diff options
author | Günther Deschner <gd@samba.org> | 2006-09-18 21:00:00 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:18:59 -0500 |
commit | 8153859fb41b7ecdf9e01d66970ff62b83233e41 (patch) | |
tree | 9e6509175c600fbb01e8907b1dd3f85878fcf50a | |
parent | d8df6d1a81f8e274352fb0269e5f5a86453b25d2 (diff) | |
download | samba-8153859fb41b7ecdf9e01d66970ff62b83233e41.tar.gz samba-8153859fb41b7ecdf9e01d66970ff62b83233e41.tar.bz2 samba-8153859fb41b7ecdf9e01d66970ff62b83233e41.zip |
r18636: Excessive testing with pam_winbind within Samba3 revealed a new samr
reject reason code while password changing: SAMR_REJECT_IN_HISTORY which
is different from SAMR_REJECT_COMPLEXITY.
torture test to follow as well.
Guenther
(This used to be commit 7513748208214339e764cc990aa1dbbcf864975a)
-rw-r--r-- | source4/dsdb/samdb/samdb.c | 8 | ||||
-rw-r--r-- | source4/kdc/kpasswdd.c | 3 | ||||
-rw-r--r-- | source4/librpc/idl/misc.idl | 3 |
3 files changed, 9 insertions, 5 deletions
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c index e0691e4c32..e6752716ab 100644 --- a/source4/dsdb/samdb/samdb.c +++ b/source4/dsdb/samdb/samdb.c @@ -1282,13 +1282,13 @@ _PUBLIC_ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ct if (pwdHistoryLength > 0) { if (lmNewHash && lmPwdHash && memcmp(lmNewHash->hash, lmPwdHash->hash, 16) == 0) { if (reject_reason) { - *reject_reason = SAMR_REJECT_COMPLEXITY; + *reject_reason = SAMR_REJECT_IN_HISTORY; } return NT_STATUS_PASSWORD_RESTRICTION; } if (ntNewHash && ntPwdHash && memcmp(ntNewHash->hash, ntPwdHash->hash, 16) == 0) { if (reject_reason) { - *reject_reason = SAMR_REJECT_COMPLEXITY; + *reject_reason = SAMR_REJECT_IN_HISTORY; } return NT_STATUS_PASSWORD_RESTRICTION; } @@ -1301,7 +1301,7 @@ _PUBLIC_ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ct for (i=0; lmNewHash && i<sambaLMPwdHistory_len;i++) { if (memcmp(lmNewHash->hash, sambaLMPwdHistory[i].hash, 16) == 0) { if (reject_reason) { - *reject_reason = SAMR_REJECT_COMPLEXITY; + *reject_reason = SAMR_REJECT_IN_HISTORY; } return NT_STATUS_PASSWORD_RESTRICTION; } @@ -1309,7 +1309,7 @@ _PUBLIC_ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ct for (i=0; ntNewHash && i<sambaNTPwdHistory_len;i++) { if (memcmp(ntNewHash->hash, sambaNTPwdHistory[i].hash, 16) == 0) { if (reject_reason) { - *reject_reason = SAMR_REJECT_COMPLEXITY; + *reject_reason = SAMR_REJECT_IN_HISTORY; } return NT_STATUS_PASSWORD_RESTRICTION; } diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c index 57b4de5e69..dc8d5c7310 100644 --- a/source4/kdc/kpasswdd.c +++ b/source4/kdc/kpasswdd.c @@ -134,6 +134,9 @@ static BOOL kpasswd_make_pwchange_reply(struct kdc_server *kdc, case SAMR_REJECT_COMPLEXITY: reject_string = "Password does not meet complexity requirements"; break; + case SAMR_REJECT_IN_HISTORY: + reject_string = "Password is already in password history"; + break; case SAMR_REJECT_OTHER: default: reject_string = talloc_asprintf(mem_ctx, "Password must be at least %d characters long, and cannot match any of your %d previous passwords", diff --git a/source4/librpc/idl/misc.idl b/source4/librpc/idl/misc.idl index 353457dd02..9d43a806b7 100644 --- a/source4/librpc/idl/misc.idl +++ b/source4/librpc/idl/misc.idl @@ -40,7 +40,8 @@ interface misc typedef [public,v1_enum] enum { SAMR_REJECT_OTHER = 0, SAMR_REJECT_TOO_SHORT = 1, - SAMR_REJECT_COMPLEXITY = 2 + SAMR_REJECT_IN_HISTORY = 2, + SAMR_REJECT_COMPLEXITY = 5 } samr_RejectReason; |