s3-samr: rework check_oem_password() to take a struct samu, not to return one.
authorGünther Deschner <gd@samba.org>
Thu, 7 May 2009 21:22:26 +0000 (23:22 +0200)
committerGünther Deschner <gd@samba.org>
Thu, 7 May 2009 22:43:01 +0000 (00:43 +0200)
Guenther

source3/smbd/chgpasswd.c

index 72f06fb2eddb4fd8d891c84c24fac3855ebf2c70..5e89b6c80c4306c6d5bb20eb3f82045898f31c2e 100644 (file)
@@ -53,7 +53,7 @@ static NTSTATUS check_oem_password(const char *user,
                                   const uchar old_lm_hash_encrypted[16],
                                   uchar password_encrypted_with_nt_hash[516],
                                   const uchar old_nt_hash_encrypted[16],
                                   const uchar old_lm_hash_encrypted[16],
                                   uchar password_encrypted_with_nt_hash[516],
                                   const uchar old_nt_hash_encrypted[16],
-                                  struct samu **hnd,
+                                  struct samu *sampass,
                                   char **pp_new_passwd);
 
 #if ALLOW_CHANGE_PASSWORD
                                   char **pp_new_passwd);
 
 #if ALLOW_CHANGE_PASSWORD
@@ -782,15 +782,33 @@ NTSTATUS pass_oem_change(char *user,
 {
        char *new_passwd = NULL;
        struct samu *sampass = NULL;
 {
        char *new_passwd = NULL;
        struct samu *sampass = NULL;
-       NTSTATUS nt_status = check_oem_password(user,
-                                               password_encrypted_with_lm_hash,
-                                               old_lm_hash_encrypted,
-                                               password_encrypted_with_nt_hash,
-                                               old_nt_hash_encrypted,
-                                               &sampass,
-                                               &new_passwd);
+       NTSTATUS nt_status;
+       bool ret = false;
+
+       if (!(sampass = samu_new(NULL))) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       become_root();
+       ret = pdb_getsampwnam(sampass, user);
+       unbecome_root();
+
+       if (ret == false) {
+               DEBUG(0,("pass_oem_change: getsmbpwnam returned NULL\n"));
+               TALLOC_FREE(sampass);
+               return NT_STATUS_NO_SUCH_USER;
+       }
+
+       nt_status = check_oem_password(user,
+                                      password_encrypted_with_lm_hash,
+                                      old_lm_hash_encrypted,
+                                      password_encrypted_with_nt_hash,
+                                      old_nt_hash_encrypted,
+                                      sampass,
+                                      &new_passwd);
 
        if (!NT_STATUS_IS_OK(nt_status)) {
 
        if (!NT_STATUS_IS_OK(nt_status)) {
+               TALLOC_FREE(sampass);
                return nt_status;
        }
 
                return nt_status;
        }
 
@@ -823,12 +841,11 @@ static NTSTATUS check_oem_password(const char *user,
                                   const uchar old_lm_hash_encrypted[16],
                                   uchar password_encrypted_with_nt_hash[516],
                                   const uchar old_nt_hash_encrypted[16],
                                   const uchar old_lm_hash_encrypted[16],
                                   uchar password_encrypted_with_nt_hash[516],
                                   const uchar old_nt_hash_encrypted[16],
-                                  struct samu **hnd,
+                                  struct samu *sampass,
                                   char **pp_new_passwd)
 {
        uchar null_pw[16];
        uchar null_ntpw[16];
                                   char **pp_new_passwd)
 {
        uchar null_pw[16];
        uchar null_ntpw[16];
-       struct samu *sampass = NULL;
        uint8 *password_encrypted;
        const uint8 *encryption_key;
        const uint8 *lanman_pw, *nt_pw;
        uint8 *password_encrypted;
        const uint8 *encryption_key;
        const uint8 *lanman_pw, *nt_pw;
@@ -838,32 +855,14 @@ static NTSTATUS check_oem_password(const char *user,
        uchar new_lm_hash[16];
        uchar verifier[16];
        char no_pw[2];
        uchar new_lm_hash[16];
        uchar verifier[16];
        char no_pw[2];
-       bool ret;
 
        bool nt_pass_set = (password_encrypted_with_nt_hash && old_nt_hash_encrypted);
        bool lm_pass_set = (password_encrypted_with_lm_hash && old_lm_hash_encrypted);
 
 
        bool nt_pass_set = (password_encrypted_with_nt_hash && old_nt_hash_encrypted);
        bool lm_pass_set = (password_encrypted_with_lm_hash && old_lm_hash_encrypted);
 
-       *hnd = NULL;
-
-       if ( !(sampass = samu_new( NULL )) ) {
-               return NT_STATUS_NO_MEMORY;
-       }
-
-       become_root();
-       ret = pdb_getsampwnam(sampass, user);
-       unbecome_root();
-
-       if (ret == False) {
-               DEBUG(0, ("check_oem_password: getsmbpwnam returned NULL\n"));
-               TALLOC_FREE(sampass);
-               return NT_STATUS_NO_SUCH_USER;
-       }
-
        acct_ctrl = pdb_get_acct_ctrl(sampass);
 
        if (acct_ctrl & ACB_DISABLED) {
                DEBUG(2,("check_lanman_password: account %s disabled.\n", user));
        acct_ctrl = pdb_get_acct_ctrl(sampass);
 
        if (acct_ctrl & ACB_DISABLED) {
                DEBUG(2,("check_lanman_password: account %s disabled.\n", user));
-               TALLOC_FREE(sampass);
                return NT_STATUS_ACCOUNT_DISABLED;
        }
 
