s3-samr: Do not leak information whether a user exist or not in pwd change calls.
authorGünther Deschner <gd@samba.org>
Thu, 7 May 2009 21:56:22 +0000 (23:56 +0200)
committerGünther Deschner <gd@samba.org>
Thu, 7 May 2009 22:46:54 +0000 (00:46 +0200)
Found by torture test.

Guenther

source3/rpc_server/srv_samr_nt.c

index 1a1b5e9a747c1cf24facbfe2f428a271a45de915..6bd5635f2dabba24f153941c7d298829e5ae334d 100644 (file)
@@ -1914,6 +1914,10 @@ NTSTATUS _samr_ChangePasswordUser2(pipes_struct *p,
 
        DEBUG(5,("_samr_ChangePasswordUser2: %d\n", __LINE__));
 
+       if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
+               return NT_STATUS_WRONG_PASSWORD;
+       }
+
        return status;
 }
 
@@ -1960,6 +1964,10 @@ NTSTATUS _samr_OemChangePasswordUser2(pipes_struct *p,
                                 0,
                                 NULL);
 
+       if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
+               return NT_STATUS_WRONG_PASSWORD;
+       }
+
        DEBUG(5,("_samr_OemChangePasswordUser2: %d\n", __LINE__));
 
        return status;
@@ -2007,6 +2015,9 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
                                 r->in.nt_password->data,
                                 r->in.nt_verifier->hash,
                                 &reject_reason);
+       if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
+               return NT_STATUS_WRONG_PASSWORD;
+       }
 
        if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) ||
            NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_RESTRICTION)) {