From 2c36a5c8488ad80e82370fb307ab9968ec504028 Mon Sep 17 00:00:00 2001 From: =?utf-8?q?G=C3=BCnther=20Deschner?= Date: Thu, 17 Jan 2008 10:24:34 +0100 Subject: [PATCH] Finally enable pidl generated SAMR & NETLOGON headers and clients. Guenther --- source/Makefile.in | 4 +++ source/include/rpc_dce.h | 5 --- source/include/rpc_netlogon.h | 53 ++---------------------------------- source/include/rpc_samr.h | 12 -------- source/include/smb.h | 27 +----------------- source/libads/authdata.c | 12 ++++---- source/nsswitch/pam_winbind.c | 8 +++--- source/nsswitch/pam_winbind.h | 23 ++++++++------- source/nsswitch/wbinfo.c | 4 +- source/rpc_parse/parse_net.c | 32 +++++++++++----------- source/rpc_server/srv_netlog_nt.c | 2 +- source/rpcclient/cmd_samr.c | 20 +++++++------- source/smbd/chgpasswd.c | 12 ++++---- source/winbindd/winbindd_creds.c | 2 +- source/winbindd/winbindd_pam.c | 6 ++-- 15 files changed, 70 insertions(+), 152 deletions(-) diff --git a/source/Makefile.in b/source/Makefile.in index dd49b9b..2276500 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -273,6 +273,8 @@ LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \ librpc/gen_ndr/ndr_srvsvc.o \ librpc/gen_ndr/ndr_svcctl.o \ librpc/gen_ndr/ndr_eventlog.o \ + librpc/gen_ndr/ndr_netlogon.o \ + librpc/gen_ndr/ndr_samr.o \ librpc/gen_ndr/ndr_notify.o \ librpc/gen_ndr/ndr_libnet_join.o @@ -403,6 +405,8 @@ LIBMSRPC_GEN_OBJ = librpc/gen_ndr/cli_lsa.o \ librpc/gen_ndr/cli_initshutdown.o \ librpc/gen_ndr/cli_eventlog.o \ librpc/gen_ndr/cli_wkssvc.o \ + librpc/gen_ndr/cli_netlogon.o \ + librpc/gen_ndr/cli_samr.o \ $(LIBNDR_GEN_OBJ) \ $(RPCCLIENT_NDR_OBJ) diff --git a/source/include/rpc_dce.h b/source/include/rpc_dce.h index 7ea3fcb..f162196 100644 --- a/source/include/rpc_dce.h +++ b/source/include/rpc_dce.h @@ -98,11 +98,6 @@ enum RPC_PKT_TYPE { #define RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN 0x20 #define RPC_AUTH_SCHANNEL_SIGN_ONLY_CHK_LEN 0x18 - -#define NETLOGON_NEG_ARCFOUR 0x00000004 -#define NETLOGON_NEG_128BIT 0x00004000 -#define NETLOGON_NEG_SCHANNEL 0x40000000 - /* The 7 here seems to be required to get Win2k not to downgrade us to NT4. Actually, anything other than 1ff would seem to do... */ #define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff diff --git a/source/include/rpc_netlogon.h b/source/include/rpc_netlogon.h index a82b977..48a2a32 100644 --- a/source/include/rpc_netlogon.h +++ b/source/include/rpc_netlogon.h @@ -45,11 +45,6 @@ #define NET_DSR_GETDCNAMEEX2 0x22 #define NET_SAMLOGON_EX 0x27 -/* Secure Channel types. used in NetrServerAuthenticate negotiation */ -#define SEC_CHAN_WKSTA 2 -#define SEC_CHAN_DOMAIN 4 -#define SEC_CHAN_BDC 6 - /* Returned delta types */ #define SAM_DELTA_DOMAIN_INFO 0x01 #define SAM_DELTA_GROUP_INFO 0x02 @@ -89,32 +84,15 @@ #define NL_CTRL_REPL_IN_PROGRESS 0x0002 #define NL_CTRL_FULL_SYNC 0x0004 -#define LOGON_GUEST 0x00000001 -#define LOGON_NOENCRYPTION 0x00000002 -#define LOGON_CACHED_ACCOUNT 0x00000004 -#define LOGON_USED_LM_PASSWORD 0x00000008 -#define LOGON_EXTRA_SIDS 0x00000020 -#define LOGON_SUBAUTH_SESSION_KEY 0x00000040 -#define LOGON_SERVER_TRUST_ACCOUNT 0x00000080 -#define LOGON_NTLMV2_ENABLED 0x00000100 -#define LOGON_RESOURCE_GROUPS 0x00000200 -#define LOGON_PROFILE_PATH_RETURNED 0x00000400 -#define LOGON_GRACE_LOGON 0x01000000 #define LOGON_KRB5_FAIL_CLOCK_SKEW 0x02000000 -#define SE_GROUP_MANDATORY 0x00000001 -#define SE_GROUP_ENABLED_BY_DEFAULT 0x00000002 -#define SE_GROUP_ENABLED 0x00000004 -#define SE_GROUP_OWNER 0x00000008 -#define SE_GROUP_USE_FOR_DENY_ONLY 0x00000010 -#define SE_GROUP_LOGON_ID 0xC0000000 -#define SE_GROUP_RESOURCE 0x20000000 /* Domain Local Group */ - /* Flags for controlling the behaviour of a particular logon */ -/* sets LOGON_SERVER_TRUST_ACCOUNT user_flag */ +/* sets NETLOGON_SERVER_TRUST_ACCOUNT user_flag */ +#if 0 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x00000020 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x00000800 +#endif /* updates the "logon time" on network logon */ #define MSV1_0_UPDATE_LOGON_STATISTICS 0x00000004 @@ -1054,31 +1032,6 @@ typedef struct net_r_sam_deltas_info { NTSTATUS status; } NET_R_SAM_DELTAS; -#define DS_FORCE_REDISCOVERY 0x00000001 -#define DS_DIRECTORY_SERVICE_REQUIRED 0x00000010 -#define DS_DIRECTORY_SERVICE_PREFERRED 0x00000020 -#define DS_GC_SERVER_REQUIRED 0x00000040 -#define DS_PDC_REQUIRED 0x00000080 -#define DS_BACKGROUND_ONLY 0x00000100 -#define DS_IP_REQUIRED 0x00000200 -#define DS_KDC_REQUIRED 0x00000400 -#define DS_TIMESERV_REQUIRED 0x00000800 -#define DS_WRITABLE_REQUIRED 0x00001000 -#define DS_GOOD_TIMESERV_PREFERRED 0x00002000 -#define DS_AVOID_SELF 0x00004000 -#define DS_ONLY_LDAP_NEEDED 0x00008000 - -#define DS_IS_FLAT_NAME 0x00010000 -#define DS_IS_DNS_NAME 0x00020000 - -#define DS_RETURN_DNS_NAME 0x40000000 -#define DS_RETURN_FLAT_NAME 0x80000000 - -#if 0 /* unknown yet */ -#define DS_IP_VERSION_AGNOSTIC -#define DS_TRY_NEXTCLOSEST_SITE -#endif - #define DSGETDC_VALID_FLAGS ( \ DS_FORCE_REDISCOVERY | \ DS_DIRECTORY_SERVICE_REQUIRED | \ diff --git a/source/include/rpc_samr.h b/source/include/rpc_samr.h index 2273fba..9274e37 100644 --- a/source/include/rpc_samr.h +++ b/source/include/rpc_samr.h @@ -1832,13 +1832,6 @@ typedef struct q_samr_get_dom_pwinfo } SAMR_Q_GET_DOM_PWINFO; -#define DOMAIN_PASSWORD_COMPLEX 0x00000001 -#define DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002 -#define DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004 -#define DOMAIN_LOCKOUT_ADMINS 0x00000008 -#define DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010 -#define DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020 - /* SAMR_R_GET_DOM_PWINFO */ typedef struct r_samr_get_dom_pwinfo { @@ -1915,11 +1908,6 @@ typedef struct q_samr_chgpasswd_user3 } SAMR_Q_CHGPASSWD_USER3; -#define REJECT_REASON_OTHER 0x00000000 -#define REJECT_REASON_TOO_SHORT 0x00000001 -#define REJECT_REASON_IN_HISTORY 0x00000002 -#define