                return NT_STATUS_ACCOUNT_DISABLED;
        }
 
@@ -898,7 +897,6 @@ static NTSTATUS check_oem_password(const char *user,
        } else if (nt_pass_set) {
                DEBUG(1, ("NT password change supplied for user %s, but we have no NT password to check it with\n", 
                          user));
        } else if (nt_pass_set) {
                DEBUG(1, ("NT password change supplied for user %s, but we have no NT password to check it with\n", 
                          user));
-               TALLOC_FREE(sampass);
                return NT_STATUS_WRONG_PASSWORD;
        } else if (lm_pass_set) {
                if (lp_lanman_auth()) {
                return NT_STATUS_WRONG_PASSWORD;
        } else if (lm_pass_set) {
                if (lp_lanman_auth()) {
@@ -908,12 +906,10 @@ static NTSTATUS check_oem_password(const char *user,
                        DEBUG(1, ("LM password change supplied for user %s, but we have disabled LanMan authentication\n", 
                                  user));
                }
                        DEBUG(1, ("LM password change supplied for user %s, but we have disabled LanMan authentication\n", 
                                  user));
                }
-               TALLOC_FREE(sampass);
                return NT_STATUS_WRONG_PASSWORD;
        } else {
                DEBUG(1, ("password change requested for user %s, but no password supplied!\n", 
                          user));
                return NT_STATUS_WRONG_PASSWORD;
        } else {
                DEBUG(1, ("password change requested for user %s, but no password supplied!\n", 
                          user));
-               TALLOC_FREE(sampass);
                return NT_STATUS_WRONG_PASSWORD;
        }
 
                return NT_STATUS_WRONG_PASSWORD;
        }
 
@@ -927,7 +923,6 @@ static NTSTATUS check_oem_password(const char *user,
                                pp_new_passwd,
                                &new_pw_len,
                                nt_pass_set ? CH_UTF16 : CH_DOS)) {
                                pp_new_passwd,
                                &new_pw_len,
                                nt_pass_set ? CH_UTF16 : CH_DOS)) {
-               TALLOC_FREE(sampass);
                return NT_STATUS_WRONG_PASSWORD;
        }
 
                return NT_STATUS_WRONG_PASSWORD;
        }
 
@@ -950,7 +945,6 @@ static NTSTATUS check_oem_password(const char *user,
                        E_old_pw_hash(new_nt_hash, nt_pw, verifier);
                        if (memcmp(verifier, old_nt_hash_encrypted, 16)) {
                                DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
                        E_old_pw_hash(new_nt_hash, nt_pw, verifier);
                        if (memcmp(verifier, old_nt_hash_encrypted, 16)) {
                                DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
-                               TALLOC_FREE(sampass);
                                return NT_STATUS_WRONG_PASSWORD;
                        }
 
                                return NT_STATUS_WRONG_PASSWORD;
                        }
 
@@ -967,7 +961,6 @@ static NTSTATUS check_oem_password(const char *user,
                        DEBUG(100,
                              ("check_oem_password: password %s ok\n", *pp_new_passwd));
 #endif
                        DEBUG(100,
                              ("check_oem_password: password %s ok\n", *pp_new_passwd));
 #endif
-                       *hnd = sampass;
                        return NT_STATUS_OK;
                }
 
                        return NT_STATUS_OK;
                }
 
@@ -978,14 +971,12 @@ static NTSTATUS check_oem_password(const char *user,
                        E_old_pw_hash(new_nt_hash, lanman_pw, verifier);
                        if (memcmp(verifier, old_lm_hash_encrypted, 16)) {
                                DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
                        E_old_pw_hash(new_nt_hash, lanman_pw, verifier);
                        if (memcmp(verifier, old_lm_hash_encrypted, 16)) {
                                DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
-                               TALLOC_FREE(sampass);
                                return NT_STATUS_WRONG_PASSWORD;
                        }
 #ifdef DEBUG_PASSWORD
                        DEBUG(100,
                              ("check_oem_password: password %s ok\n", *pp_new_passwd));
 #endif
                                return NT_STATUS_WRONG_PASSWORD;
                        }
 #ifdef DEBUG_PASSWORD
                        DEBUG(100,
                              ("check_oem_password: password %s ok\n", *pp_new_passwd));
 #endif
-                       *hnd = sampass;
                        return NT_STATUS_OK;
                }
        }
                        return NT_STATUS_OK;
                }
        }
@@ -1000,7 +991,6 @@ static NTSTATUS check_oem_password(const char *user,
                E_old_pw_hash(new_lm_hash, lanman_pw, verifier);
                if (memcmp(verifier, old_lm_hash_encrypted, 16)) {
                        DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
                E_old_pw_hash(new_lm_hash, lanman_pw, verifier);
                if (memcmp(verifier, old_lm_hash_encrypted, 16)) {
                        DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
-                       TALLOC_FREE(sampass);
                        return NT_STATUS_WRONG_PASSWORD;
                }
 
                        return NT_STATUS_WRONG_PASSWORD;
                }
 
@@ -1008,12 +998,10 @@ static NTSTATUS check_oem_password(const char *user,
                DEBUG(100,
                      ("check_oem_password: password %s ok\n", *pp_new_passwd));
 #endif
                DEBUG(100,
                      ("check_oem_password: password %s ok\n", *pp_new_passwd));
 #endif
-               *hnd = sampass;
                return NT_STATUS_OK;
        }
 
        /* should not be reached */
                return NT_STATUS_OK;
        }
 
        /* should not be reached */
-       TALLOC_FREE(sampass);
        return NT_STATUS_WRONG_PASSWORD;
 }
 
        return NT_STATUS_WRONG_PASSWORD;
 }