summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Kroeger <andrew@id10ts.net>2009-09-07 03:38:33 -0500
committerMatthias Dieter Wallnöfer <mwallnoefer@yahoo.de>2009-09-10 01:09:54 +0200
commit4b68cfe15dcb62930ddda8c43d5d52deaa4d6501 (patch)
treee6bdcf6da54532d31c15378bbeda7157644a475f
parent0206b1d6f979dab29c70ada10153578ce45b774a (diff)
downloadsamba-4b68cfe15dcb62930ddda8c43d5d52deaa4d6501.tar.gz
samba-4b68cfe15dcb62930ddda8c43d5d52deaa4d6501.tar.bz2
samba-4b68cfe15dcb62930ddda8c43d5d52deaa4d6501.zip
s4:pwsettings: Added validation.
Validate that each field is within its allowed range. Also validate that the maximum password age is greater than the minimum password length (if the maximum password age is set). I could not find these values documented anywhere in the WSPP docs. I used the values shown in the W2K8 GPMC, as it appears that the GPMC actuaally performs the validation of values.
-rwxr-xr-xsource4/setup/pwsettings30
1 files changed, 26 insertions, 4 deletions
diff --git a/source4/setup/pwsettings b/source4/setup/pwsettings
index bc65d2c0fa..7206d7116b 100755
--- a/source4/setup/pwsettings
+++ b/source4/setup/pwsettings
@@ -125,6 +125,10 @@ elif args[0] == "set":
else:
pwd_hist_len = int(opts.history_length)
+ if pwd_hist_len < 0 or pwd_hist_len > 24:
+ print "ERROR: Password history length must be in the range of 0 to 24!"
+ sys.exit(1)
+
m["pwdHistoryLength"] = ldb.MessageElement(str(pwd_hist_len),
ldb.FLAG_MOD_REPLACE, "pwdHistoryLength")
msgs.append("Password history length changed!")
@@ -135,6 +139,10 @@ elif args[0] == "set":
else:
min_pwd_len = int(opts.min_pwd_length)
+ if min_pwd_len < 0 or min_pwd_len > 14:
+ print "ERROR: Minimum password length must be in the range of 0 to 14!"
+ sys.exit(1)
+
m["minPwdLength"] = ldb.MessageElement(str(min_pwd_len),
ldb.FLAG_MOD_REPLACE, "minPwdLength")
msgs.append("Minimum password length changed!")
@@ -144,10 +152,15 @@ elif args[0] == "set":
min_pwd_age = 0
else:
min_pwd_age = int(opts.min_pwd_age)
+
+ if min_pwd_age < 0 or min_pwd_age > 998:
+ print "ERROR: Minimum password age must be in the range of 0 to 998!"
+ sys.exit(1)
+
# days -> ticks
- min_pwd_age = -int(min_pwd_age * (24 * 60 * 60 * 1e7))
+ min_pwd_age_ticks = -int(min_pwd_age * (24 * 60 * 60 * 1e7))
- m["minPwdAge"] = ldb.MessageElement(str(min_pwd_age),
+ m["minPwdAge"] = ldb.MessageElement(str(min_pwd_age_ticks),
ldb.FLAG_MOD_REPLACE, "minPwdAge")
msgs.append("Minimum password age changed!")
@@ -156,13 +169,22 @@ elif args[0] == "set":
max_pwd_age = 43
else:
max_pwd_age = int(opts.max_pwd_age)
+
+ if max_pwd_age < 0 or max_pwd_age > 999:
+ print "ERROR: Maximum password age must be in the range of 0 to 999!"
+ sys.exit(1)
+
# days -> ticks
- max_pwd_age = -int(max_pwd_age * (24 * 60 * 60 * 1e7))
+ max_pwd_age_ticks = -int(max_pwd_age * (24 * 60 * 60 * 1e7))
- m["maxPwdAge"] = ldb.MessageElement(str(max_pwd_age),
+ m["maxPwdAge"] = ldb.MessageElement(str(max_pwd_age_ticks),
ldb.FLAG_MOD_REPLACE, "maxPwdAge")
msgs.append("Maximum password age changed!")
+ if max_pwd_age > 0 and min_pwd_age >= max_pwd_age:
+ print "ERROR: Maximum password age (%d) must be greater than minimum password age (%d)!" % (max_pwd_age, min_pwd_age)
+ sys.exit(1)
+
samdb.modify(m)
msgs.append("All changes applied successfully!")