summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-11-23 11:49:05 +0100
committerAndrew Bartlett <abartlet@samba.org>2012-12-06 05:11:43 +0100
commitf8056b7a6998e002f473b0ad79eee046236a7032 (patch)
tree659f0a320e9839d6fade9ff53d30405c8108dcd6 /source4/dsdb/samdb
parent171c63c3c45743f215ad360f928d9506951ddcd8 (diff)
downloadsamba-f8056b7a6998e002f473b0ad79eee046236a7032.tar.gz
samba-f8056b7a6998e002f473b0ad79eee046236a7032.tar.bz2
samba-f8056b7a6998e002f473b0ad79eee046236a7032.zip
s4:dsdb/password_hash: Honor password complexity settings.
Honor password complexity settings when creating new users. Without this patch, you could set simple passwords although the complexity settings were enabled. This was an issue with 'samba-tool user add' and also when adding new users via Windows' "Active Directory Users and Computers" MMC Snap-In. The following scenarios were tested successfully after applying the patch: -'samba-tool user add' against s4 -'samba-tool user add -H' against a Windows DC -Adding a new user on a s4 DC using Windows' "Active Directory Users and Computers" MMC Snap-In. Please note that this bug was caused by a mistake in the documentation. Fix bug #9414 - 'samba-tool user add' ignores password complexity settings. Pair-programmed-with: Karolin Seeger <kseeger@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Dec 6 05:11:43 CET 2012 on sn-devel-104
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/password_hash.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 620de755d8..0f8920c433 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -2188,8 +2188,14 @@ static int setup_io(struct ph_context *ac,
& (UF_INTERDOMAIN_TRUST_ACCOUNT | UF_WORKSTATION_TRUST_ACCOUNT
| UF_SERVER_TRUST_ACCOUNT));
- if ((io->u.userAccountControl & UF_PASSWD_NOTREQD) != 0) {
+ if (!ldb_req_is_untrusted(ac->req) &&
+ (io->u.userAccountControl & UF_PASSWD_NOTREQD))
+ {
/* see [MS-ADTS] 2.2.15 */
+ /*
+ * This seems to only happen for SAMR
+ * and not for LDAP clients
+ */
io->u.restrictions = 0;
}