summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2006-09-18 21:00:00 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:18:59 -0500
commit8153859fb41b7ecdf9e01d66970ff62b83233e41 (patch)
tree9e6509175c600fbb01e8907b1dd3f85878fcf50a
parentd8df6d1a81f8e274352fb0269e5f5a86453b25d2 (diff)
downloadsamba-8153859fb41b7ecdf9e01d66970ff62b83233e41.tar.gz
samba-8153859fb41b7ecdf9e01d66970ff62b83233e41.tar.bz2
samba-8153859fb41b7ecdf9e01d66970ff62b83233e41.zip
r18636: Excessive testing with pam_winbind within Samba3 revealed a new samr
reject reason code while password changing: SAMR_REJECT_IN_HISTORY which is different from SAMR_REJECT_COMPLEXITY. torture test to follow as well. Guenther (This used to be commit 7513748208214339e764cc990aa1dbbcf864975a)
-rw-r--r--source4/dsdb/samdb/samdb.c8
-rw-r--r--source4/kdc/kpasswdd.c3
-rw-r--r--source4/librpc/idl/misc.idl3
3 files changed, 9 insertions, 5 deletions
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index e0691e4c32..e6752716ab 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -1282,13 +1282,13 @@ _PUBLIC_ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ct
if (pwdHistoryLength > 0) {
if (lmNewHash && lmPwdHash && memcmp(lmNewHash->hash, lmPwdHash->hash, 16) == 0) {
if (reject_reason) {
- *reject_reason = SAMR_REJECT_COMPLEXITY;
+ *reject_reason = SAMR_REJECT_IN_HISTORY;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
if (ntNewHash && ntPwdHash && memcmp(ntNewHash->hash, ntPwdHash->hash, 16) == 0) {
if (reject_reason) {
- *reject_reason = SAMR_REJECT_COMPLEXITY;
+ *reject_reason = SAMR_REJECT_IN_HISTORY;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@@ -1301,7 +1301,7 @@ _PUBLIC_ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ct
for (i=0; lmNewHash && i<sambaLMPwdHistory_len;i++) {
if (memcmp(lmNewHash->hash, sambaLMPwdHistory[i].hash, 16) == 0) {
if (reject_reason) {
- *reject_reason = SAMR_REJECT_COMPLEXITY;
+ *reject_reason = SAMR_REJECT_IN_HISTORY;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
@@ -1309,7 +1309,7 @@ _PUBLIC_ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ct
for (i=0; ntNewHash && i<sambaNTPwdHistory_len;i++) {
if (memcmp(ntNewHash->hash, sambaNTPwdHistory[i].hash, 16) == 0) {
if (reject_reason) {
- *reject_reason = SAMR_REJECT_COMPLEXITY;
+ *reject_reason = SAMR_REJECT_IN_HISTORY;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index 57b4de5e69..dc8d5c7310 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -134,6 +134,9 @@ static BOOL kpasswd_make_pwchange_reply(struct kdc_server *kdc,
case SAMR_REJECT_COMPLEXITY:
reject_string = "Password does not meet complexity requirements";
break;
+ case SAMR_REJECT_IN_HISTORY:
+ reject_string = "Password is already in password history";
+ break;
case SAMR_REJECT_OTHER:
default:
reject_string = talloc_asprintf(mem_ctx, "Password must be at least %d characters long, and cannot match any of your %d previous passwords",
diff --git a/source4/librpc/idl/misc.idl b/source4/librpc/idl/misc.idl
index 353457dd02..9d43a806b7 100644
--- a/source4/librpc/idl/misc.idl
+++ b/source4/librpc/idl/misc.idl
@@ -40,7 +40,8 @@ interface misc
typedef [public,v1_enum] enum {
SAMR_REJECT_OTHER = 0,
SAMR_REJECT_TOO_SHORT = 1,
- SAMR_REJECT_COMPLEXITY = 2
+ SAMR_REJECT_IN_HISTORY = 2,
+ SAMR_REJECT_COMPLEXITY = 5
} samr_RejectReason;