diff options
author | Andrew Tridgell <tridge@samba.org> | 2009-05-25 15:23:54 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2009-05-25 15:23:54 +1000 |
commit | b335618d1743599588902cfd2be4ae37150b239d (patch) | |
tree | e2981301d61704362023589a47eadc6288f7419f /source4/dsdb/common | |
parent | 4dcc058ea1d98e40f59f2726c4dd37a98401b258 (diff) | |
download | samba-b335618d1743599588902cfd2be4ae37150b239d.tar.gz samba-b335618d1743599588902cfd2be4ae37150b239d.tar.bz2 samba-b335618d1743599588902cfd2be4ae37150b239d.zip |
fixed interpretation of ACB_PWNOTREQ
This bit actually means that we should ignore the minimum password
length field for this user. It doesn't mean that the password should
be seen as empty
Diffstat (limited to 'source4/dsdb/common')
-rw-r--r-- | source4/dsdb/common/util.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 19eb3433a9..b9aceab836 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1658,6 +1658,11 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx, minPwdLength = samdb_result_uint(res[0], "minPwdLength", 0); minPwdAge = samdb_result_int64(res[0], "minPwdAge", 0); + if (userAccountControl & UF_PASSWD_NOTREQD) { + /* see [MS-ADTS] 2.2.15 */ + minPwdLength = 0; + } + if (_dominfo) { struct samr_DomInfo1 *dominfo; /* on failure we need to fill in the reject reasons */ @@ -1697,7 +1702,7 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx, /* possibly check password complexity */ - if (restrictions && pwdProperties & DOMAIN_PASSWORD_COMPLEX && + if (restrictions && (pwdProperties & DOMAIN_PASSWORD_COMPLEX) && !samdb_password_complexity_ok(new_pass)) { if (reject_reason) { *reject_reason = SAMR_REJECT_COMPLEXITY; |