summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2006-05-16 22:03:05 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:17:05 -0500
commitf81e4521bf9408754a9873646fd7e911d968b4e1 (patch)
tree8032da2d5f4282d728070fed37a82597f820b132
parent5e8221d9091320414bd168f8166e189c50f95a87 (diff)
downloadsamba-f81e4521bf9408754a9873646fd7e911d968b4e1.tar.gz
samba-f81e4521bf9408754a9873646fd7e911d968b4e1.tar.bz2
samba-f81e4521bf9408754a9873646fd7e911d968b4e1.zip
r15649: Allow to store 24 password history entries in ldapsam (same limit as on
Windows). Fixes bug #1914. Guenther (This used to be commit b5a5d0b24ea5320cb2f28dbefe81ddf5c58baf77)
-rw-r--r--source3/include/smb.h1
-rw-r--r--source3/passdb/pdb_ldap.c13
2 files changed, 8 insertions, 6 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h
index c583055a49..fdeaaad651 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -738,6 +738,7 @@ struct locking_data {
#define PW_HISTORY_SALT_LEN 16
#define SALTED_MD5_HASH_LEN 16
#define PW_HISTORY_ENTRY_LEN (PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN)
+#define MAX_PW_HISTORY_LEN 24
/*
* Flags for account policy.
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 3b1e08e6fe..70d9e6024c 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -773,9 +773,9 @@ static BOOL init_sam_from_ldap(struct ldapsam_privates *ldap_state,
if (pwHistLen > 0){
uint8 *pwhist = NULL;
int i;
+ char history_string[MAX_PW_HISTORY_LEN*64];
- /* We can only store (sizeof(pstring)-1)/64 password history entries. */
- pwHistLen = MIN(pwHistLen, ((sizeof(temp)-1)/64));
+ pwHistLen = MIN(pwHistLen, MAX_PW_HISTORY_LEN);
if ((pwhist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN)) == NULL){
DEBUG(0, ("init_sam_from_ldap: malloc failed!\n"));
@@ -783,19 +783,20 @@ static BOOL init_sam_from_ldap(struct ldapsam_privates *ldap_state,
}
memset(pwhist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN);
- if (!smbldap_get_single_pstring (ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_HISTORY), temp)) {
+ if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_HISTORY),
+ history_string, sizeof(history_string))) {
/* leave as default - zeros */
} else {
BOOL hex_failed = False;
for (i = 0; i < pwHistLen; i++){
/* Get the 16 byte salt. */
- if (!pdb_gethexpwd(&temp[i*64], &pwhist[i*PW_HISTORY_ENTRY_LEN])) {
+ if (!pdb_gethexpwd(&history_string[i*64], &pwhist[i*PW_HISTORY_ENTRY_LEN])) {
hex_failed = True;
break;
}
/* Get the 16 byte MD5 hash of salt+passwd. */
- if (!pdb_gethexpwd(&temp[(i*64)+32],
+ if (!pdb_gethexpwd(&history_string[(i*64)+32],
&pwhist[(i*PW_HISTORY_ENTRY_LEN)+PW_HISTORY_SALT_LEN])) {
hex_failed = True;
break;