summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-05-10 23:46:21 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-05-10 23:50:03 +0200
commit56421886de87aa32ba6ea2badbc2d40b2ca8011d (patch)
treee2bce26fe731a0d707fa67fe8d95e2cb29ccf3d2
parentae9fe3cc8e8dbdb40853e62f3ea7d9e4e4809850 (diff)
downloadsamba-56421886de87aa32ba6ea2badbc2d40b2ca8011d.tar.gz
samba-56421886de87aa32ba6ea2badbc2d40b2ca8011d.tar.bz2
samba-56421886de87aa32ba6ea2badbc2d40b2ca8011d.zip
s4:password_hash LDB module - we might not have a cleartext password at all
When we don't have the cleartext of the new password then don't check it using "samdb_check_password".
-rw-r--r--source4/dsdb/samdb/ldb_modules/password_hash.c55
1 files changed, 29 insertions, 26 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index a1ffdc0e92..0334c6d95e 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1533,40 +1533,43 @@ static int check_password_restrictions(struct setup_password_fields_io *io)
}
/*
- * Fundamental password checks done by the call "samdb_check_password".
+ * Fundamental password checks done by the call
+ * "samdb_check_password".
* It is also in use by "dcesrv_samr_ValidatePassword".
*/
- stat = samdb_check_password(io->n.cleartext_utf8,
- io->ac->status->domain_data.pwdProperties,
- io->ac->status->domain_data.minPwdLength);
- switch (stat) {
- case SAMR_VALIDATION_STATUS_SUCCESS:
- /* perfect -> proceed! */
- break;
+ if (io->n.cleartext_utf8 != NULL) {
+ stat = samdb_check_password(io->n.cleartext_utf8,
+ io->ac->status->domain_data.pwdProperties,
+ io->ac->status->domain_data.minPwdLength);
+ switch (stat) {
+ case SAMR_VALIDATION_STATUS_SUCCESS:
+ /* perfect -> proceed! */
+ break;
- case SAMR_VALIDATION_STATUS_PWD_TOO_SHORT:
- ldb_asprintf_errstring(ldb,
- "check_password_restrictions: "
- "the password is too short. It should be equal or longer than %i characters!",
- io->ac->status->domain_data.minPwdLength);
+ case SAMR_VALIDATION_STATUS_PWD_TOO_SHORT:
+ ldb_asprintf_errstring(ldb,
+ "check_password_restrictions: "
+ "the password is too short. It should be equal or longer than %i characters!",
+ io->ac->status->domain_data.minPwdLength);
- io->ac->status->reject_reason = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT;
- return LDB_ERR_CONSTRAINT_VIOLATION;
+ io->ac->status->reject_reason = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT;
+ return LDB_ERR_CONSTRAINT_VIOLATION;
- case SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH:
- ldb_asprintf_errstring(ldb,
- "check_password_restrictions: "
- "the password does not meet the complexity criterias!");
- io->ac->status->reject_reason = SAM_PWD_CHANGE_NOT_COMPLEX;
+ case SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH:
+ ldb_asprintf_errstring(ldb,
+ "check_password_restrictions: "
+ "the password does not meet the complexity criterias!");
+ io->ac->status->reject_reason = SAM_PWD_CHANGE_NOT_COMPLEX;
- return LDB_ERR_CONSTRAINT_VIOLATION;
+ return LDB_ERR_CONSTRAINT_VIOLATION;
- default:
- ldb_asprintf_errstring(ldb,
- "check_password_restrictions: "
- "the password doesn't fit by a certain reason!");
+ default:
+ ldb_asprintf_errstring(ldb,
+ "check_password_restrictions: "
+ "the password doesn't fit by a certain reason!");
- return LDB_ERR_CONSTRAINT_VIOLATION;
+ return LDB_ERR_CONSTRAINT_VIOLATION;
+ }
}
if (io->ac->pwd_reset) {