REJECT_REASON_NOT_COMPLEX 0x00000005 - /* SAMR_CHANGE_REJECT */ typedef struct samr_change_reject { diff --git a/source/include/smb.h b/source/include/smb.h index 350584a..d64b8ba 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -211,30 +211,6 @@ typedef uint32 codepoint_t; /* 64 bit time (100usec) since ????? - cifs6.txt, section 3.5, page 30 */ typedef uint64_t NTTIME; - -/* Allowable account control bits */ -#define ACB_DISABLED 0x00000001 /* 1 = User account disabled */ -#define ACB_HOMDIRREQ 0x00000002 /* 1 = Home directory required */ -#define ACB_PWNOTREQ 0x00000004 /* 1 = User password not required */ -#define ACB_TEMPDUP 0x00000008 /* 1 = Temporary duplicate account */ -#define ACB_NORMAL 0x00000010 /* 1 = Normal user account */ -#define ACB_MNS 0x00000020 /* 1 = MNS logon user account */ -#define ACB_DOMTRUST 0x00000040 /* 1 = Interdomain trust account */ -#define ACB_WSTRUST 0x00000080 /* 1 = Workstation trust account */ -#define ACB_SVRTRUST 0x00000100 /* 1 = Server trust account (BDC) */ -#define ACB_PWNOEXP 0x00000200 /* 1 = User password does not expire */ -#define ACB_AUTOLOCK 0x00000400 /* 1 = Account auto locked */ - -/* only valid for > Windows 2000 */ -#define ACB_ENC_TXT_PWD_ALLOWED 0x00000800 /* 1 = Text password encryped */ -#define ACB_SMARTCARD_REQUIRED 0x00001000 /* 1 = Smart Card required */ -#define ACB_TRUSTED_FOR_DELEGATION 0x00002000 /* 1 = Trusted for Delegation */ -#define ACB_NOT_DELEGATED 0x00004000 /* 1 = Not delegated */ -#define ACB_USE_DES_KEY_ONLY 0x00008000 /* 1 = Use DES key only */ -#define ACB_DONT_REQUIRE_PREAUTH 0x00010000 /* 1 = Preauth not required */ -#define ACB_PWEXPIRED 0x00020000 /* 1 = Password is expired */ -#define ACB_NO_AUTH_DATA_REQD 0x00080000 /* 1 = No authorization data required */ - #define MAX_HOURS_LEN 32 #ifndef MAXSUBAUTHS @@ -331,9 +307,10 @@ extern const DATA_BLOB data_blob_null; #include "librpc/gen_ndr/wkssvc.h" #include "librpc/gen_ndr/echo.h" #include "librpc/gen_ndr/svcctl.h" +#include "librpc/gen_ndr/netlogon.h" +#include "librpc/gen_ndr/samr.h" #include "librpc/gen_ndr/libnet_join.h" - struct lsa_dom_info { bool valid; DOM_SID sid; diff --git a/source/libads/authdata.c b/source/libads/authdata.c index 9a6f106..644f851 100644 --- a/source/libads/authdata.c +++ b/source/libads/authdata.c @@ -429,8 +429,8 @@ static bool pac_io_pac_logon_info(const char *desc, PAC_LOGON_INFO *info, if (info->info3.ptr_res_groups) { - if (!(info->info3.user_flgs & LOGON_RESOURCE_GROUPS)) { - DEBUG(0,("user_flgs attribute does not have LOGON_RESOURCE_GROUPS\n")); + if (!