s4:samr RPC server - dcesrv_samr_SetUserInfo() - password expiration

[obnox/samba/samba-obnox.git] / source4 / rpc_server / samr / dcesrv_samr.c

diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index cc3b2c8bce69df2d5da3d7410617553121a4ca4d..7279fe02f724f1ff6defa3a749b3cbcbe67c260a 100644 (file)
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -500,7 +500,7 @@ static NTSTATUS dcesrv_samr_info_DomGeneralInformation(struct samr_domain_state
        info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount",
                                                 0);
        switch (state->role) {
-       case ROLE_DOMAIN_CONTROLLER:
+       case ROLE_ACTIVE_DIRECTORY_DC:
                /* This pulls the NetBIOS name from the
                   cn=NTDS Settings,cn=<NETBIOS name of PDC>,....
                   string */
@@ -511,8 +511,8 @@ static NTSTATUS dcesrv_samr_info_DomGeneralInformation(struct samr_domain_state
                }
                break;
        case ROLE_DOMAIN_PDC:
-               info->role = SAMR_ROLE_DOMAIN_PDC;
-               break;
+       case ROLE_DOMAIN_BDC:
+               return NT_STATUS_INTERNAL_ERROR;
        case ROLE_DOMAIN_MEMBER:
                info->role = SAMR_ROLE_DOMAIN_MEMBER;
                break;
@@ -606,7 +606,7 @@ static NTSTATUS dcesrv_samr_info_DomInfo7(struct samr_domain_state *state,
 {
 
        switch (state->role) {
-       case ROLE_DOMAIN_CONTROLLER:
+       case ROLE_ACTIVE_DIRECTORY_DC:
                /* This pulls the NetBIOS name from the
                   cn=NTDS Settings,cn=<NETBIOS name of PDC>,....
                   string */
@@ -3510,8 +3510,14 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL
                }
 
                if (r->in.info->info26.password_expired > 0) {
+                       NTTIME t = 0;
                        struct ldb_message_element *set_el;
-                       if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg, "pwdLastSet", 0) != LDB_SUCCESS) {
+                       if (r->in.info->info26.password_expired
+                                       == PASS_DONT_CHANGE_AT_NEXT_LOGON) {
+                               unix_to_nt_time(&t, time(NULL));
+                       }
+                       if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg,
+                                                "pwdLastSet", t) != LDB_SUCCESS) {
                                return NT_STATUS_NO_MEMORY;
                        }
                        set_el = ldb_msg_find_element(msg, "pwdLastSet");
@@ -4290,6 +4296,11 @@ static NTSTATUS dcesrv_samr_ValidatePassword(struct dcesrv_call_state *dce_call,
        DATA_BLOB password;
        enum samr_ValidationStatus res;
        NTSTATUS status;
+       enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport;
+
+       if (transport != NCACN_IP_TCP && transport != NCALRPC) {
+               DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+       }
 
        (*r->out.rep) = talloc_zero(mem_ctx, union samr_ValidatePasswordRep);