summaryrefslogtreecommitdiff
path: root/source4/dsdb/common
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-05-25 15:23:54 +1000
committerAndrew Tridgell <tridge@samba.org>2009-05-25 15:23:54 +1000
commitb335618d1743599588902cfd2be4ae37150b239d (patch)
treee2981301d61704362023589a47eadc6288f7419f /source4/dsdb/common
parent4dcc058ea1d98e40f59f2726c4dd37a98401b258 (diff)
downloadsamba-b335618d1743599588902cfd2be4ae37150b239d.tar.gz
samba-b335618d1743599588902cfd2be4ae37150b239d.tar.bz2
samba-b335618d1743599588902cfd2be4ae37150b239d.zip
fixed interpretation of ACB_PWNOTREQ
This bit actually means that we should ignore the minimum password length field for this user. It doesn't mean that the password should be seen as empty
Diffstat (limited to 'source4/dsdb/common')
-rw-r--r--source4/dsdb/common/util.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 19eb3433a9..b9aceab836 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1658,6 +1658,11 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
minPwdLength = samdb_result_uint(res[0], "minPwdLength", 0);
minPwdAge = samdb_result_int64(res[0], "minPwdAge", 0);
+ if (userAccountControl & UF_PASSWD_NOTREQD) {
+ /* see [MS-ADTS] 2.2.15 */
+ minPwdLength = 0;
+ }
+
if (_dominfo) {
struct samr_DomInfo1 *dominfo;
/* on failure we need to fill in the reject reasons */
@@ -1697,7 +1702,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
/* possibly check password complexity */
- if (restrictions && pwdProperties & DOMAIN_PASSWORD_COMPLEX &&
+ if (restrictions && (pwdProperties & DOMAIN_PASSWORD_COMPLEX) &&
!samdb_password_complexity_ok(new_pass)) {
if (reject_reason) {
*reject_reason = SAMR_REJECT_COMPLEXITY;