From: Joseph Sutton Date: Thu, 3 Mar 2022 01:54:00 +0000 (+1300) Subject: s4:rpc_server/samr: Use extended DN when searching for user X-Git-Tag: tevent-0.12.0~362 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cf8048cd49abba5f3da297530219fca6c67f4da1;p=thirdparty%2Fsamba.git s4:rpc_server/samr: Use extended DN when searching for user Switch to dsdb_search() for looking up the user for changing the password, and specify that we want extended DNs. Using the SID or GUID avoids a race condition if the DN of the user changes. Signed-off-by: Joseph Sutton Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Fri Mar 18 12:45:17 UTC 2022 on sn-devel-184 --- diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index a7089edb0a9..474ce1c271a 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -26,6 +26,7 @@ #include "rpc_server/samr/dcesrv_samr.h" #include "system/time.h" #include "lib/crypto/md4.h" +#include "dsdb/common/util.h" #include "dsdb/samdb/samdb.h" #include "auth/auth.h" #include "libcli/auth/libcli_auth.h" @@ -123,7 +124,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, struct ldb_context *sam_ctx = NULL; struct ldb_dn *user_dn = NULL; int ret; - struct ldb_message **res; + struct ldb_result *res = NULL; const char * const attrs[] = { "unicodePwd", "dBCSPwd", "userAccountControl", "msDS-ResultantPSO", @@ -170,21 +171,23 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, /* we need the users dn and the domain dn (derived from the user SID). We also need the current lm and nt password hashes in order to decrypt the incoming passwords */ - ret = gendb_search(sam_ctx, - mem_ctx, NULL, &res, attrs, - "(&(sAMAccountName=%s)(objectclass=user))", - ldb_binary_encode_string(mem_ctx, r->in.account->string)); - if (ret != 1) { + ret = dsdb_search(sam_ctx, mem_ctx, &res, + ldb_get_default_basedn(sam_ctx), + LDB_SCOPE_SUBTREE, attrs, + DSDB_SEARCH_SHOW_EXTENDED_DN, + "(&(sAMAccountName=%s)(objectclass=user))", + ldb_binary_encode_string(mem_ctx, r->in.account->string)); + if (ret != LDB_SUCCESS || res->count != 1) { status = NT_STATUS_NO_SUCH_USER; /* Converted to WRONG_PASSWORD below */ goto failed; } - user_dn = res[0]->dn; - user_samAccountName = ldb_msg_find_attr_as_string(res[0], "samAccountName", NULL); - user_objectSid = samdb_result_dom_sid(res, res[0], "objectSid"); + user_dn = res->msgs[0]->dn; + user_samAccountName = ldb_msg_find_attr_as_string(res->msgs[0], "samAccountName", NULL); + user_objectSid = samdb_result_dom_sid(res, res->msgs[0], "objectSid"); status = samdb_result_passwords(mem_ctx, lp_ctx, - res[0], &nt_pwd); + res->msgs[0], &nt_pwd); if (!NT_STATUS_IS_OK(status) ) { goto failed; } @@ -300,7 +303,7 @@ failed: /* Only update the badPwdCount if we found the user */ if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) { - authsam_update_bad_pwd_count(sam_ctx, res[0], ldb_get_default_basedn(sam_ctx)); + authsam_update_bad_pwd_count(sam_ctx, res->msgs[0], ldb_get_default_basedn(sam_ctx)); } else if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { /* Don't give the game away: (don't allow anonymous users to prove the existence of usernames) */ status = NT_STATUS_WRONG_PASSWORD;