(info->info3.user_flgs & NETLOGON_RESOURCE_GROUPS)) { + DEBUG(0,("user_flgs attribute does not have NETLOGON_RESOURCE_GROUPS\n")); /* return False; */ } @@ -738,10 +738,10 @@ void dump_pac_logon_info(int lvl, PAC_LOGON_INFO *logon_info) DEBUG(lvl,("The PAC:\n")); DEBUGADD(lvl,("\tUser Flags: 0x%x (%d)\n", user_flgs, user_flgs)); - if (user_flgs & LOGON_EXTRA_SIDS) - DEBUGADD(lvl,("\tUser Flags: LOGON_EXTRA_SIDS 0x%x (%d)\n", LOGON_EXTRA_SIDS, LOGON_EXTRA_SIDS)); - if (user_flgs & LOGON_RESOURCE_GROUPS) - DEBUGADD(lvl,("\tUser Flags: LOGON_RESOURCE_GROUPS 0x%x (%d)\n", LOGON_RESOURCE_GROUPS, LOGON_RESOURCE_GROUPS)); + if (user_flgs & NETLOGON_EXTRA_SIDS) + DEBUGADD(lvl,("\tUser Flags: NETLOGON_EXTRA_SIDS 0x%x (%d)\n", NETLOGON_EXTRA_SIDS, NETLOGON_EXTRA_SIDS)); + if (user_flgs & NETLOGON_RESOURCE_GROUPS) + DEBUGADD(lvl,("\tUser Flags: NETLOGON_RESOURCE_GROUPS 0x%x (%d)\n", NETLOGON_RESOURCE_GROUPS, NETLOGON_RESOURCE_GROUPS)); DEBUGADD(lvl,("\tUser SID: %s-%d\n", sid_string_dbg(&dom_sid), logon_info->info3.user_rid)); DEBUGADD(lvl,("\tGroup SID: %s-%d\n", sid_string_dbg(&dom_sid), diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c index 4d01907..89db077 100644 --- a/source/nsswitch/pam_winbind.c +++ b/source/nsswitch/pam_winbind.c @@ -1431,22 +1431,22 @@ static int winbind_chauthtok_request(pam_handle_t * pamh, switch (reject_reason) { case -1: break; - case REJECT_REASON_OTHER: + case SAMR_REJECT_OTHER: if ((min_pwd_age > 0) && (pwd_last_set + min_pwd_age > time(NULL))) { PAM_WB_REMARK_DIRECT(pamh, ctrl, "NT_STATUS_PWD_TOO_RECENT"); } break; - case REJECT_REASON_TOO_SHORT: + case SAMR_REJECT_TOO_SHORT: PAM_WB_REMARK_DIRECT(pamh, ctrl, "NT_STATUS_PWD_TOO_SHORT"); break; - case REJECT_REASON_IN_HISTORY: + case SAMR_REJECT_IN_HISTORY: PAM_WB_REMARK_DIRECT(pamh, ctrl, "NT_STATUS_PWD_HISTORY_CONFLICT"); break; - case REJECT_REASON_NOT_COMPLEX: + case SAMR_REJECT_COMPLEXITY: _make_remark(pamh, ctrl, PAM_ERROR_MSG, "Password does not meet " "complexity requirements"); diff --git a/source/nsswitch/pam_winbind.h b/source/nsswitch/pam_winbind.h index 59a2f39..6ec564f 100644 --- a/source/nsswitch/pam_winbind.h +++ b/source/nsswitch/pam_winbind.h @@ -179,22 +179,23 @@ do { \ };\ }; -/* from include/rpc_samr.h */ -#define DOMAIN_PASSWORD_COMPLEX 0x00000001 +/* from samr.idl */ +#define DOMAIN_PASSWORD_COMPLEX 0x00000001 -#define REJECT_REASON_OTHER 0x00000000 -#define REJECT_REASON_TOO_SHORT 0x00000001 -#define REJECT_REASON_IN_HISTORY 0x00000002 -#define REJECT_REASON_NOT_COMPLEX 0x00000005 +#define SAMR_REJECT_OTHER 0x00000000 +#define SAMR_REJECT_TOO_SHORT 0x00000001 +#define SAMR_REJECT_IN_HISTORY 0x00000002 +#define SAMR_REJECT_COMPLEXITY 0x00000005 -/* from include/smb.h */ #define ACB_PWNOEXP 0x00000200 +/* from netlogon.idl */ +#define NETLOGON_CACHED_ACCOUNT 0x00000004 +#define NETLOGON_GRACE_LOGON 0x01000000 + /* from include/rpc_netlogon.h */ -#define LOGON_CACHED_ACCOUNT 0x00000004 -#define LOGON_GRACE_LOGON 0x01000000 #define LOGON_KRB5_FAIL_CLOCK_SKEW 0x02000000 -#define PAM_WB_CACHED_LOGON(x) (x & LOGON_CACHED_ACCOUNT) +#define PAM_WB_CACHED_LOGON(x) (x & NETLOGON_CACHED_ACCOUNT) #define PAM_WB_KRB5_CLOCK_SKEW(x) (x & LOGON_KRB5_FAIL_CLOCK_SKEW) -#define PAM_WB_GRACE_LOGON(x) ((LOGON_CACHED_ACCOUNT|LOGON_GRACE_LOGON) == ( x & (LOGON_CACHED_ACCOUNT|LOGON_GRACE_LOGON))) +#define PAM_WB_GRACE_LOGON(x) ((NETLOGON_CACHED_ACCOUNT|NETLOGON_GRACE_LOGON) == ( x & (NETLOGON_CACHED_ACCOUNT|NETLOGON_GRACE_LOGON))) diff --git a/source/nsswitch/wbinfo.c b/source/nsswitch/wbinfo.c index c8f8398..3410668 100644 --- a/source/nsswitch/wbinfo.c +++ b/source/nsswitch/wbinfo.c @@ -843,8 +843,8 @@ static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags) if (result == NSS_STATUS_SUCCESS) { if (request.flags & WBFLAG_PAM_INFO3_TEXT) { - if (response.data.auth.info3.user_flgs & LOGON_CACHED_ACCOUNT) { - d_printf("user_flgs: LOGON_CACHED_ACCOUNT\n"); + if (response.data.auth.info3.user_flgs & NETLOGON_CACHED_ACCOUNT) { + d_printf("user_flgs: NETLOGON_CACHED_ACCOUNT\n"); } } diff --git a/source/rpc_parse/parse_net.c b/source/rpc_parse/parse_net.c index 65607a4..b8c6479 100644 --- a/source/rpc_parse/parse_net.c +++ b/source/rpc_parse/parse_net.c @@ -1656,8 +1656,8 @@ static void dump_acct_flags(uint32 acct_flags) { if (acct_flags & ACB_NO_AUTH_DATA_REQD) { DEBUGADD(lvl,("\taccount has ACB_NO_AUTH_DATA_REQD set\n")); } - if (acct_flags & ACB_PWEXPIRED) { - DEBUGADD(lvl,("\taccount has ACB_PWEXPIRED set\n")); + if (acct_flags & ACB_PW_EXPIRED) { + DEBUGADD(lvl,("\taccount has ACB_PW_EXPIRED set\n")); } } @@ -1665,23 +1665,23 @@ static void dump_user_flgs(uint32 user_flags) { int lvl = 10; DEBUG(lvl,("dump_user_flgs\n")); - if (user_flags & LOGON_EXTRA_SIDS) { - DEBUGADD(lvl,("\taccount has LOGON_EXTRA_SIDS\n")); + if (user_flags & NETLOGON_EXTRA_SIDS) { + DEBUGADD(lvl,("\taccount has NETLOGON_EXTRA_SIDS\n")); } - if (user_flags & LOGON_RESOURCE_GROUPS) { - DEBUGADD(lvl,("\taccount has LOGON_RESOURCE_GROUPS\n")); + if (user_flags & NETLOGON_RESOURCE_GROUPS) { + DEBUGADD(lvl,("\taccount has NETLOGON_RESOURCE_GROUPS\n")); } - if (user_flags & LOGON_NTLMV2_ENABLED) { - DEBUGADD(lvl,("\taccount has LOGON_NTLMV2_ENABLED\n")); + if (user_flags & NETLOGON_NTLMV2_ENABLED) { + DEBUGADD(lvl,("\taccount has NETLOGON_NTLMV2_ENABLED\n")); } - if (user_flags & LOGON_CACHED_ACCOUNT) { - DEBUGADD(lvl,("\taccount has LOGON_CACHED_ACCOUNT\n")); + if (user_flags & NETLOGON_CACHED_ACCOUNT) { + DEBUGADD(lvl,("\taccount has NETLOGON_CACHED_ACCOUNT\n")); } - if (user_flags & LOGON_PROFILE_PATH_RETURNED) { - DEBUGADD(lvl,("\taccount has LOGON_PROFILE_PATH_RETURNED\n")); + if (user_flags & NETLOGON_PROFILE_PATH_RETURNED) { + DEBUGADD(lvl,("\taccount has NETLOGON_PROFILE_PATH_RETURNED\n")); } - if (user_flags & LOGON_SERVER_TRUST_ACCOUNT) { - DEBUGADD(lvl,("\taccount has LOGON_SERVER_TRUST_ACCOUNT\n")); + if (user_flags & NETLOGON_SERVER_TRUST_ACCOUNT) { + DEBUGADD(lvl,("\taccount has NETLOGON_SERVER_TRUST_ACCOUNT\n")); } @@ -1859,8 +1859,8 @@ bool net_io_user_info3(const char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, uint32 num_other_sids = usr->num_other_sids; - if (!(usr->user_flgs & LOGON_EXTRA_SIDS)) { - DEBUG(10,("net_io_user_info3: user_flgs attribute does not have LOGON_EXTRA_SIDS\n")); + if (!