[SCM] Samba Shared Repository - branch master updated

Michael Adam Thu, 21 Jan 2010 04:44:31 -0800

The branch, master has been updated
       via  fb46796... s4:rpc-server:samr: fix setting of lockout duration < 
lockout window
      from  24d4433... s3: Move "yesno" to the only place where it is used: 
client.c


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit fb4679638d03a555c722c08ee1de121fc8ff23f1
Author: Michael Adam <[email protected]>
Date:   Wed Jan 20 17:54:40 2010 +0100

    s4:rpc-server:samr: fix setting of lockout duration < lockout window
    
    This should return NT_STATUS_INVALID_PARAMETER.
    This makes samba pass the first part of the samr-lockout test.
    
    This constraint is documented here for the samr server:
    http://msdn.microsoft.com/en-us/library/cc245667%28PROT.10%29.aspx
    MS-SAMR 3.1.1.6 Attribute Constraints for Originating Updates
    
    and here for the ldap backend:
    http://msdn.microsoft.com/en-us/library/cc223462(PROT.10).aspx
    MS-ADTS 3.1.1.5.3.2 Constraints
    
    So the check should actually be moved down into the backend,
    i.e. under dsdb/samdb/ldb_modules - TODO..
    
    Michael

-----------------------------------------------------------------------

Summary of changes:
 source4/rpc_server/samr/dcesrv_samr.c |   23 ++++++++++++++++++++++-
 1 files changed, 22 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/rpc_server/samr/dcesrv_samr.c 
b/source4/rpc_server/samr/dcesrv_samr.c
index 7de2377..1395526 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -942,7 +942,28 @@ static NTSTATUS dcesrv_samr_SetDomainInfo(struct 
dcesrv_call_state *dce_call, TA
                return NT_STATUS_OK;
 
        case 12:
-               
+               /*
+                * It is not possible to set lockout_duration < lockout_window.
+                * (The test is the other way around since the negative numbers
+                *  are stored...)
+                *
+                * TODO:
+                *   This check should be moved to the backend, i.e. to some
+                *   ldb module under dsdb/samdb/ldb_modules/ .
+                *
+                * This constraint is documented here for the samr rpc service:
+                * MS-SAMR 3.1.1.6 Attribute Constraints for Originating Updates
+                * 
http://msdn.microsoft.com/en-us/library/cc245667%28PROT.10%29.aspx
+                *
+                * And here for the ldap backend:
+                * MS-ADTS 3.1.1.5.3.2 Constraints
+                * 
http://msdn.microsoft.com/en-us/library/cc223462(PROT.10).aspx
+                */
+               if (r->in.info->info12.lockout_duration >
+                   r->in.info->info12.lockout_window)
+               {
+                       return NT_STATUS_INVALID_PARAMETER;
+               }
                SET_INT64  (msg, info12.lockout_duration,      
"lockoutDuration");
                SET_INT64  (msg, info12.lockout_window,        
"lockOutObservationWindow");
                SET_INT64  (msg, info12.lockout_threshold,     
"lockoutThreshold");


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to