diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-05-10 23:46:21 +0200 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-05-10 23:50:03 +0200 |
commit | 56421886de87aa32ba6ea2badbc2d40b2ca8011d (patch) | |
tree | e2bce26fe731a0d707fa67fe8d95e2cb29ccf3d2 | |
parent | ae9fe3cc8e8dbdb40853e62f3ea7d9e4e4809850 (diff) | |
download | samba-56421886de87aa32ba6ea2badbc2d40b2ca8011d.tar.gz samba-56421886de87aa32ba6ea2badbc2d40b2ca8011d.tar.bz2 samba-56421886de87aa32ba6ea2badbc2d40b2ca8011d.zip |
s4:password_hash LDB module - we might not have a cleartext password at all
When we don't have the cleartext of the new password then don't check it
using "samdb_check_password".
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/password_hash.c | 55 |
1 files changed, 29 insertions, 26 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index a1ffdc0e92..0334c6d95e 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1533,40 +1533,43 @@ static int check_password_restrictions(struct setup_password_fields_io *io) } /* - * Fundamental password checks done by the call "samdb_check_password". + * Fundamental password checks done by the call + * "samdb_check_password". * It is also in use by "dcesrv_samr_ValidatePassword". */ - stat = samdb_check_password(io->n.cleartext_utf8, - io->ac->status->domain_data.pwdProperties, - io->ac->status->domain_data.minPwdLength); - switch (stat) { - case SAMR_VALIDATION_STATUS_SUCCESS: - /* perfect -> proceed! */ - break; + if (io->n.cleartext_utf8 != NULL) { + stat = samdb_check_password(io->n.cleartext_utf8, + io->ac->status->domain_data.pwdProperties, + io->ac->status->domain_data.minPwdLength); + switch (stat) { + case SAMR_VALIDATION_STATUS_SUCCESS: + /* perfect -> proceed! */ + break; - case SAMR_VALIDATION_STATUS_PWD_TOO_SHORT: - ldb_asprintf_errstring(ldb, - "check_password_restrictions: " - "the password is too short. It should be equal or longer than %i characters!", - io->ac->status->domain_data.minPwdLength); + case SAMR_VALIDATION_STATUS_PWD_TOO_SHORT: + ldb_asprintf_errstring(ldb, + "check_password_restrictions: " + "the password is too short. It should be equal or longer than %i characters!", + io->ac->status->domain_data.minPwdLength); - io->ac->status->reject_reason = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT; - return LDB_ERR_CONSTRAINT_VIOLATION; + io->ac->status->reject_reason = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT; + return LDB_ERR_CONSTRAINT_VIOLATION; - case SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH: - ldb_asprintf_errstring(ldb, - "check_password_restrictions: " - "the password does not meet the complexity criterias!"); - io->ac->status->reject_reason = SAM_PWD_CHANGE_NOT_COMPLEX; + case SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH: + ldb_asprintf_errstring(ldb, + "check_password_restrictions: " + "the password does not meet the complexity criterias!"); + io->ac->status->reject_reason = SAM_PWD_CHANGE_NOT_COMPLEX; - return LDB_ERR_CONSTRAINT_VIOLATION; + return LDB_ERR_CONSTRAINT_VIOLATION; - default: - ldb_asprintf_errstring(ldb, - "check_password_restrictions: " - "the password doesn't fit by a certain reason!"); + default: + ldb_asprintf_errstring(ldb, + "check_password_restrictions: " + "the password doesn't fit by a certain reason!"); - return LDB_ERR_CONSTRAINT_VIOLATION; + return LDB_ERR_CONSTRAINT_VIOLATION; + } } if (io->ac->pwd_reset) { |