23.info.description.name,  "description");
+               IFSET(SAMR_FIELD_COMMENT)      
+                       SET_STRING(msg, info23.info.comment.name,      "comment");
+               IFSET(SAMR_FIELD_LOGON_SCRIPT) 
+                       SET_STRING(msg, info23.info.logon_script.name, "scriptPath");
+               IFSET(SAMR_FIELD_PROFILE)      
+                       SET_STRING(msg, info23.info.profile.name,      "profilePath");
+               IFSET(SAMR_FIELD_WORKSTATION)  
+                       SET_STRING(msg, info23.info.workstations.name, "userWorkstations");
+               IFSET(SAMR_FIELD_LOGON_HOURS)  
+                       SET_LHOURS(msg, info23.info.logon_hours,       "logonHours");
+               IFSET(SAMR_FIELD_CALLBACK)     
+                       SET_STRING(msg, info23.info.callback.name,     "userParameters");
+               IFSET(SAMR_FIELD_COUNTRY_CODE) 
+                       SET_UINT  (msg, info23.info.country_code,      "countryCode");
+               IFSET(SAMR_FIELD_CODE_PAGE)    
+                       SET_UINT  (msg, info23.info.code_page,         "codePage");
+               IFSET(SAMR_FIELD_PASSWORD) {
+                       status = samr_set_password(dce_call,
+                                                  a_state->sam_ctx,
+                                                  a_state->account_dn,
+                                                  a_state->domain_state->domain_dn,
+                                                  mem_ctx, msg, 
+                                                  &r->in.info->info23.password);
+               }
+#undef IFSET
                break;
 
                /* the set password levels are handled separately */
@@ -1722,6 +1756,49 @@ static NTSTATUS samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX
                                           mem_ctx, msg, 
                                           &r->in.info->info24.password);
                break;
+
+       case 25:
+#define IFSET(bit) if (bit & r->in.info->info25.info.fields_present)
+               IFSET(SAMR_FIELD_NAME)         
+                       SET_STRING(msg, info25.info.full_name.name,    "displayName");
+               IFSET(SAMR_FIELD_DESCRIPTION)  
+                       SET_STRING(msg, info25.info.description.name,  "description");
+               IFSET(SAMR_FIELD_COMMENT)      
+                       SET_STRING(msg, info25.info.comment.name,      "comment");
+               IFSET(SAMR_FIELD_LOGON_SCRIPT) 
+                       SET_STRING(msg, info25.info.logon_script.name, "scriptPath");
+               IFSET(SAMR_FIELD_PROFILE)      
+                       SET_STRING(msg, info25.info.profile.name,      "profilePath");
+               IFSET(SAMR_FIELD_WORKSTATION)  
+                       SET_STRING(msg, info25.info.workstations.name, "userWorkstations");
+               IFSET(SAMR_FIELD_LOGON_HOURS)  
+                       SET_LHOURS(msg, info25.info.logon_hours,       "logonHours");
+               IFSET(SAMR_FIELD_CALLBACK)     
+                       SET_STRING(msg, info25.info.callback.name,     "userParameters");
+               IFSET(SAMR_FIELD_COUNTRY_CODE) 
+                       SET_UINT  (msg, info25.info.country_code,      "countryCode");
+               IFSET(SAMR_FIELD_CODE_PAGE)    
+                       SET_UINT  (msg, info25.info.code_page,         "codePage");
+               IFSET(SAMR_FIELD_PASSWORD) {
+                       status = samr_set_password_ex(dce_call,
+                                                     a_state->sam_ctx,
+                                                     a_state->account_dn,
+                                                     a_state->domain_state->domain_dn,
+                                                     mem_ctx, msg, 
+                                                     &r->in.info->info25.password);
+               }
+#undef IFSET
+               break;
+
+               /* the set password levels are handled separately */
+       case 26:
+               status = samr_set_password_ex(dce_call,
+                                             a_state->sam_ctx,
+                                             a_state->account_dn,
+                                             a_state->domain_state->domain_dn,
+                                             mem_ctx, msg, 
+                                             &r->in.info->info26.password);
+               break;
                
 
        default:
index c912566d0929f52d0d66e2148fd33ddb10256473..46c2a41fb23e75c53494fe4d7cf8f96bcbba93ee 100644 (file)
@@ -704,3 +704,50 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
                                  NULL);
 }
 
+
+/*
+  set password via a samr_CryptPasswordEx buffer
+  this will in the 'msg' with modify operations that will update the user
+  password when applied
+*/
+NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
+                             void *sam_ctx,
+                             const char *account_dn, const char *domain_dn,
+                             TALLOC_CTX *mem_ctx,
+                             struct ldb_message *msg, 
+                             struct samr_CryptPasswordEx *pwbuf)
+{
+       char new_pass[512];
+       uint32_t new_pass_len;
+       DATA_BLOB co_session_key;
+       DATA_BLOB session_key = dce_call->conn->session_key;
+       struct MD5Context ctx;
+
+       co_session_key = data_blob_talloc(mem_ctx, NULL, 16);
+       if (!co_session_key.data) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       MD5Init(&ctx);
+       MD5Update(&ctx, &pwbuf->data[516], 16);
+       MD5Update(&ctx, session_key.data, session_key.length);
+       MD5Final(co_session_key.data, &ctx);
+       
+       SamOEMhashBlob(pwbuf->data, 516, &co_session_key);
+
+       if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
+                             &new_pass_len, STR_UNICODE)) {
+               DEBUG(3,("samr: failed to decode password buffer\n"));
+               return NT_STATUS_WRONG_PASSWORD;
+       }
+
+       /* set the password - samdb needs to know both the domain and user DNs,
+          so the domain password policy can be used */
+       return samdb_set_password(sam_ctx, mem_ctx,
+                                 account_dn, domain_dn, 
+                                 msg, new_pass, 
+                                 NULL, NULL,
+                                 False,
+                                 NULL);
+}
+