diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2002-09-25 11:34:31 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2002-09-25 11:34:31 +0000 |
| commit | 82102d9c99f9b255d6262553187642e9637e4670 (patch) | |
| tree | 4fbf42bfe846f73e020b94549a38e2637bb6ee90 /source3/passdb/pdb_get_set.c | |
| parent | 8df2ac63f067e7d11959497a09ff4dd00e8087f7 (diff) | |
| download | samba-82102d9c99f9b255d6262553187642e9637e4670.tar.gz samba-82102d9c99f9b255d6262553187642e9637e4670.tar.bz2 samba-82102d9c99f9b255d6262553187642e9637e4670.zip | |
This patch from "Stefan (metze) Metzmacher" <metze@metzemix.de> cleans up
pdb_ldap and adds a 'ldap passwd sync' option.
The idea with this option is to do allow an ldap backend to do all the fancy
password hashing etc - and to tell smbd no to try and double-up. Using 'ldap
passwd sync = only' will do this, but is not recommended unless such a backend
is in place...
Running 'ldap passwd sync = yes' just gets you the same as doing 'pam passwd
sync = yes' and having both PAM and pam_ldap correctly configured for 'magic
root' behaviour, but only using ldap connection, and one set of credentials.
This also gets us closer to allowing ldap to say 'password too short' etc,
which might assist in maintaining a consistant password policy.
Andrew Bartlett
(This used to be commit f13e243f1a13d34ae057b40b01f561e8b95d4570)
Diffstat (limited to 'source3/passdb/pdb_get_set.c')
| -rw-r--r-- | source3/passdb/pdb_get_set.c | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 2da6de7270..0c338f317e 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -151,7 +151,7 @@ const uint8* pdb_get_lanman_passwd (const SAM_ACCOUNT *sampass) const char* pdb_get_plaintext_passwd (const SAM_ACCOUNT *sampass) { if (sampass) { - return ((char*)sampass->private.plaintext_pw.data); + return (sampass->private.plaintext_pw); } else return (NULL); @@ -956,14 +956,24 @@ BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[16]) below) ********************************************************************/ -BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const uint8 *password, size_t len) +BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password) { if (!sampass) return False; - data_blob_clear_free(&sampass->private.plaintext_pw); - - sampass->private.plaintext_pw = data_blob(password, len); + if (password) { + if (sampass->private.plaintext_pw!=NULL) + memset(sampass->private.plaintext_pw,'\0',strlen(sampass->private.plaintext_pw)+1); + sampass->private.plaintext_pw = talloc_strdup(sampass->mem_ctx, password); + + if (!sampass->private.plaintext_pw) { + DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n")); + return False; + } + + } else { + sampass->private.plaintext_pw = NULL; + } return True; } @@ -1062,7 +1072,10 @@ BOOL pdb_set_plaintext_passwd (SAM_ACCOUNT *sampass, const char *plaintext) if (!pdb_set_lanman_passwd (sampass, new_lanman_p16)) return False; - + + if (!pdb_set_plaintext_pw_only (sampass, plaintext)) + return False; + if (!pdb_set_pass_changed_now (sampass)) return False; |