(usr->user_flgs & NETLOGON_EXTRA_SIDS)) { + DEBUG(10,("net_io_user_info3: user_flgs attribute does not have NETLOGON_EXTRA_SIDS\n")); /* return False; */ } diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c index 218ce73..904ee17 100644 --- a/source/rpc_server/srv_netlog_nt.c +++ b/source/rpc_server/srv_netlog_nt.c @@ -1062,7 +1062,7 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p, 0, /* bad_pw_count */ num_gids, /* uint32 num_groups */ gids , /* DOM_GID *gids */ - LOGON_EXTRA_SIDS, /* uint32 user_flgs (?) */ + NETLOGON_EXTRA_SIDS, /* uint32 user_flgs (?) */ pdb_get_acct_ctrl(sampw), server_info->user_session_key.length ? user_session_key : NULL, server_info->lm_session_key.length ? lm_session_key : NULL, diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c index 15e180d..171027f 100644 --- a/source/rpcclient/cmd_samr.c +++ b/source/rpcclient/cmd_samr.c @@ -135,8 +135,8 @@ static void display_password_properties(uint32 password_properties) if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE) printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n"); - if (password_properties & DOMAIN_LOCKOUT_ADMINS) - printf("\tDOMAIN_LOCKOUT_ADMINS\n"); + if (password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS) + printf("\tDOMAIN_PASSWORD_LOCKOUT_ADMINS\n"); if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT) printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n"); @@ -2228,17 +2228,17 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli, display_sam_unk_info_1(&info); switch (reject.reject_reason) { - case REJECT_REASON_TOO_SHORT: - d_printf("REJECT_REASON_TOO_SHORT\n"); + case SAMR_REJECT_TOO_SHORT: + d_printf("SAMR_REJECT_TOO_SHORT\n"); break; - case REJECT_REASON_IN_HISTORY: - d_printf("REJECT_REASON_IN_HISTORY\n"); + case SAMR_REJECT_IN_HISTORY: + d_printf("SAMR_REJECT_IN_HISTORY\n"); break; - case REJECT_REASON_NOT_COMPLEX: - d_printf("REJECT_REASON_NOT_COMPLEX\n"); + case SAMR_REJECT_COMPLEXITY: + d_printf("SAMR_REJECT_COMPLEXITY\n"); break; - case REJECT_REASON_OTHER: - d_printf("REJECT_REASON_OTHER\n"); + case SAMR_REJECT_OTHER: + d_printf("SAMR_REJECT_OTHER\n"); break; default: d_printf("unknown reject reason: %d\n", reject.reject_reason); diff --git a/source/smbd/chgpasswd.c b/source/smbd/chgpasswd.c index fb228f9..668c8e2 100644 --- a/source/smbd/chgpasswd.c +++ b/source/smbd/chgpasswd.c @@ -1092,7 +1092,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw if (!pdb_get_pass_can_change(hnd)) { DEBUG(1, ("user %s does not have permissions to change password\n", username)); if (samr_reject_reason) { - *samr_reject_reason = REJECT_REASON_OTHER; + *samr_reject_reason = SAMR_REJECT_OTHER; } return NT_STATUS_ACCOUNT_RESTRICTION; } @@ -1106,7 +1106,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw "denied by Refuse Machine Password Change policy\n", username)); if (samr_reject_reason) { - *samr_reject_reason = REJECT_REASON_OTHER; + *samr_reject_reason = SAMR_REJECT_OTHER; } return NT_STATUS_ACCOUNT_RESTRICTION; } @@ -1119,7 +1119,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw "wait until %s\n", username, http_timestring(can_change_time))); if (samr_reject_reason) { - *samr_reject_reason = REJECT_REASON_OTHER; + *samr_reject_reason = SAMR_REJECT_OTHER; } return NT_STATUS_ACCOUNT_RESTRICTION; } @@ -1129,7 +1129,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw username)); DEBUGADD(1, (" account policy min password len = %d\n", min_len)); if (samr_reject_reason) { - *samr_reject_reason = REJECT_REASON_TOO_SHORT; + *samr_reject_reason = SAMR_REJECT_TOO_SHORT; } return NT_STATUS_PASSWORD_RESTRICTION; /* return NT_STATUS_PWD_TOO_SHORT; */ @@ -1137,7 +1137,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw if (check_passwd_history(hnd,new_passwd)) { if (samr_reject_reason) { - *samr_reject_reason = REJECT_REASON_IN_HISTORY; + *samr_reject_reason = SAMR_REJECT_IN_HISTORY; } return NT_STATUS_PASSWORD_RESTRICTION; } @@ -1158,7 +1158,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw if (check_ret != 0) { DEBUG(1, ("change_oem_password: check password script said new password is not good enough!\n")); if (samr_reject_reason) { - *samr_reject_reason = REJECT_REASON_NOT_COMPLEX; + *samr_reject_reason = SAMR_REJECT_COMPLEXITY; } TALLOC_FREE(pass); return NT_STATUS_PASSWORD_RESTRICTION; diff --git a/source/winbindd/winbindd_creds.c b/source/winbindd/winbindd_creds.c index 62facb6..4dbace5 100644 --- a/source/winbindd/winbindd_creds.c +++ b/source/winbindd/winbindd_creds.c @@ -69,7 +69,7 @@ NTSTATUS winbindd_store_creds(struct winbindd_domain *domain, sid_copy(&sid, &(info3->dom_sid.sid)); sid_append_rid(&sid, info3->user_rid); sid_copy(&cred_sid, &sid); - info3->user_flgs |= LOGON_CACHED_ACCOUNT; + info3->user_flgs |= NETLOGON_CACHED_ACCOUNT; } else if (user_sid != NULL) { diff --git a/source/winbindd/winbindd_pam.c b/source/winbindd/winbindd_pam.c index 525096b..0c75cb1 100644 --- a/source/winbindd/winbindd_pam.c +++ b/source/winbindd/winbindd_pam.c @@ -923,7 +923,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain, /* User *DOES* know the password, update logon_time and reset * bad_pw_count */ - my_info3->user_flgs |= LOGON_CACHED_ACCOUNT; + my_info3->user_flgs |= NETLOGON_CACHED_ACCOUNT; if (my_info3->acct_flags & ACB_AUTOLOCK) { return NT_STATUS_ACCOUNT_LOCKED_OUT; @@ -959,7 +959,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain, must_change_time = nt_time_to_unix(my_info3->pass_must_change_time); if (must_change_time != 0 && must_change_time < time(NULL)) { /* we allow grace logons when the password has expired */ - my_info3->user_flgs |= LOGON_GRACE_LOGON; + my_info3->user_flgs |= NETLOGON_GRACE_LOGON; /* return NT_STATUS_PASSWORD_EXPIRED; */ goto success; } @@ -1075,7 +1075,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain, } if ((my_info3->user_rid != DOMAIN_USER_RID_ADMIN) || - (password_properties & DOMAIN_LOCKOUT_ADMINS)) { + (password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS)) { my_info3->acct_flags |= ACB_AUTOLOCK; } } -- 1.5.3.7